Lista CVE - 2025 / Agosto
Visualizzazione 3101 - 3200 di 3631 CVE per Agosto 2025 (Pagina 32 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-30037 | 2025-08-27 | Missing authentication in APIs allowing data retrieval and modification |
| CVE-2025-30038 | 2025-08-27 | Session ID leakage in Zone.Identifier of downloaded files |
| CVE-2025-30039 | 2025-08-27 | Missing authentication in API returning a list of all active sessions |
| CVE-2025-30040 | 2025-08-27 | Missing authentication in API returning request logs containing session IDs |
| CVE-2025-30041 | 2025-08-27 | Missing authentication in APIs returning statistical data along with session IDs |
| CVE-2025-30048 | 2025-08-27 | Unauthenticated access to module configuration endpoint |
| CVE-2025-30055 | 2025-08-27 | Conditional RCE via the "system" function |
| CVE-2025-30056 | 2025-08-27 | Calling system commands via RunCommand |
| CVE-2025-30057 | 2025-08-27 | Authenticated RCE with uhcapache privileges in ConvertToPDF |
| CVE-2025-30058 | 2025-08-27 | SQL injection in getPatientIdentifier function of PatientService.pl |
| CVE-2025-30059 | 2025-08-27 | Authenticated SQL injection in PrepareCDExportJSON.pl |
| CVE-2025-30060 | 2025-08-27 | SQL injection in ReturnUserUnitsXML.pl via the UserID parameter |
| CVE-2025-30061 | 2025-08-27 | SQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameter |
| CVE-2025-30063 | 2025-08-27 | Excessive permissions on configuration files containing database logins and passwords |
| CVE-2025-30064 | 2025-08-27 | Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key |
| CVE-2025-9523 | 2025-08-27 | Tenda AC1206 GetParentControlInfo stack-based overflow |
| CVE-2025-9525 | 2025-08-27 | Linksys E1700 setWan stack-based overflow |
| CVE-2025-9526 | 2025-08-27 | Linksys E1700 setSysAdm stack-based overflow |
| CVE-2025-9527 | 2025-08-27 | Linksys E1700 QoSSetup stack-based overflow |
| CVE-2025-9528 | 2025-08-27 | Linksys E1700 systemCommand os command injection |
| CVE-2025-9529 | 2025-08-27 | Campcodes Payroll Management System index.php include file inclusion |
| CVE-2025-9531 | 2025-08-27 | Portabilis i-Educar Agenda agenda.php sql injection |
| CVE-2025-43728 | 2025-08-27 | Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. |
| CVE-2025-43882 | 2025-08-27 | Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access. |
| CVE-2025-43730 | 2025-08-27 | Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading... |
| CVE-2025-9532 | 2025-08-27 | Portabilis i-Educar view sql injection |
| CVE-2025-43729 | 2025-08-27 | Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges... |
| CVE-2025-9533 | 2025-08-27 | TOTOLINK T10 formLoginAuth.htm improper authentication |
| CVE-2025-53105 | 2025-08-27 | GLPI permits unauthorized rules execution order |
| CVE-2025-5187 | 2025-08-27 | Nodes can delete themselves by adding an OwnerReference |
| CVE-2025-20344 | 2025-08-27 | Cisco Nexus Dashboard Path Traversal Vulnerability |
| CVE-2025-20347 | 2025-08-27 | Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability |
| CVE-2025-20348 | 2025-08-27 | Cisco Nexus Dashboard Unauthorized REST API Vulnerability |
| CVE-2025-20296 | 2025-08-27 | Cisco UCS Manager Software Stored Software Stored Cross-Site Scripting Vulnerability |
| CVE-2025-20317 | 2025-08-27 | Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability |
| CVE-2025-20342 | 2025-08-27 | Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability |
| CVE-2025-20294 | 2025-08-27 | Cisco UCS Manager Software Command Injection Vulnerability |
| CVE-2025-20295 | 2025-08-27 | Cisco UCS Manager Software Command Injection Vulnerability |
| CVE-2025-20292 | 2025-08-27 | Cisco NXOS Software Command Injection Vulnerability |
| CVE-2025-20290 | 2025-08-27 | Cisco NXOS Software Sensitive Log Information Disclosure Vulnerability |
| CVE-2025-20262 | 2025-08-27 | Cisco Nexus 3000 and 9000 Series Switches Protocol Independent Multicast Version 6 Denial of Service Vulnerability |
| CVE-2025-20241 | 2025-08-27 | Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol <TBD> Denial of Service Vulnerability |
| CVE-2025-57821 | 2025-08-27 | Basecamp's Google Sign-In for Rails allowed redirects to a malformed URL |
| CVE-2025-34161 | 2025-08-27 | Coolify Git Repository Field Command Injection in Project Deployment Workflow |
| CVE-2025-34159 | 2025-08-27 | Coolify Docker Compose Directive Injection in Application Deployment Workflow |
| CVE-2025-34157 | 2025-08-27 | Coolify Stored Cross-Site Scripting (XSS) in Project Name Field |
| CVE-2025-58192 | 2025-08-27 | WordPress WP Bulk Delete Plugin <= 1.3.6 - Broken Access Control Vulnerability |
| CVE-2025-58193 | 2025-08-27 | WordPress Uncanny Automator Plugin <= 6.7.0.1 - Broken Access Control Vulnerability |
| CVE-2025-58194 | 2025-08-27 | WordPress Bold Page Builder Plugin <= 5.4.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58195 | 2025-08-27 | WordPress Xpro Elementor Addons Plugin <= 1.4.17 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58196 | 2025-08-27 | WordPress UiCore Elements Plugin <= 1.3.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58197 | 2025-08-27 | WordPress Simple Download Monitor Plugin <= 3.9.34 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58198 | 2025-08-27 | WordPress Xpro Theme Builder Plugin <= 1.2.9 - Broken Access Control Vulnerability |
| CVE-2025-58201 | 2025-08-27 | WordPress AfterShip Tracking Plugin <= 1.17.17 - Broken Access Control Vulnerability |
| CVE-2025-58202 | 2025-08-27 | WordPress Simple Page Access Restriction Plugin <= 1.0.32 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58203 | 2025-08-27 | WordPress Solace Extra Plugin <= 1.3.2 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-58204 | 2025-08-27 | WordPress Podlove Podcast Publisher Plugin <= 4.2.5 - Open Redirection Vulnerability |
| CVE-2025-58205 | 2025-08-27 | WordPress ElementInvader Addons for Elementor Plugin <= 1.3.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58208 | 2025-08-27 | WordPress PDF for Elementor Forms + Drag And Drop Template Builder Plugin <= 6.2.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58209 | 2025-08-27 | WordPress Transcoder Plugin <= 1.4.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58211 | 2025-08-27 | WordPress Chatbox Manager Plugin <= 1.2.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58212 | 2025-08-27 | WordPress Epeken All Kurir Plugin <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58213 | 2025-08-27 | WordPress Booking System Trafft Plugin <= 1.0.14 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58216 | 2025-08-27 | WordPress WP Thumbtack Review Slider Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58217 | 2025-08-27 | WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58218 | 2025-08-27 | WordPress Small Package Quotes – USPS Edition Plugin <= 1.3.9 - PHP Object Injection Vulnerability |
| CVE-2025-58050 | 2025-08-27 | PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS |
| CVE-2025-5101 | 2025-08-27 | Improper Control of Generation of Code ('Code Injection') in GitLab |
| CVE-2025-4225 | 2025-08-27 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-3601 | 2025-08-27 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-2246 | 2025-08-27 | Missing Authorization in GitLab |
| CVE-2025-40779 | 2025-08-27 | Kea crash upon interaction between specific client options and subnet selection |
| CVE-2025-34523 | 2025-08-27 | Arcserve UDP < 10.2 Pre-Authentication Heap Overflow |
| CVE-2025-34522 | 2025-08-27 | Arcserve UDP < 10.2 Pre-Authentication Heap Overflow |
| CVE-2025-34521 | 2025-08-27 | Arcserve UDP < 10.2 Reflected Cross-Site Scripting (XSS) |
| CVE-2025-34520 | 2025-08-27 | Arcserve UDP < 10.2 Authentication Bypass |
| CVE-2025-34160 | 2025-08-27 | AnyShare ServiceAgent API Unauthenticated RCE |
| CVE-2025-34162 | 2025-08-27 | Bian Que Feijiu Intelligent Emergency and Quality Control System SQL Injection via GetLyfsByParams |
| CVE-2024-13985 | 2025-08-27 | Dahua EIMS capture_handle.action RCE |
| CVE-2023-7309 | 2025-08-27 | Dahua Smart Park Integrated Management Platform Front-End Arbitrary File Upload |
| CVE-2018-25115 | 2025-08-27 | D-Link DIR-110/412/600/615/645/815 RCE via service.cgi |
| CVE-2025-34163 | 2025-08-27 | Dongsheng Logistics Software Unauthenticated Arbitrary File Upload |
| CVE-2024-13980 | 2025-08-27 | H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE |
| CVE-2024-13981 | 2025-08-27 | LiveBos UploadFile.do Arbitrary File Upload |
| CVE-2024-13984 | 2025-08-27 | Qi'anxin TianQing Management Center rptsvr Arbitrary File Upload |
| CVE-2023-7307 | 2025-08-27 | Sangfor Behavior Management System XML External Entity Injection |
| CVE-2023-7308 | 2025-08-27 | SecGate3600 Firewall Information Disclosure via authManageSet.cgi |
| CVE-2024-13982 | 2025-08-27 | SPON IP Network Intercom System rj_get_token.php Arbitrary File Read |
| CVE-2024-13979 | 2025-08-27 | St. Joe ERP System SingleRowQueryConverter SQL Injection |
| CVE-2025-29364 | 2025-08-28 | spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in the READ_SYSCALL and WRITE_SYSCALL system calls. The application verifies the legitimacy of the starting and ending addresses for memory... |
| CVE-2025-51643 | 2025-08-28 | Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbond 25Q64JVSIQ) that is accessible without authentication or tamper protection. An attacker with physical access to the device can use... |
| CVE-2025-51967 | 2025-08-28 | A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST parameter, allowing... |
| CVE-2025-51968 | 2025-08-28 | A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing... |
| CVE-2025-51969 | 2025-08-28 | A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated... |
| CVE-2025-51971 | 2025-08-28 | A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without... |
| CVE-2025-51972 | 2025-08-28 | A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter. |
| CVE-2025-52054 | 2025-08-28 | An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. The root password of the device is calculated with a static string and the... |
| CVE-2025-55583 | 2025-08-28 | D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a pre_api_arg parameter that is passed directly to... |
| CVE-2025-56236 | 2025-08-28 | FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL.... |
| CVE-2025-57215 | 2025-08-28 | Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. |