Lista CVE - 2025 / Agosto
Visualizzazione 401 - 500 di 3631 CVE per Agosto 2025 (Pagina 5 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-51054 | 2025-08-06 | Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST... |
| CVE-2025-51055 | 2025-08-06 | Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information. |
| CVE-2025-51056 | 2025-08-06 | An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately... |
| CVE-2025-51057 | 2025-08-06 | A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'. |
| CVE-2025-51058 | 2025-08-06 | Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via... |
| CVE-2025-51306 | 2025-08-06 | In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management. |
| CVE-2025-51308 | 2025-08-06 | In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some... |
| CVE-2025-51531 | 2025-08-06 | A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload... |
| CVE-2025-51532 | 2025-08-06 | Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. The vendor has stated that the issue is... |
| CVE-2025-51624 | 2025-08-06 | Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0. |
| CVE-2025-54652 | 2025-08-06 | Path traversal vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization module. |
| CVE-2025-54653 | 2025-08-06 | Path traversal vulnerability in the virtualization file module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization file module. |
| CVE-2025-54655 | 2025-08-06 | Race condition vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality and integrity of the virtualization graphics module. |
| CVE-2025-54606 | 2025-08-06 | Status verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. |
| CVE-2025-54607 | 2025-08-06 | Authentication management vulnerability in the ArkWeb module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-54608 | 2025-08-06 | Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Impact: Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set. |
| CVE-2025-54609 | 2025-08-06 | Out-of-bounds access vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54610 | 2025-08-06 | Out-of-bounds access vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-8628 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8629 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8630 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8631 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8632 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8633 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8634 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8635 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8636 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8637 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8638 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8639 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8640 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8641 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8642 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8643 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8644 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8645 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8646 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8647 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-8648 | 2025-08-06 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| CVE-2025-54611 | 2025-08-06 | EXTRA_REFERRER resource read vulnerability in the Gallery module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-8649 | 2025-08-06 | Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability |
| CVE-2025-8650 | 2025-08-06 | Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability |
| CVE-2025-8651 | 2025-08-06 | Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability |
| CVE-2025-8652 | 2025-08-06 | Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability |
| CVE-2025-8653 | 2025-08-06 | Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-8654 | 2025-08-06 | Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability |
| CVE-2025-8655 | 2025-08-06 | Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability |
| CVE-2025-8656 | 2025-08-06 | Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability |
| CVE-2025-54612 | 2025-08-06 | Iterator failure vulnerability in the card management module. Impact: Successful exploitation of this vulnerability may affect function stability. |
| CVE-2025-54613 | 2025-08-06 | Iterator failure vulnerability in the card management module. Impact: Successful exploitation of this vulnerability may affect function stability. |
| CVE-2025-54614 | 2025-08-06 | Input verification vulnerability in the home screen module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54615 | 2025-08-06 | Vulnerability of insufficient information protection in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-54616 | 2025-08-06 | Out-of-bounds array access vulnerability in the ArkUI framework. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54617 | 2025-08-06 | Stack-based buffer overflow vulnerability in the dms_fwk module. Impact: Successful exploitation of this vulnerability can cause RCE. |
| CVE-2025-54618 | 2025-08-06 | Permission control vulnerability in the distributed clipboard module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-54619 | 2025-08-06 | Iterator failure issue in the multi-mode input module. Impact: Successful exploitation of this vulnerability may cause iterator failures and affect availability. |
| CVE-2025-54620 | 2025-08-06 | Deserialization vulnerability of untrusted data in the ability module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54621 | 2025-08-06 | Iterator failure issue in the WantAgent module. Impact: Successful exploitation of this vulnerability may cause memory release failures. |
| CVE-2025-54622 | 2025-08-06 | Binding authentication bypass vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-54623 | 2025-08-06 | Out-of-bounds read vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-6259 | 2025-08-06 | esri-map-view <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via esri-map-view Shortcode |
| CVE-2025-7036 | 2025-08-06 | CleverReach WP <= 1.5.20 - Unauthenticated SQL Injection via title Parameter |
| CVE-2025-6690 | 2025-08-06 | WP Tournament Registration <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via field Parameter |
| CVE-2025-6256 | 2025-08-06 | Flex Guten <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via thumbnailHoverEffect Parameter |
| CVE-2025-6986 | 2025-08-06 | FileBird – WordPress Media Library Folders & File Manager <= 6.4.8 - Authenticated (Author+) SQL Injection |
| CVE-2025-7502 | 2025-08-06 | WPBakery Page Builder for WordPress <= 8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-54624 | 2025-08-06 | Unexpected injection event vulnerability in the multimodalinput module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54626 | 2025-08-06 | Pointer dangling vulnerability in the cjwindow module. Impact: Successful exploitation of this vulnerability may affect function stability. |
| CVE-2025-54625 | 2025-08-06 | Race condition vulnerability in the kernel file system module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54627 | 2025-08-06 | Out-of-bounds write vulnerability in the skia module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-54628 | 2025-08-06 | Vulnerability of incomplete verification information in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54629 | 2025-08-06 | Race condition issue occurring in the physical page import process of the memory management module. Impact: Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2025-54630 | 2025-08-06 | :Vulnerability of insufficient data length verification in the DFA module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54631 | 2025-08-06 | Vulnerability of insufficient data length verification in the partition module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54632 | 2025-08-06 | Vulnerability of insufficient data length verification in the HVB module. Impact: Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2025-54633 | 2025-08-06 | Out-of-bounds read vulnerability in the register configuration of the DMA module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-54634 | 2025-08-06 | Vulnerability of improper processing of abnormal conditions in huge page separation. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-8595 | 2025-08-06 | Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import |
| CVE-2025-8420 | 2025-08-06 | Request a Quote Form Plugin <= 2.5.2 - Unauthenticated Limited Remote Code Execution |
| CVE-2025-54635 | 2025-08-06 | Vulnerability of returning released pointers in the distributed notification service. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54636 | 2025-08-06 | Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54637 | 2025-08-06 | Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-54638 | 2025-08-06 | Issue of inconsistent read/write serialization in the ad module. Impact: Successful exploitation of this vulnerability may affect the availability of the ad service. |
| CVE-2025-54639 | 2025-08-06 | ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions. |
| CVE-2025-54640 | 2025-08-06 | ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions. |
| CVE-2025-54641 | 2025-08-06 | Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54642 | 2025-08-06 | Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54643 | 2025-08-06 | Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-54644 | 2025-08-06 | Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-54645 | 2025-08-06 | Out-of-bounds array access issue due to insufficient data verification in the location service module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54646 | 2025-08-06 | Vulnerability of inadequate packet length check in the BLE module. Impact: Successful exploitation of this vulnerability may affect performance. |
| CVE-2025-54647 | 2025-08-06 | Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54648 | 2025-08-06 | Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-54649 | 2025-08-06 | Vulnerability of using incompatible types to access resources in the location service. Impact: Successful exploitation of this vulnerability may cause some location information attributes to be incorrect. |
| CVE-2025-54650 | 2025-08-06 | Improper array index verification vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect the audio decoding function. |
| CVE-2025-54651 | 2025-08-06 | Race condition vulnerability in the kernel hufs module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-8100 | 2025-08-06 | Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content |
| CVE-2025-7498 | 2025-08-06 | Exclusive Addons for Elementor <= 2.7.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown |
| CVE-2025-7399 | 2025-08-06 | Betheme <= 28.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-6994 | 2025-08-06 | Reveal Listing <= 3.3 - Unauthenticated Privilege Escalation |