Lista CVE - 2025 / Settembre
Visualizzazione 901 - 1000 di 4322 CVE per Settembre 2025 (Pagina 10 di 44)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-53791 | 2025-09-05 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| CVE-2025-10060 | 2025-09-05 | MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation |
| CVE-2025-10061 | 2025-09-05 | Malformed $group Query May Cause MongoDB Server to Crash |
| CVE-2025-57807 | 2025-09-05 | ImageMagick BlobStream Forward-Seek Under-Allocation |
| CVE-2025-58366 | 2025-09-05 | Onyxia private helm repository credentials are leaked through unauthenticated API |
| CVE-2025-10027 | 2025-09-05 | itsourcecode POS Point of Sale System 2512.php cross site scripting |
| CVE-2025-58367 | 2025-09-05 | DeepDiff is vulnerable to DoS and Remote Code Execution via Delta class pollution |
| CVE-2025-58369 | 2025-09-05 | fs2: Half-shutdown of socket during TLS handshake may result in spin loop on opposite side |
| CVE-2025-58370 | 2025-09-05 | Roo Code: Potential Remote Code Execution via Bash Parameter Expansion and Indirect Reference |
| CVE-2025-58371 | 2025-09-05 | Roo Code is vulnerable to command injection via GitHub actions workflow |
| CVE-2025-58372 | 2025-09-05 | Roo Code: Potential Remote Code Execution via .code-workspace |
| CVE-2025-58373 | 2025-09-05 | Roo Code: Symlink-bypass of .rooignore can lead to unintended file disclosure |
| CVE-2021-26383 | 2025-09-05 | Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds memory... |
| CVE-2025-58439 | 2025-09-06 | ERP: Possibility of SQL injection due to missing validation |
| CVE-2025-7366 | 2025-09-06 | Rehub <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost |
| CVE-2025-7368 | 2025-09-06 | Rehub <= 19.9.7 - Unauthenticated Password Protected Post Disclosure |
| CVE-2025-9849 | 2025-09-06 | Html Social share buttons <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-6067 | 2025-09-06 | Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2025-58374 | 2025-09-06 | Roo Code: Auto-approve allows npm install execution of malicious postinstall scripts |
| CVE-2025-8360 | 2025-09-06 | LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2025-9515 | 2025-09-06 | Multi Step Form <= 1.7.25 - Authenticated (Admin+) Arbitrary File Upload |
| CVE-2025-9085 | 2025-09-06 | User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection |
| CVE-2025-8359 | 2025-09-06 | AdForest <= 6.0.9 - Authentication Bypass to Admin |
| CVE-2025-9853 | 2025-09-06 | Optio Dentistry <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-10003 | 2025-09-06 | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP <= 1.2.44 - Authenticated (Subscriber+) SQL Injection |
| CVE-2025-58437 | 2025-09-06 | Coder's privilege escalation vulnerability could lead to a cross workspace compromise |
| CVE-2025-8722 | 2025-09-06 | Content Views <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Grid and List Widgets |
| CVE-2025-9126 | 2025-09-06 | Smart Table Builder <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2025-9442 | 2025-09-06 | StreamWeasels Kick Integration <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via vodsChannel Parameter |
| CVE-2025-7040 | 2025-09-06 | Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Action |
| CVE-2025-9493 | 2025-09-06 | Admin Menu Editor <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter |
| CVE-2025-7045 | 2025-09-06 | Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action |
| CVE-2025-8564 | 2025-09-06 | SKT Addons for Elementor <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2025-8149 | 2025-09-06 | aThemes Addons for Elementor Lite <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget |
| CVE-2025-6757 | 2025-09-06 | Recent Posts Widget Extended <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via rpwe Shortcode |
| CVE-2025-10028 | 2025-09-06 | itsourcecode POS Point of Sale System 6776.php cross site scripting |
| CVE-2025-10046 | 2025-09-06 | ELEX WooCommerce Google Shopping (Google Product Feed) <= 1.4.3 - Authenticated (Admin+) SQL Inejction |
| CVE-2025-9961 | 2025-09-06 | Authenticated RCE by CWMP binary |
| CVE-2025-10029 | 2025-09-06 | itsourcecode POS Point of Sale System complex_header_2.php cross site scripting |
| CVE-2025-10030 | 2025-09-06 | Campcodes Grocery Sales and Inventory System ajax.php sql injection |
| CVE-2025-10031 | 2025-09-06 | Campcodes Grocery Sales and Inventory System ajax.php sql injection |
| CVE-2025-10032 | 2025-09-06 | Campcodes Grocery Sales and Inventory System index.php cross site scripting |
| CVE-2025-10033 | 2025-09-06 | itsourcecode Online Discussion Forum admin sql injection |
| CVE-2025-10034 | 2025-09-06 | D-Link DIR-825 httpd ping6_response.cg get_ping6_app_stat buffer overflow |
| CVE-2021-26377 | 2025-09-06 | Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of... |
| CVE-2021-46750 | 2025-09-06 | Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap... |
| CVE-2023-20516 | 2025-09-06 | Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity. |
| CVE-2023-31306 | 2025-09-06 | Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an... |
| CVE-2023-31322 | 2025-09-06 | Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially leading to a read or... |
| CVE-2023-31325 | 2025-09-06 | Improper isolation of shared resources on System-on-a-chip (SOC) could a privileged attacker to tamper with the contents of the PSP reserved DRAM region potentially resulting in loss of confidentiality and... |
| CVE-2023-31326 | 2025-09-06 | Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality. |
| CVE-2023-31330 | 2025-09-06 | An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality. |
| CVE-2023-31351 | 2025-09-06 | Improper restriction of operations in the IOMMU could allow a malicious hypervisor to access guest private memory resulting in loss of integrity. |
| CVE-2023-31365 | 2025-09-06 | An integer overflow in the SMU could allow a privileged attacker to potentially write memory beyond the end of the reserved dRAM area resulting in loss of integrity or availability. |
| CVE-2024-21947 | 2025-09-06 | Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level. |
| CVE-2024-21970 | 2025-09-06 | Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity. |
| CVE-2024-36326 | 2025-09-06 | Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity. |
| CVE-2024-36331 | 2025-09-06 | Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. |
| CVE-2024-36342 | 2025-09-06 | Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution. |
| CVE-2024-36346 | 2025-09-06 | Improper input validation in AMD Power Management Firmware (PMFW) could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition. |
| CVE-2024-36352 | 2025-09-06 | Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service. |
| CVE-2024-36354 | 2025-09-06 | Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the... |
| CVE-2025-0009 | 2025-09-06 | A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and loss of... |
| CVE-2025-0010 | 2025-09-06 | An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability. |
| CVE-2025-0011 | 2025-09-06 | Improper removal of sensitive information before storage or transfer in AMD Crash Defender could allow an attacker to obtain kernel address information potentially resulting in loss of confidentiality. |
| CVE-2025-0032 | 2025-09-06 | Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction... |
| CVE-2025-0034 | 2025-09-06 | Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_SPATIAL_PART and cause read or write past the end of allocated arrays, potentially resulting in... |
| CVE-2025-58438 | 2025-09-06 | internetarchive is vulnerable to Directory Traversal through file downloads |
| CVE-2025-58446 | 2025-09-06 | xgrammar vulnerable to denial of service by huge enum grammar |
| CVE-2025-58445 | 2025-09-06 | Atlantis Exposes Service Version Publicly on /status API Endpoint |
| CVE-2025-58443 | 2025-09-06 | FOG's authentication bypass leads to full SQL DB dump |
| CVE-2025-10062 | 2025-09-06 | itsourcecode Student Information Management System login.php sql injection |
| CVE-2025-10063 | 2025-09-06 | itsourcecode POS Point of Sale System deferred_table.php cross site scripting |
| CVE-2025-10064 | 2025-09-07 | itsourcecode POS Point of Sale System dom_data_two_headers.php cross site scripting |
| CVE-2025-10065 | 2025-09-07 | itsourcecode POS Point of Sale System dom_data_th.php cross site scripting |
| CVE-2025-36100 | 2025-09-07 | IBM MQ information disclosure |
| CVE-2025-10066 | 2025-09-07 | itsourcecode POS Point of Sale System dymanic_table.php cross site scripting |
| CVE-2025-10067 | 2025-09-07 | itsourcecode POS Point of Sale System empty_table.php cross site scripting |
| CVE-2025-10068 | 2025-09-07 | itsourcecode Online Discussion Forum add_views.php sql injection |
| CVE-2025-39727 | 2025-09-07 | mm: swap: fix potential buffer overflow in setup_clusters() |
| CVE-2025-39729 | 2025-09-07 | crypto: ccp - Fix dereferencing uninitialized error pointer |
| CVE-2025-39730 | 2025-09-07 | NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() |
| CVE-2025-39731 | 2025-09-07 | f2fs: vm_unmap_ram() may be called from an invalid context |
| CVE-2025-39732 | 2025-09-07 | wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() |
| CVE-2025-39733 | 2025-09-07 | team: replace team lock with rtnl lock |
| CVE-2025-39734 | 2025-09-07 | Revert "fs/ntfs3: Replace inode_trylock with inode_lock" |
| CVE-2025-48042 | 2025-09-07 | Before action hooks may execute in certain scenarios despite a request being forbidden |
| CVE-2025-10070 | 2025-09-07 | Portabilis i-Educar enturmacao-em-lote access control |
| CVE-2025-10071 | 2025-09-07 | Portabilis i-Educar cancelar-enturmacao-em-lote access control |
| CVE-2025-10072 | 2025-09-07 | Portabilis i-Educar enturmar access control |
| CVE-2025-10073 | 2025-09-07 | Portabilis i-Educar turma improper authorization |
| CVE-2022-50238 | 2025-09-08 | The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the... |
| CVE-2024-48341 | 2025-09-08 | dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop |
| CVE-2025-22956 | 2025-09-08 | OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to... |
| CVE-2025-51586 | 2025-09-08 | An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature. |
| CVE-2025-52161 | 2025-09-08 | Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting (XSS) vulnerability. |
| CVE-2025-52288 | 2025-09-08 | Assertion failure in function ngap_build_downlink_nas_transport in file src/amf/ngap-build.c, the Access and Mobility Management Function (AMF) component, in Open5GS thru 2.7.5 allowing attackers to cause a denial of service or other... |
| CVE-2025-52389 | 2025-09-08 | An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request. |
| CVE-2025-55849 | 2025-09-08 | WeiPHP v5.0 and before is vulnerable to SQL Injection via the SucaiController.class.php file and the cancelTemplatee |
| CVE-2025-55998 | 2025-09-08 | A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify and BigCommerce apps allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by... |