Lista CVE - 2025 / Settembre
Visualizzazione 1701 - 1800 di 4322 CVE per Settembre 2025 (Pagina 18 di 44)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-57579 | 2025-09-12 | An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 allows a remote attacker to execute arbitrary code via the default password |
| CVE-2025-10274 | 2025-09-12 | erjinzhi 10OA item cross site scripting |
| CVE-2025-55319 | 2025-09-12 | Agentic AI and Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2025-10275 | 2025-09-12 | YunaiV yudao-cloud transfer improper authorization |
| CVE-2025-58754 | 2025-09-12 | Axios is vulnerable to DoS attack through lack of data size check |
| CVE-2025-9807 | 2025-09-12 | The Events Calendar <= 6.15.1 - Unauthenticated SQL Injection |
| CVE-2025-43789 | 2025-09-12 | JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes... |
| CVE-2025-10276 | 2025-09-12 | YunaiV ruoyi-vue-pro transfer improper authorization |
| CVE-2025-43788 | 2025-09-12 | The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 does not check user permission, which allows remote... |
| CVE-2025-10269 | 2025-09-12 | Spirit Framework <= 1.2.13 - Authenticated (Subscriber+) Local File Inclusion |
| CVE-2025-10277 | 2025-09-12 | YunaiV yudao-cloud submit improper authorization |
| CVE-2025-9879 | 2025-09-12 | Spotify Embed Creator <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-9880 | 2025-09-12 | Side Slide Responsive Menu <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9877 | 2025-09-12 | Embed Google Datastudio <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-9881 | 2025-09-12 | Ultimate Blogroll <= 2.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-10278 | 2025-09-12 | YunaiV ruoyi-vue-pro transfer improper authorization |
| CVE-2025-10287 | 2025-09-12 | roncoo roncoo-pay orderQuery direct request |
| CVE-2025-10094 | 2025-09-12 | Improper Validation of Specified Quantity in Input in GitLab |
| CVE-2025-10288 | 2025-09-12 | roncoo roncoo-pay list improper authentication |
| CVE-2025-9086 | 2025-09-12 | Out of bounds read for cookie path |
| CVE-2025-10148 | 2025-09-12 | predictable WebSocket mask |
| CVE-2025-8575 | 2025-09-12 | LWS Cleaner <= 2.4.1.3 - Authenticated (Administrator+) Arbitrary File Deletion via 'lws_cl_delete_file' |
| CVE-2025-10291 | 2025-09-12 | linlinjava litemall cancel WxAftersaleController improper authorization |
| CVE-2025-58781 | 2025-09-12 | WTW-EAGLE App does not properly validate server certificates, which may allow a man-in-the-middle attacker to monitor encrypted traffic. |
| CVE-2025-3650 | 2025-09-12 | jQuery Colorbox <= 4.6.3 - Contributor+ Stored XSS |
| CVE-2025-8280 | 2025-09-12 | Contact Form 7 reCAPTCHA <= 1.2.0 - Reflected XSS via $_SERVER['REQUEST_URI'] |
| CVE-2025-7337 | 2025-09-12 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-6769 | 2025-09-12 | Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab |
| CVE-2025-6454 | 2025-09-12 | Server-Side Request Forgery (SSRF) in GitLab |
| CVE-2025-2256 | 2025-09-12 | Improper Validation of Specified Quantity in Input in GitLab |
| CVE-2025-1250 | 2025-09-12 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-21042 | 2025-09-12 | Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code. |
| CVE-2025-21043 | 2025-09-12 | Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code. |
| CVE-2025-7448 | 2025-09-12 | Man in the middle (MitM) attack vulnerability in Wi-SUN library |
| CVE-2025-10264 | 2025-09-12 | Digiever|NVR - Exposure of Sensitive Information |
| CVE-2025-10265 | 2025-09-12 | Digiever|NVR - OS Command Injection |
| CVE-2025-10266 | 2025-09-12 | NewType Infortech|NUP Portal - SQL Injection |
| CVE-2025-10267 | 2025-09-12 | NewType Infortech|NUP Portal - Missing Authentication |
| CVE-2025-27234 | 2025-09-12 | Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0. |
| CVE-2025-27233 | 2025-09-12 | Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later. |
| CVE-2025-27238 | 2025-09-12 | API hostprototype.get lists data to users with insufficient authorization. |
| CVE-2025-27240 | 2025-09-12 | Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host |
| CVE-2025-6638 | 2025-09-12 | Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| CVE-2025-8699 | 2025-09-12 | Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account... |
| CVE-2025-10318 | 2025-09-12 | JeecgBoot WebSocket Message sendWebSocketMsg improper authorization |
| CVE-2025-59054 | 2025-09-12 | dstack has insecure LUKS2 persistent storage partitions that may be opened and used |
| CVE-2025-59139 | 2025-09-12 | Hono has Body Limit Middleware Bypass |
| CVE-2025-59058 | 2025-09-12 | httpsig-rs's HMAC verification is vulnerable to timing attack |
| CVE-2025-9556 | 2025-09-12 | CVE-2025-9556 |
| CVE-2025-10365 | 2025-09-12 | Authentication Bypass in Evertz SDVN |
| CVE-2025-10364 | 2025-09-12 | Unauthenticated Arbitrary Command Injection in Evertz SDVN |
| CVE-2025-10319 | 2025-09-12 | JeecgBoot Tenant Log Export exportLog improper authorization |
| CVE-2025-39792 | 2025-09-12 | dm: Always split write BIOs to zoned device limits |
| CVE-2025-39793 | 2025-09-12 | io_uring/memmap: cast nr_pages to size_t before shifting |
| CVE-2025-39794 | 2025-09-12 | ARM: tegra: Use I/O memcpy to write to IRAM |
| CVE-2025-39795 | 2025-09-12 | block: avoid possible overflow for chunk_sectors check in blk_stack_limits() |
| CVE-2025-39796 | 2025-09-12 | net: lapbether: ignore ops-locked netdevs |
| CVE-2025-39797 | 2025-09-12 | xfrm: Duplicate SPI Handling |
| CVE-2025-39798 | 2025-09-12 | NFS: Fix the setting of capabilities when automounting a new filesystem |
| CVE-2025-10320 | 2025-09-12 | iteachyou Dreamer CMS updatePwd weak password |
| CVE-2025-43787 | 2025-09-12 | A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through... |
| CVE-2025-4235 | 2025-09-12 | User-ID Credential Agent: Cleartext Exposure of Service Account password |
| CVE-2025-4234 | 2025-09-12 | Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of Credentials |
| CVE-2025-10321 | 2025-09-12 | Wavlink WL-WN578W2 live_online.shtml information disclosure |
| CVE-2025-58434 | 2025-09-12 | Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover |
| CVE-2025-10322 | 2025-09-12 | Wavlink WL-WN578W2 sysinit.html password recovery |
| CVE-2025-10323 | 2025-09-12 | Wavlink WL-WN578W2 wizard_rep.shtml sub_409184 command injection |
| CVE-2025-43796 | 2025-09-12 | Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned... |
| CVE-2025-10324 | 2025-09-12 | Wavlink WL-WN578W2 firewall.cgi sub_401C5C command injection |
| CVE-2025-43795 | 2025-09-12 | Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35,... |
| CVE-2025-10325 | 2025-09-12 | Wavlink WL-WN578W2 login.cgi sub_401BA4 command injection |
| CVE-2025-10326 | 2025-09-12 | MiczFlor RPi-Jukebox-RFID single.php os command injection |
| CVE-2025-10327 | 2025-09-12 | MiczFlor RPi-Jukebox-RFID shuffle.php os command injection |
| CVE-2025-10176 | 2025-09-12 | The Hack Repair Guy's Plugin Archiver <= 2.0.4 - Authenticated (Administrator+) Arbitrary File Deletion |
| CVE-2025-10328 | 2025-09-12 | MiczFlor RPi-Jukebox-RFID playsinglefile.php os command injection |
| CVE-2025-10329 | 2025-09-12 | cdevroe unmark Marks.php server-side request forgery |
| CVE-2025-10330 | 2025-09-12 | cdevroe unmark searchform.php cross site scripting |
| CVE-2025-10331 | 2025-09-13 | cdevroe unmark Marks.php cross site scripting |
| CVE-2025-10332 | 2025-09-13 | cdevroe unmark info.php cross site scripting |
| CVE-2025-10340 | 2025-09-13 | WhatCD Gazelle Commit Message change_log.php cross site scripting |
| CVE-2025-10358 | 2025-09-13 | Wavlink WL-WN578W2 wireless.cgi sub_404850 os command injection |
| CVE-2025-10359 | 2025-09-13 | Wavlink WL-WN578W2 wireless.cgi sub_404DBC os command injection |
| CVE-2025-10366 | 2025-09-13 | MiczFlor RPi-Jukebox-RFID inc.setWlanIpMail.php cross site scripting |
| CVE-2025-10367 | 2025-09-13 | MiczFlor RPi-Jukebox-RFID cardEdit.php cross site scripting |
| CVE-2025-10368 | 2025-09-13 | MiczFlor RPi-Jukebox-RFID manageFilesFolders.php cross site scripting |
| CVE-2025-10369 | 2025-09-13 | MiczFlor RPi-Jukebox-RFID cardRegisterNew.php cross site scripting |
| CVE-2025-10370 | 2025-09-13 | MiczFlor RPi-Jukebox-RFID userScripts.php cross site scripting |
| CVE-2025-10371 | 2025-09-13 | eCharge Hardy Barth Salia PLCC api.php unrestricted upload |
| CVE-2025-10372 | 2025-09-13 | Portabilis i-Educar educar_modulo_cad.php cross site scripting |
| CVE-2025-10373 | 2025-09-13 | Portabilis i-Educar educar_turma_tipo_cad.php cross site scripting |
| CVE-2025-10374 | 2025-09-13 | Shenzhen Sixun Business Management System OperatorStop improper authorization |
| CVE-2025-10384 | 2025-09-13 | yangzongzhuan RuoYi Role cancelAll improper authorization |
| CVE-2025-59363 | 2025-09-14 | In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is... |
| CVE-2025-59364 | 2025-09-14 | The express-xss-sanitizer (aka Express XSS Sanitizer) package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body. |
| CVE-2025-10385 | 2025-09-14 | Mercury KM08-708H GiGA WiFi Wave2 mcr_setSysAdm sub_450B2C buffer overflow |
| CVE-2025-10386 | 2025-09-14 | Yida ECMS Consulting Enterprise Management System POST Request login.do cross site scripting |
| CVE-2025-10387 | 2025-09-14 | codesiddhant Jasmin Ransomware handshake.php sql injection |
| CVE-2025-10388 | 2025-09-14 | Selleo Mentingo Create New Course Basic Settings enroll-course cross site scripting |
| CVE-2025-10389 | 2025-09-14 | CRMEB Administrator Password SystemAdminServices.php save improper authorization |
| CVE-2025-10390 | 2025-09-14 | CRMEB UserAddressServices.php editAddress improper authorization |