VULNMAP - Vulnerabilità di Sicurezza

Lista CVE - 2025 / Settembre

Visualizzazione 2601 - 2700 di 4322 CVE per Settembre 2025 (Pagina 27 di 44)

ID CVE Data Titolo
CVE-2025-35434 2025-09-17 CISA Thorium does not validate TLS connections to Elasticsearch
CVE-2025-35435 2025-09-17 CISA Thorium download stream divide by zero
CVE-2025-35436 2025-09-17 CISA Thorium account verification email error handling
CVE-2025-10602 2025-09-17 SourceCodester Online Exam Form Submission delete_s1.php sql injection
CVE-2025-10603 2025-09-17 PHPGurukul Online Discussion Forum search_result.php sql injection
CVE-2025-58431 2025-09-17 ZimaOS reads arbitrary files using localhost calls to File API Download
CVE-2025-58432 2025-09-17 ZimaOS Privilege Escalation using localhost calls to File API Upload
CVE-2025-10604 2025-09-17 PHPGurukul Online Discussion Forum edit_member.php sql injection
CVE-2025-10605 2025-09-17 Portabilis i-Educar agenda_preferencias.php cross site scripting
CVE-2025-58766 2025-09-17 Dyad Vulnerable to Remote Code Execution via Top-level Navigation in Preview Window
CVE-2025-58767 2025-09-17 REXML has a DoS condition when parsing malformed XML file
CVE-2025-59339 2025-09-17 The Bastion ttyrec files are not signed after encryption by the osh-encrypt-rsync script
CVE-2025-59341 2025-09-17 Local File Inclusion in esm.sh
CVE-2025-59342 2025-09-17 esm.sh writes arbitrary files via path traversal in `X-Zone-Id` header
CVE-2025-10606 2025-09-17 Portabilis i-Educar ConfiguracaoMovimentoGeral cross site scripting
CVE-2025-10607 2025-09-17 Portabilis i-Educar diarioApi information disclosure
CVE-2025-10608 2025-09-17 Portabilis i-Educar enrollment-history access control
CVE-2025-59414 2025-09-17 Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival
CVE-2025-59416 2025-09-17 The Scratch Channel forks can publish articles
CVE-2025-10613 2025-09-17 itsourcecode Student Information System leveledit1.php sql injection
CVE-2025-59345 2025-09-17 Dragonfly did not enable authentication for some Manager’s endpoints
CVE-2025-59346 2025-09-17 Dragonfly server-side request forgery vulnerability
CVE-2025-59347 2025-09-17 Dragonfly Manager makes requests to external endpoints with disabled TLS authentication
CVE-2025-59348 2025-09-17 Dragonfly incorrectly handles a task structure’s usedTraffic field
CVE-2025-37122 2025-09-17 Unauthenticated Reflected Cross-Site Scripting
CVE-2025-10614 2025-09-17 itsourcecode E-Logbook with Health Monitoring System for COVID-19 print_reports_prev.php cross site scripting
CVE-2025-59349 2025-09-17 Directories created via os.MkdirAll are not checked for permissions
CVE-2025-59350 2025-09-17 Timing attacks against Proxy’s basic authentication are possible
CVE-2025-59351 2025-09-17 Dragonfly possibly panics due to nil pointer dereference when using variables created alongside an error
CVE-2025-59352 2025-09-17 Dragonfly allows arbitrary file read and write on a peer machine
CVE-2025-59353 2025-09-17 Manager generates mTLS certificates for arbitrary IP addresses
CVE-2025-59354 2025-09-17 Dragonfly has weak integrity checks for downloaded files
CVE-2025-59410 2025-09-17 Dragonfly tiny file download uses hard coded HTTP protocol
CVE-2025-59340 2025-09-17 jinjava Sandbox Bypass via JavaType-Based Deserialization
CVE-2025-10615 2025-09-17 itsourcecode E-Commerce Website products.php unrestricted upload
CVE-2025-10616 2025-09-17 itsourcecode E-Commerce Website users.php unrestricted upload
CVE-2025-10617 2025-09-17 SourceCodester Online Polling System positions.php sql injection
CVE-2025-10643 2025-09-17 Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability
CVE-2025-10644 2025-09-17 Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
CVE-2025-7977 2025-09-17 Ashlar-Vellum Cobalt LI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7982 2025-09-17 Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2025-7980 2025-09-17 Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7978 2025-09-17 Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability
CVE-2025-7979 2025-09-17 Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-7981 2025-09-17 Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability
CVE-2025-7983 2025-09-17 Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-7984 2025-09-17 Ashlar-Vellum Cobalt AR File Parsing Uninitialized Variable Remote Code Execution Vulnerability
CVE-2025-7985 2025-09-17 Ashlar-Vellum Cobalt VC6 File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2025-7990 2025-09-17 Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7986 2025-09-17 Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7989 2025-09-17 Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7987 2025-09-17 Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7992 2025-09-17 Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7991 2025-09-17 Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7988 2025-09-17 Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7999 2025-09-17 Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-7994 2025-09-17 Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7998 2025-09-17 Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7996 2025-09-17 Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7995 2025-09-17 Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-8000 2025-09-17 Ashlar-Vellum Cobalt LI File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-7997 2025-09-17 Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-8003 2025-09-17 Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-8001 2025-09-17 Ashlar-Vellum Cobalt CO File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-8005 2025-09-17 Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-8004 2025-09-17 Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-8002 2025-09-17 Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-8006 2025-09-17 Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7993 2025-09-17 Ashlar-Vellum Cobalt LI File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2025-10618 2025-09-17 itsourcecode Online Clinic Management System transact.php sql injection
CVE-2025-10619 2025-09-17 sequa-ai sequa-mcp OAuth Server Discovery node-oauth-client-provider.ts redirectToAuthorization os command injection
CVE-2025-59415 2025-09-17 Frappe Learning vulnerable to Malicious Content upload via Profile bio field
CVE-2025-10620 2025-09-17 itsourcecode Online Clinic Management System editp2.php sql injection
CVE-2025-23316 2025-09-17 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter...
CVE-2025-23328 2025-09-17 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write through a specially crafted input. A successful exploit of this vulnerability...
CVE-2025-23329 2025-09-17 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and accessing the shared memory region used by the Python...
CVE-2025-23336 2025-09-17 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of service by loading a misconfigured model. A successful exploit of this...
CVE-2025-10621 2025-09-17 SourceCodester Hotel Reservation System editroomimage.php sql injection
CVE-2025-23268 2025-09-17 NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper input validation issue. A successful exploit of this vulnerability may lead to...
CVE-2025-23337 2025-09-17 NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access...
CVE-2025-10623 2025-09-17 SourceCodester Hotel Reservation System deleteuser.php sql injection
CVE-2025-10624 2025-09-17 PHPGurukul User Management System login.php sql injection
CVE-2025-10625 2025-09-17 SourceCodester Online Exam Form Submission dashboard.php sql injection
CVE-2025-10626 2025-09-17 SourceCodester Online Exam Form Submission update_s3.php sql injection
CVE-2025-10627 2025-09-17 SourceCodester Online Exam Form Submission delete_user.php sql injection
CVE-2023-49367 2025-09-18 An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user.
CVE-2025-50255 2025-09-18 Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request.
CVE-2025-55911 2025-09-18 An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameter
CVE-2025-55912 2025-09-18 An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to missing access...
CVE-2025-57293 2025-09-18 A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is not sanitized, allowing attackers to...
CVE-2025-57295 2025-09-18 H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses...
CVE-2025-57452 2025-09-18 In realme BackupRestore app v15.1.12_2810c08_250314, improper URI scheme handling in com.coloros.pc.PcToolMainActivity allows local attackers to cause a crash and potential XSS via crafted ADB intents.
CVE-2025-59691 2025-09-18 PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI...
CVE-2025-59692 2025-09-18 PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes...
CVE-2025-10628 2025-09-18 D-Link DIR-852 Web Management hedwig.cgi command injection
CVE-2025-10629 2025-09-18 D-Link DIR-852 Simple Service Discovery Protocol Service cgibin ssdpcgi_main command injection
CVE-2025-10631 2025-09-18 itsourcecode Online Petshop Management System Available Products addcnp.php cross site scripting
CVE-2025-10632 2025-09-18 itsourcecode Online Petshop Management System Admin Dashboard availableframe.php cross site scripting
CVE-2025-10634 2025-09-18 D-Link DIR-823X Environment Variable goahead sub_412E7C command injection
CVE-2025-10642 2025-09-18 wangchenyi1996 chat_forum q.php cross site scripting