Lista CVE - 2025 / Agosto
Visualizzazione 2501 - 2600 di 3631 CVE per Agosto 2025 (Pagina 26 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-7390 | 2025-08-21 | Bypass the client certificate trust check of an opc.https server while only secure communication is allowed |
| CVE-2025-36530 | 2025-08-21 | Import Path Traversal Enables Unauthorized Unsigned Plugin Installation |
| CVE-2025-49810 | 2025-08-21 | Thread summarization allows persistent access to channel |
| CVE-2025-8895 | 2025-08-21 | WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy |
| CVE-2025-47700 | 2025-08-21 | AI plugin APIs can be triggered using post actions |
| CVE-2025-53971 | 2025-08-21 | Channel and Team Membership APIs inadvertently allow loss of Member privileges. |
| CVE-2025-8023 | 2025-08-21 | Path Traversal in Template Upload Allows Uploading Files Outside Target Directory |
| CVE-2025-49222 | 2025-08-21 | Mattermost Shared Channel Upload Type Validation Bypass |
| CVE-2025-47870 | 2025-08-21 | Team invite ID leaked to team admin with no member invite privileges |
| CVE-2025-8064 | 2025-08-21 | Bible SuperSearch <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter |
| CVE-2025-9296 | 2025-08-21 | Emlog Pro blogger.php unrestricted upload |
| CVE-2025-9297 | 2025-08-21 | Tenda i22 wxportalauth formWeixinAuthInfoGet stack-based overflow |
| CVE-2025-9298 | 2025-08-21 | Tenda M3 QuickIndex formQuickIndex stack-based overflow |
| CVE-2025-9299 | 2025-08-21 | Tenda M3 getMasterPassengerAnalyseData formGetMasterPassengerAnalyseData stack-based overflow |
| CVE-2025-9300 | 2025-08-21 | saitoha libsixel img2sixel encoder.c sixel_debug_print_palette stack-based overflow |
| CVE-2025-9301 | 2025-08-21 | cmake cmForEachCommand.cxx ReplayItems assertion |
| CVE-2025-34158 | 2025-08-21 | Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres. |
| CVE-2025-9302 | 2025-08-21 | PHPGurukul User Management System signup.php sql injection |
| CVE-2025-9303 | 2025-08-21 | TOTOLINK A720R cstecgi.cgi setParentalRules buffer overflow |
| CVE-2025-48956 | 2025-08-21 | vLLM API endpoints vulnerable to Denial of Service Attacks |
| CVE-2025-53251 | 2025-08-21 | WordPress Pin WP theme < 7.2 - Arbitrary File Upload Vulnerability |
| CVE-2025-9304 | 2025-08-21 | SourceCodester Online Bank Management System show.php sql injection |
| CVE-2025-9305 | 2025-08-21 | SourceCodester Online Bank Management System mnotice.php sql injection |
| CVE-2025-55297 | 2025-08-21 | ESF-IDF BluFi Example Memory Overflow Vulnerability |
| CVE-2025-9306 | 2025-08-21 | SourceCodester Advanced School Management System addNotice cross site scripting |
| CVE-2025-55742 | 2025-08-21 | UnoPim Stored XSS via SVG MIME/Sanitizer Bypass |
| CVE-2025-9162 | 2025-08-21 | Org.keycloak/keycloak-model-storage-service: variable injection into environment variables |
| CVE-2025-55743 | 2025-08-21 | UnoPim vulnerable to remote code execution through Arbitrary File upload |
| CVE-2025-55744 | 2025-08-21 | UnoPim vulnerable to CSRF on Product edit feature and creation of other types |
| CVE-2025-9307 | 2025-08-21 | PHPGurukul Online Course Registration session.php sql injection |
| CVE-2025-9308 | 2025-08-21 | yarnpkg Yarn request-manager.js setOptions redos |
| CVE-2025-57753 | 2025-08-21 | vite-plugin-static-copy files not included in `src` are accessible with a crafted request |
| CVE-2025-57754 | 2025-08-21 | eslint-ban-moment exposed a sensitive Supabase URI in .env (Credential leak) |
| CVE-2025-43756 | 2025-08-21 | <!--td {border: 1px solid #cccccc;}br {mso-data-placement:same-cell;}-->A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.15, 2025.Q2.0 through 2025.Q2.2 and 2024.Q1.13 through 2024.Q1.19 allows... |
| CVE-2025-57755 | 2025-08-21 | claude-code-router CORS. misconfiguration |
| CVE-2025-9309 | 2025-08-21 | Tenda AC10 MD5 Hash shadow hard-coded credentials |
| CVE-2025-9310 | 2025-08-21 | yeqifu carRental Druid login.html hard-coded credentials |
| CVE-2025-7969 | 2025-08-21 | Markdown-it 14.1.0 - Cross-site scripting (XSS) |
| CVE-2025-57761 | 2025-08-21 | WeGIA SQL Injection vulnerability via 'id_funcionario' param at endpoint `/html/funcionario/dependente_remover.php` |
| CVE-2025-43755 | 2025-08-21 | A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 t through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.13, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1... |
| CVE-2025-57762 | 2025-08-21 | WeGIA Stored Cross-Site Scripting (XSS) vulnerability in the endpoint 'dependente_docdependente.php' with parameter 'nome' |
| CVE-2025-57763 | 2025-08-21 | Cross-Site Scripting (XSS) Reflected in 'insere_despacho.php' parameter 'sccs' |
| CVE-2025-6465 | 2025-08-21 | Path traversal in image upload with preview overwrite |
| CVE-2025-8402 | 2025-08-21 | Nil pointer dereference in bulk import crashes server |
| CVE-2025-9311 | 2025-08-21 | itsourcecode Apartment Management System addfair.php sql injection |
| CVE-2025-57764 | 2025-08-21 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'cargos.php' parameter 'msg_e' |
| CVE-2025-57765 | 2025-08-21 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'pre_cadastro_adotante.php' parameter 'msg_e' |
| CVE-2025-43754 | 2025-08-21 | Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92... |
| CVE-2025-57768 | 2025-08-21 | Stored XSS in “hours” fields when creating or editing an issue, using SQLite database |
| CVE-2025-7051 | 2025-08-21 | N-central Syslog Configuration Insecure Direct Object Reference |
| CVE-2025-57751 | 2025-08-21 | Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs |
| CVE-2025-38742 | 2025-08-21 | Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,... |
| CVE-2025-38743 | 2025-08-21 | Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,... |
| CVE-2025-55103 | 2025-08-21 | BUG-000177333 - ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability. |
| CVE-2025-55104 | 2025-08-21 | BUG-000173918 - ArcGIS Enterprise Sites has a security vulnerability. |
| CVE-2025-55105 | 2025-08-21 | BUG-000177336 - ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability. |
| CVE-2025-55106 | 2025-08-21 | BUG-000173171 ArcGIS Enterprise Sites has a Cross-site Scripting vulnerability. |
| CVE-2025-55107 | 2025-08-21 | BUG-000177335 ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability. |
| CVE-2025-27721 | 2025-08-21 | INFINITT Healthcare INFINITT PACS Exposure of Sensitive System Information to an Unauthorized Control Sphere |
| CVE-2025-3128 | 2025-08-21 | Mitsubishi Electric Europe smartRTU OS Command Injection |
| CVE-2025-27714 | 2025-08-21 | INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type |
| CVE-2025-24489 | 2025-08-21 | INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type |
| CVE-2025-53763 | 2025-08-21 | Azure Databricks Elevation of Privilege Vulnerability |
| CVE-2025-53795 | 2025-08-21 | Microsoft PC Manager Elevation of Privilege Vulnerability |
| CVE-2025-55230 | 2025-08-21 | Windows MBT Transport Driver Elevation of Privilege Vulnerability |
| CVE-2025-55229 | 2025-08-21 | Windows Certificate Spoofing Vulnerability |
| CVE-2025-55231 | 2025-08-21 | Windows Storage-based Management Service Remote Code Execution Vulnerability |
| CVE-2025-41415 | 2025-08-21 | AVEVA PI Integrator Insertion of Sensitive Information into Sent Data |
| CVE-2025-54460 | 2025-08-21 | AVEVA PI Integrator Unrestricted Upload of File with Dangerous Type |
| CVE-2010-20112 | 2025-08-21 | Amlibweb NetOpacs webquery.dll Stack Buffer Overflow |
| CVE-2010-10015 | 2025-08-21 | AOL <= 9.5 Phobos.Playlist 'Import()' Stack-Based Buffer Overflow |
| CVE-2010-20109 | 2025-08-21 | Barracuda Spam & Virus Firewall "locale" Path Traversal |
| CVE-2010-20119 | 2025-08-21 | CommuniCrypt Mail <= 1.16 ANSMTP/AOSMTP ActiveX Control Buffer Overflow |
| CVE-2010-20111 | 2025-08-21 | Digital Music Pad <= 8.2.3.3.4 Stack Buffer Overflow |
| CVE-2010-20121 | 2025-08-21 | EasyFTP Server <= 1.7.0.11 CWD Command Stack Buffer Overflow |
| CVE-2010-20113 | 2025-08-21 | EasyFTP Server list.html path Stack Buffer Overflow |
| CVE-2010-20107 | 2025-08-21 | FTP Synchronizer Professional <= 4.0.73.274 Stack Buffer Overflow |
| CVE-2010-20108 | 2025-08-21 | FTPPad <= 1.2.0 Stack Buffer Overflow |
| CVE-2009-20004 | 2025-08-21 | gAlan <= 0.2.1 Buffer Overflow |
| CVE-2010-20034 | 2025-08-21 | Gekko Manager FTP Client <= 0.77 Stack Buffer Overflow |
| CVE-2010-20120 | 2025-08-21 | Maple <= v13 Maplet File Creation and Command Execution |
| CVE-2009-20002 | 2025-08-21 | Millenium MP3 Studio <= 2.0 .pls File Stack-Based Buffer Overflow |
| CVE-2010-20007 | 2025-08-21 | Seagull FTP v3.3 Build 409 Stack Buffer Overflow |
| CVE-2010-20123 | 2025-08-21 | Steinberg MyMP3Player <= 3.0.0.67 Buffer Overflow |
| CVE-2010-20114 | 2025-08-21 | VariCAD EN <= 2010-2.05 .dwb File Stack Buffer Overflow |
| CVE-2010-20115 | 2025-08-21 | Vermillion FTP <= 1.31 Daemon PORT Command Memory Corruption |
| CVE-2009-20003 | 2025-08-21 | Xenorate <= 2.50 .xpl File Stack-Based Buffer Overflow |
| CVE-2010-20122 | 2025-08-21 | Xftp FTP Client <= 3.0 PWD Response Buffer Overflow |
| CVE-2025-43747 | 2025-08-21 | A server-side request forgery (SSRF) vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to perform requests by change the... |
| CVE-2025-43753 | 2025-08-21 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through... |
| CVE-2022-31491 | 2025-08-22 | Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection... |
| CVE-2022-43110 | 2025-08-22 | Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes... |
| CVE-2022-45133 | 2025-08-22 | Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to... |
| CVE-2022-45134 | 2025-08-22 | Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user input unsafely during skin import. A particularly structured XML file could cause code execution when being processed. |
| CVE-2024-50644 | 2025-08-22 | zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token. |
| CVE-2024-50645 | 2025-08-22 | MallChat v1.0-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token. |
| CVE-2024-52786 | 2025-08-22 | An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL. |
| CVE-2024-53494 | 2025-08-22 | Incorrect access control in the preHandle function of SpringBootBlog v1.0.0 allows attackers to access sensitive components without authentication. |
| CVE-2024-53496 | 2025-08-22 | Incorrect access control in the doFilter function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication. |
| CVE-2024-53499 | 2025-08-22 | Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API. |