Lista CVE - 2025 / Settembre
Visualizzazione 1801 - 1900 di 4322 CVE per Settembre 2025 (Pagina 19 di 44)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-10391 | 2025-09-14 | CRMEB OutAccountServices.php testOutUrl server-side request forgery |
| CVE-2025-10392 | 2025-09-14 | Mercury KM08-708H GiGA WiFi Wave2 HTTP Header stack-based overflow |
| CVE-2025-10393 | 2025-09-14 | miurla morphic HTTP Status Code 3xx advanced-search fetchHtml server-side request forgery |
| CVE-2025-10394 | 2025-09-14 | fcba_zzm ics-park Smart Park Management System Scheduled Task JobController.java code injection |
| CVE-2025-10395 | 2025-09-14 | Magicblack MacCMS Scheduled Task col_url server-side request forgery |
| CVE-2025-10396 | 2025-09-14 | SourceCodester Pet Grooming Management Software edit_role.php sql injection |
| CVE-2025-10397 | 2025-09-14 | Magicblack MacCMS API server-side request forgery |
| CVE-2025-10398 | 2025-09-14 | fcba_zzm ics-park Smart Park Management System FileUploadUtils.java unrestricted upload |
| CVE-2025-10204 | 2025-09-14 | Unauth Admin Reset Password on AC Smart II |
| CVE-2025-36035 | 2025-09-14 | IBM PowerVM Hypervisor denial of service |
| CVE-2025-0164 | 2025-09-14 | IBM QRadar SIEM information disclosure |
| CVE-2025-10399 | 2025-09-14 | Korzh EasyQuery Query Builder UI fetch sql injection |
| CVE-2025-10400 | 2025-09-14 | SourceCodester Food Ordering Management System ticket-message.php sql injection |
| CVE-2025-10401 | 2025-09-14 | D-Link DIR-823x diag_ping command injection |
| CVE-2025-10402 | 2025-09-14 | PHPGurukul Beauty Parlour Management System readenq.php sql injection |
| CVE-2025-6051 | 2025-09-14 | Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| CVE-2025-10403 | 2025-09-14 | PHPGurukul Beauty Parlour Management System view-enquiry.php sql injection |
| CVE-2025-10404 | 2025-09-14 | itsourcecode Baptism Information Management System rptbaptismal.php sql injection |
| CVE-2025-10405 | 2025-09-14 | itsourcecode Baptism Information Management System listbaptism.php sql injection |
| CVE-2025-10407 | 2025-09-14 | SourceCodester Student Grading System view_user.php sql injection |
| CVE-2025-10408 | 2025-09-14 | SourceCodester Student Grading System edit_user.php sql injection |
| CVE-2025-10409 | 2025-09-14 | SourceCodester Student Grading System rms.php sql injection |
| CVE-2025-10410 | 2025-09-14 | SourceCodester Link Status Checker index.php server-side request forgery |
| CVE-2025-10411 | 2025-09-14 | itsourcecode E-Logbook with Health Monitoring System for COVID-19 POST Request check_profile.php cross site scripting |
| CVE-2025-10413 | 2025-09-14 | Campcodes Grocery Sales and Inventory System ajax.php sql injection |
| CVE-2025-10414 | 2025-09-14 | Campcodes Grocery Sales and Inventory System ajax.php sql injection |
| CVE-2025-10415 | 2025-09-14 | Campcodes Grocery Sales and Inventory System ajax.php sql injection |
| CVE-2025-10416 | 2025-09-14 | Campcodes Grocery Sales and Inventory System ajax.php sql injection |
| CVE-2025-45091 | 2025-09-15 | Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are vulnerable to a stored Cross-Site Scripting (XSS) attack. An authenticated attacker can exploit this vulnerability by modifying their username to include a malicious... |
| CVE-2025-46408 | 2025-09-15 | An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation. |
| CVE-2025-49089 | 2025-09-15 | wangxutech MoneyPrinterTurbo 1.2.6 allows path traversal via /api/v1/download/ URIs such as /api/v1/download//etc/passwd. |
| CVE-2025-50110 | 2025-09-15 | An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens... |
| CVE-2025-50944 | 2025-09-15 | An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation. |
| CVE-2025-52048 | 2025-09-15 | In Frappe 15.x.x before 15.72.0 and 14.x.x before 14.96.10, in the function add_tag() at `frappe/desk/doctype/tag/tag.py` is vulnerable to SQL Injection, which allows an attacker to extract information from databases by... |
| CVE-2025-52053 | 2025-09-15 | TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a... |
| CVE-2025-52344 | 2025-09-15 | Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project... |
| CVE-2025-56252 | 2025-09-15 | Cross Site Scripting (xss) vulnerability in ServitiumCRM 2.10 allowing attackers to execute arbitrary code via a crafted URL to the mobile parameter. |
| CVE-2025-56274 | 2025-09-15 | SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and perform sensitive operations such... |
| CVE-2025-56448 | 2025-09-15 | The Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. The alarm system does not properly... |
| CVE-2025-56710 | 2025-09-15 | A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authenticated users into unintentionally modifying their account... |
| CVE-2025-57104 | 2025-09-15 | Teampel 5.1.6 is vulnerable to SQL Injection in /Common/login.aspx. |
| CVE-2025-57117 | 2025-09-15 | A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the... |
| CVE-2025-57118 | 2025-09-15 | An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php |
| CVE-2025-57174 | 2025-09-15 | An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which... |
| CVE-2025-57176 | 2025-09-15 | The rfpiped service on TCP port 555 in Ceragon Networks / Siklu Communication EtherHaul series (8010TX and 1200FX tested) Firmware 7.4.0 through 10.7.3 allows unauthenticated file uploads to any writable... |
| CVE-2025-57248 | 2025-09-15 | A null pointer dereference vulnerability was discovered in SumatraPDF 3.5.2 during the processing of a crafted .djvu file. When the file is opened, the application crashes inside libmupdf.dll, specifically in... |
| CVE-2025-59375 | 2025-09-15 | libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. |
| CVE-2025-59376 | 2025-09-15 | feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word... |
| CVE-2025-59377 | 2025-09-15 | feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. NOTE: this is unrelated to mcp-server-kubernetes and CVE-2025-53355. |
| CVE-2025-59378 | 2025-09-15 | In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build... |
| CVE-2025-59397 | 2025-09-15 | Open Web Analytics (OWA) before 1.8.1 allows owa_db.php v[value] SQL injection. |
| CVE-2025-59398 | 2025-09-15 | The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString<255> object is created with StringTooLarge set... |
| CVE-2025-59399 | 2025-09-15 | libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation. |
| CVE-2025-10417 | 2025-09-15 | Campcodes Grocery Sales and Inventory System ajax.php sql injection |
| CVE-2025-10418 | 2025-09-15 | SourceCodester Student Grading System view_students.php sql injection |
| CVE-2025-10419 | 2025-09-15 | SourceCodester Student Grading System del_promote.php sql injection |
| CVE-2025-10420 | 2025-09-15 | SourceCodester Student Grading System form137.php sql injection |
| CVE-2025-10421 | 2025-09-15 | SourceCodester Student Grading System update_account.php sql injection |
| CVE-2025-10422 | 2025-09-15 | newbee-mall Order Status paySuccess improper authorization |
| CVE-2025-10452 | 2025-09-15 | Gotac|Statistical Database System - Missing Authentication |
| CVE-2025-10423 | 2025-09-15 | newbee-mall kaptcha mallKaptcha Captcha |
| CVE-2025-10424 | 2025-09-15 | 1000projects Online Student Project Report Submission and Evaluation System faculty_controller.php unrestricted upload |
| CVE-2025-10425 | 2025-09-15 | 1000projects Online Student Project Report Submission and Evaluation System student_controller.php unrestricted upload |
| CVE-2025-10426 | 2025-09-15 | itsourcecode Online Laundry Management System login.php sql injection |
| CVE-2025-10427 | 2025-09-15 | SourceCodester Pet Grooming Management Software user.php unrestricted upload |
| CVE-2025-10428 | 2025-09-15 | SourceCodester Pet Grooming Management Software Setting seo_setting.php unrestricted upload |
| CVE-2025-10429 | 2025-09-15 | SourceCodester Pet Grooming Management Software ajax_product.php sql injection |
| CVE-2025-10453 | 2025-09-15 | PilotGaea Technologies|O'View MapServer - Server-Side Request Forgery |
| CVE-2025-10430 | 2025-09-15 | SourceCodester Pet Grooming Management Software barcode.php sql injection |
| CVE-2025-10431 | 2025-09-15 | SourceCodester Pet Grooming Management Software ajax_represent.php sql injection |
| CVE-2025-10432 | 2025-09-15 | Tenda AC1206 HTTP Request AdvSetMacMtuWa check_param_changed stack-based overflow |
| CVE-2025-41713 | 2025-09-15 | WAGO: Vulnerability in hardware switch circuit |
| CVE-2025-10433 | 2025-09-15 | 1Panel-dev MaxKB debug deserialization |
| CVE-2025-10434 | 2025-09-15 | IbuyuCMS Add Article article.php cross site scripting |
| CVE-2025-10435 | 2025-09-15 | Campcodes Computer Sales and Inventory System cust_edit1.php sql injection |
| CVE-2025-10436 | 2025-09-15 | Campcodes Computer Sales and Inventory System sup_searchfrm.php sql injection |
| CVE-2025-10440 | 2025-09-15 | D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection |
| CVE-2025-9076 | 2025-09-15 | Mattermost Server exposes sensitive user credentials during shared channel membership synchronization |
| CVE-2025-9078 | 2025-09-15 | Weak cache keys lead to post IDOR and link preview poisoning |
| CVE-2025-9826 | 2025-09-15 | Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users. |
| CVE-2025-9084 | 2025-09-15 | Open redirect in OAuth login |
| CVE-2025-9072 | 2025-09-15 | One-Click Mattermost Account Takeover via Poisoned RelayState SAML Parameter |
| CVE-2025-10441 | 2025-09-15 | D-Link DI-8100G/DI-8200G/DI-8003G jhttpd version_upgrade.asp sub_433F7C os command injection |
| CVE-2025-10442 | 2025-09-15 | Tenda AC9/AC15 exeCommand formexeCommand os command injection |
| CVE-2025-43794 | 2025-09-15 | Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through... |
| CVE-2025-10443 | 2025-09-15 | Tenda AC9/AC15 exeCommand formexeCommand buffer overflow |
| CVE-2025-59358 | 2025-09-15 | Denial of Service via Unauthorized Access to Chaos Mesh debugging server |
| CVE-2025-59359 | 2025-09-15 | OS command injection in Chaos Mesh via the cleanTcs mutation |
| CVE-2025-59360 | 2025-09-15 | OS command injection in Chaos Mesh via the killProcesses mutation |
| CVE-2025-59361 | 2025-09-15 | OS command injection in Chaos Mesh via the cleanIptables mutation |
| CVE-2025-10444 | 2025-09-15 | Campcodes Online Job Finder System advancesearch.php sql injection |
| CVE-2025-3025 | 2025-09-15 | CCleaner Link Following Local Privilege Escalation Vulnerability |
| CVE-2025-10445 | 2025-09-15 | Campcodes Computer Sales and Inventory System us_transac.php sql injection |
| CVE-2025-39800 | 2025-09-15 | btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() |
| CVE-2025-39801 | 2025-09-15 | usb: dwc3: Remove WARN_ON for device endpoint command timeouts |
| CVE-2025-39802 | 2025-09-15 | lib/crypto: arm/poly1305: Fix register corruption in no-SIMD contexts |
| CVE-2025-39803 | 2025-09-15 | scsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl() |
| CVE-2025-39804 | 2025-09-15 | lib/crypto: arm64/poly1305: Fix register corruption in no-SIMD contexts |
| CVE-2025-10446 | 2025-09-15 | Campcodes Computer Sales and Inventory System cust_searchfrm.php sql injection |
| CVE-2025-10447 | 2025-09-15 | Campcodes Online Job Finder System applicationform.php unrestricted upload |