Lista CVE - 2025 / Agosto
Visualizzazione 101 - 200 di 3631 CVE per Agosto 2025 (Pagina 2 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-54132 | 2025-08-01 | Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch |
| CVE-2025-54133 | 2025-08-01 | Cursor's MCP Install Deeplink Does Not Show Arguments in its User-Dialog |
| CVE-2025-54136 | 2025-08-01 | Cursor's Modification of MCP Server Definitions Bypasses Manual Re-approvals |
| CVE-2025-54789 | 2025-08-01 | Files is Vulnerable to Reflected Self-XSS through its File Move Functionality |
| CVE-2025-54386 | 2025-08-01 | Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution |
| CVE-2025-54781 | 2025-08-01 | Himmelblau leaks an Intune service access token in its logs |
| CVE-2025-54782 | 2025-08-01 | @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers |
| CVE-2025-54790 | 2025-08-01 | Files: Potential for SQL Injection through File Browse and List Operations |
| CVE-2025-54796 | 2025-08-01 | Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page |
| CVE-2025-54955 | 2025-08-02 | OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated... |
| CVE-2025-6076 | 2025-08-02 | CVE-2025-6076 |
| CVE-2025-6077 | 2025-08-02 | CVE-2025-6077 |
| CVE-2025-6078 | 2025-08-02 | CVE-2025-6078 |
| CVE-2025-7694 | 2025-08-02 | Woffice Core <= 5.4.26 - Authenticated (Contributor+) Arbitrary File Deletion |
| CVE-2025-8146 | 2025-08-02 | Qi Addons for Elementor <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TypeOut Text Widget |
| CVE-2025-6754 | 2025-08-02 | SEO Metrics <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-6626 | 2025-08-02 | ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization <= 3.10.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via API URL |
| CVE-2025-8152 | 2025-08-02 | WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update |
| CVE-2025-8212 | 2025-08-02 | Medical Addon for Elementor <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter Widget |
| CVE-2025-4588 | 2025-08-02 | 360 Photo Spheres <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-8317 | 2025-08-02 | Custom Word Cloud <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via angle Parameter |
| CVE-2025-8399 | 2025-08-02 | Mmm Unity Loader <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via attributes Parameter |
| CVE-2025-6832 | 2025-08-02 | All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0 - Reflected Cross-Site Scripting |
| CVE-2025-8400 | 2025-08-02 | Image Gallery <= 1.0.0 - Reflected Cross-Site Scripting |
| CVE-2025-8391 | 2025-08-02 | Magic Edge – Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter |
| CVE-2025-8466 | 2025-08-02 | code-projects Online Farm System forgot_passfarmer.php sql injection |
| CVE-2025-6722 | 2025-08-02 | BitFire <= 4.5 - Unauthenticated Information Exposure |
| CVE-2025-8488 | 2025-08-02 | Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update |
| CVE-2025-8467 | 2025-08-02 | code-projects Wazifa System regcontrol.php sql injection |
| CVE-2025-7710 | 2025-08-02 | Brave Conversion Engine (PRO) <= 0.7.7 - Authentication Bypass to Administrator |
| CVE-2025-7500 | 2025-08-02 | Ocean Social Sharing <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-8468 | 2025-08-02 | code-projects Wazifa System reset.php sql injection |
| CVE-2025-8469 | 2025-08-02 | SourceCodester Online Hotel Reservation System deletegallery.php sql injection |
| CVE-2025-8470 | 2025-08-02 | SourceCodester Online Hotel Reservation System deleteroom.php sql injection |
| CVE-2025-8471 | 2025-08-02 | projectworlds Online Admission System adminlogin.php sql injection |
| CVE-2025-23276 | 2025-08-02 | NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. A successful exploit of this vulnerability may lead to escalation of privileges, denial of... |
| CVE-2025-23277 | 2025-08-02 | NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful... |
| CVE-2025-23278 | 2025-08-02 | NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of... |
| CVE-2025-23279 | 2025-08-02 | NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to... |
| CVE-2025-23281 | 2025-08-02 | NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error.... |
| CVE-2025-23286 | 2025-08-02 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure. |
| CVE-2025-23287 | 2025-08-02 | NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disclosure. |
| CVE-2025-23288 | 2025-08-02 | NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may cause an exposure of sensitive system information with local unprivileged system access. A successful exploit of this... |
| CVE-2025-23283 | 2025-08-02 | NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might... |
| CVE-2025-23284 | 2025-08-02 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to... |
| CVE-2025-23285 | 2025-08-02 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial... |
| CVE-2025-23290 | 2025-08-02 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful... |
| CVE-2023-32255 | 2025-08-02 | Kernel: memory leak via ksmbd session setup request with unknown ntlmssp message type |
| CVE-2023-32253 | 2025-08-02 | Kernel: deadlock in ksmbd_find_crypto_ctx() |
| CVE-2025-8493 | 2025-08-02 | code-projects Intern Membership Management System edit_student_query.php sql injection |
| CVE-2025-8494 | 2025-08-02 | code-projects Intern Membership Management System delete_student.php sql injection |
| CVE-2025-52131 | 2025-08-03 | The Mocca Calendar application before 2.15 for XWiki allows XSS via the background or text color field. |
| CVE-2025-52132 | 2025-08-03 | The Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page. |
| CVE-2025-52133 | 2025-08-03 | The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import. |
| CVE-2025-54349 | 2025-08-03 | In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. |
| CVE-2025-54350 | 2025-08-03 | In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. |
| CVE-2025-54351 | 2025-08-03 | In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). |
| CVE-2025-54956 | 2025-08-03 | The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request. |
| CVE-2025-8495 | 2025-08-03 | code-projects Intern Membership Management System edit_admin_query.php sql injection |
| CVE-2025-8496 | 2025-08-03 | projectworlds Online Admission System viewform.php sql injection |
| CVE-2025-8497 | 2025-08-03 | code-projects Online Medicine Guide cusfindphar2.php sql injection |
| CVE-2025-8498 | 2025-08-03 | code-projects Online Medicine Guide index.php sql injection |
| CVE-2025-8499 | 2025-08-03 | code-projects Online Medicine Guide cusfindambulence2.php sql injection |
| CVE-2025-8500 | 2025-08-03 | code-projects Human Resource Integrated System action.php sql injection |
| CVE-2025-8501 | 2025-08-03 | code-projects Human Resource Integrated System action.php cross site scripting |
| CVE-2025-8502 | 2025-08-03 | code-projects Online Medicine Guide changepass.php sql injection |
| CVE-2025-8503 | 2025-08-03 | code-projects Online Medicine Guide adaddmed.php sql injection |
| CVE-2025-8504 | 2025-08-03 | code-projects Kitchen Treasure userregistration.php unrestricted upload |
| CVE-2025-8505 | 2025-08-03 | 495300897 wx-shop cross-site request forgery |
| CVE-2025-8506 | 2025-08-03 | 495300897 wx-shop editUI cross site scripting |
| CVE-2024-52279 | 2025-08-03 | Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string |
| CVE-2025-8507 | 2025-08-03 | Portabilis i-Educar educar_funcao_lst.php cross site scripting |
| CVE-2024-41177 | 2025-08-03 | Apache Zeppelin: XSS in the Helium module |
| CVE-2024-51775 | 2025-08-03 | Apache Zeppelin: Command Injection via CSWSH |
| CVE-2025-8508 | 2025-08-03 | Portabilis i-Educar educar_avaliacao_desempenho_cad.php cross site scripting |
| CVE-2025-8509 | 2025-08-03 | Portabilis i-Educar educar_servidor_cad.php cross site scripting |
| CVE-2025-8510 | 2025-08-03 | Portabilis i-Educar educar_matricula_lst.php Gerar cross site scripting |
| CVE-2025-8511 | 2025-08-03 | Portabilis i-Diario Observações diario-de-observacoes cross site scripting |
| CVE-2025-8512 | 2025-08-03 | TVB Big Big Shop App hk.com.tvb.bigbigshop AndroidManifest.xml improper export of android application components |
| CVE-2025-8513 | 2025-08-03 | Caixin News App com.caixin.news AndroidManifest.xml improper export of android application components |
| CVE-2024-45183 | 2025-08-04 | An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. A lack of a JPEG length check leads to an out-of-bound write. |
| CVE-2025-26065 | 2025-08-04 | A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of... |
| CVE-2025-44643 | 2025-08-04 | Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets... |
| CVE-2025-44954 | 2025-08-04 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account. |
| CVE-2025-44955 | 2025-08-04 | RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password. |
| CVE-2025-44957 | 2025-08-04 | Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers. |
| CVE-2025-44958 | 2025-08-04 | RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format. |
| CVE-2025-44960 | 2025-08-04 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route. |
| CVE-2025-44961 | 2025-08-04 | In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user. |
| CVE-2025-44962 | 2025-08-04 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files. |
| CVE-2025-44963 | 2025-08-04 | RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key. |
| CVE-2025-46093 | 2025-08-04 | LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the... |
| CVE-2025-46094 | 2025-08-04 | LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript. |
| CVE-2025-46206 | 2025-08-04 | An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted... |
| CVE-2025-50340 | 2025-08-04 | An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled... |
| CVE-2025-50341 | 2025-08-04 | A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data... |
| CVE-2025-50420 | 2025-08-04 | An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of... |
| CVE-2025-50422 | 2025-08-04 | Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c. |
| CVE-2025-50754 | 2025-08-04 | Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed... |
| CVE-2025-51387 | 2025-08-04 | The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not... |