Lista CVE - 2025 / Agosto
Visualizzazione 2301 - 2400 di 3631 CVE per Agosto 2025 (Pagina 24 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-48162 | 2025-08-20 | WordPress Simple Business Directory Pro <= 15.5.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48160 | 2025-08-20 | WordPress Caliris <= 1.5 - Local File Inclusion Vulnerability |
| CVE-2025-48159 | 2025-08-20 | WordPress Youtube Vimeo Video Player and Slider WP Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48158 | 2025-08-20 | WordPress BuddyPress XProfile Custom Image Field Plugin <= 3.0.1 - Arbitrary File Deletion Vulnerability |
| CVE-2025-48157 | 2025-08-20 | WordPress Formality <= 1.5.9 - Local File Inclusion Vulnerability |
| CVE-2025-48154 | 2025-08-20 | WordPress Multimedia Playlist Slider Addon for WPBakery Page Builder Plugin <= 2.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48152 | 2025-08-20 | WordPress Rentsyst Plugin <= 2.0.100 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48151 | 2025-08-20 | WordPress CM Map Locations <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48149 | 2025-08-20 | WordPress Cook&Meal <= 1.2.3 - Local File Inclusion Vulnerability |
| CVE-2025-48148 | 2025-08-20 | WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability |
| CVE-2025-48142 | 2025-08-20 | WordPress Bookify <= 1.0.9 - Privilege Escalation Vulnerability |
| CVE-2025-49896 | 2025-08-20 | WordPress WP Discord Post Plus – Supports Unlimited Channels plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49894 | 2025-08-20 | WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49893 | 2025-08-20 | WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49892 | 2025-08-20 | WordPress Pending Order Bot plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49891 | 2025-08-20 | WordPress Contact Info Widget plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49890 | 2025-08-20 | WordPress AWStats Script plugin <= 0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49889 | 2025-08-20 | WordPress Custom Comment plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49438 | 2025-08-20 | WordPress Simple Login Log plugin <= 1.1.3 - PHP Object Injection vulnerability |
| CVE-2025-49436 | 2025-08-20 | WordPress Custom Menu plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49434 | 2025-08-20 | WordPress Laposta WooCommerce plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49428 | 2025-08-20 | WordPress Cookie Warning plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49426 | 2025-08-20 | WordPress Cookie Warning plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49424 | 2025-08-20 | WordPress Essential Doo Components for Visual Composer plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49422 | 2025-08-20 | WordPress iframe Wrapper plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49420 | 2025-08-20 | WordPress Markup Markdown plugin <= 3.20.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49413 | 2025-08-20 | WordPress Terms of Service & Privacy Policy Generator plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49412 | 2025-08-20 | WordPress Page Transition plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49411 | 2025-08-20 | WordPress iFrame Block plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49410 | 2025-08-20 | WordPress TC Testimonials plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49409 | 2025-08-20 | WordPress SensorPress plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47650 | 2025-08-20 | WordPress Infility Global <= 2.14.7 - Arbitrary File Download Vulnerability |
| CVE-2025-30975 | 2025-08-20 | WordPress Add Custom Codes <= 4.80 - Arbitrary Code Execution Vulnerability |
| CVE-2025-28977 | 2025-08-20 | WordPress WP Pipes Plugin <= 1.4.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49408 | 2025-08-20 | WordPress Templately Plugin <= 3.2.7 - Sensitive Data Exposure Vulnerability |
| CVE-2025-49406 | 2025-08-20 | WordPress Houzez Theme <= 4.1.1 - Broken Access Control Vulnerability |
| CVE-2025-49400 | 2025-08-20 | WordPress WP Visitor Statistics (Real Time Traffic) Plugin <= 8.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49399 | 2025-08-20 | WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49397 | 2025-08-20 | WordPress Colorbox Lightbox Plugin <= 1.1.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49396 | 2025-08-20 | WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability |
| CVE-2025-49395 | 2025-08-20 | WordPress Themify Icons Plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49392 | 2025-08-20 | WordPress Themify Audio Dock Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49391 | 2025-08-20 | WordPress Sign-up Sheets Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49389 | 2025-08-20 | WordPress Notice Bar Plugin <= 3.1.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49382 | 2025-08-20 | WordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49381 | 2025-08-20 | WordPress ads.txt Guru Connect Plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-5260 | 2025-08-20 | SSRF in PozitifIK's Pik Online |
| CVE-2025-9228 | 2025-08-20 | Insufficient authorization when creating notes |
| CVE-2025-5261 | 2025-08-20 | IDOR in PozitifIK's Pik Online |
| CVE-2025-9229 | 2025-08-20 | Information Disclosure in MiR robots and MiR fleet through verbose error pages |
| CVE-2024-39954 | 2025-08-20 | Apache EventMesh Runtime: SSRF |
| CVE-2025-57727 | 2025-08-20 | In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference |
| CVE-2025-57728 | 2025-08-20 | In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files |
| CVE-2025-57729 | 2025-08-20 | In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start |
| CVE-2025-57730 | 2025-08-20 | In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature |
| CVE-2025-57731 | 2025-08-20 | In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content |
| CVE-2025-57732 | 2025-08-20 | In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership |
| CVE-2025-57733 | 2025-08-20 | In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content |
| CVE-2025-57734 | 2025-08-20 | In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files |
| CVE-2025-9173 | 2025-08-20 | Emlog Pro media.php unrestricted upload |
| CVE-2025-8102 | 2025-08-20 | Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions |
| CVE-2025-43742 | 2025-08-20 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through... |
| CVE-2025-7777 | 2025-08-20 | Mirror-registry: host header injection in mirror-registry |
| CVE-2025-43741 | 2025-08-20 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through... |
| CVE-2025-43750 | 2025-08-20 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows... |
| CVE-2025-4437 | 2025-08-20 | Cri-o: large /etc/passwd file may lead to denial of service |
| CVE-2025-4877 | 2025-08-20 | Libssh: write beyond bounds in binary to base64 conversion functions |
| CVE-2025-43749 | 2025-08-20 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows... |
| CVE-2025-54172 | 2025-08-20 | Stored Cross-Site Scripting in QuickCMS |
| CVE-2025-8453 | 2025-08-20 | CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a... |
| CVE-2025-54174 | 2025-08-20 | Cross-Site Request Forgery in QuickCMS |
| CVE-2025-54175 | 2025-08-20 | Reflected Cross-Site Scripting in QuickCMS.EXT |
| CVE-2025-32010 | 2025-08-20 | A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can... |
| CVE-2025-30256 | 2025-08-20 | A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can lead to a reboot. An... |
| CVE-2025-27129 | 2025-08-20 | An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send... |
| CVE-2025-24496 | 2025-08-20 | An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send... |
| CVE-2025-24322 | 2025-08-20 | An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker... |
| CVE-2025-31355 | 2025-08-20 | A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can... |
| CVE-2025-9074 | 2025-08-20 | Docker Desktop allows unauthenticated access to Docker Engine API from containers |
| CVE-2025-54923 | 2025-08-20 | CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs... |
| CVE-2025-54924 | 2025-08-20 | CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint. |
| CVE-2025-54925 | 2025-08-20 | CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url. |
| CVE-2025-54926 | 2025-08-20 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious... |
| CVE-2025-54927 | 2025-08-20 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path... |
| CVE-2025-8449 | 2025-08-20 | CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS... |
| CVE-2025-8448 | 2025-08-20 | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic... |
| CVE-2025-43748 | 2025-08-20 | Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3... |
| CVE-2025-36114 | 2025-08-20 | IBM QRadar SOAR Plugin App path traversal |
| CVE-2025-1139 | 2025-08-20 | IBM Edge Application Manager incorrect permissions |
| CVE-2025-1142 | 2025-08-20 | IBM Edge Application Manager server-side request forgery |
| CVE-2025-55731 | 2025-08-20 | Frappe has the possibility of Authenticated SQL Injection due to improper validations |
| CVE-2025-55732 | 2025-08-20 | Frappe has the possibility of SQL Injection due to improper validations |
| CVE-2011-10027 | 2025-08-20 | AOL Desktop 9.6 RTX Stack-Based Buffer Overflow |
| CVE-2025-55751 | 2025-08-20 | OnboardLite Open Redirect Endpoint |
| CVE-2009-10005 | 2025-08-20 | ContentKeeper Web Appliance < 125.10 Arbitrary File Access via mimencode |
| CVE-2025-9233 | 2025-08-20 | Scada-LTS view_edit.shtm cross site scripting |
| CVE-2010-20045 | 2025-08-20 | FileWrangler <= 5.30 Stack Buffer Overflow |
| CVE-2011-10030 | 2025-08-20 | Foxit PDF Reader < 4.3.1.0218 JavaScript File Write |
| CVE-2010-20059 | 2025-08-20 | FreeNAS < 0.7.2 rev 5543 exec_raw.php Arbitrary Command Execution |
| CVE-2011-10020 | 2025-08-20 | Kaillera 0.86 Server DoS via Malformed UDP Packet |