Lista CVE - 2025 / Settembre
Visualizzazione 201 - 300 di 4322 CVE per Settembre 2025 (Pagina 3 di 44)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-22422 | 2025-09-02 | In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to... |
| CVE-2025-22423 | 2025-09-02 | In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no... |
| CVE-2025-22427 | 2025-09-02 | In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local... |
| CVE-2025-22428 | 2025-09-02 | In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the... |
| CVE-2025-22429 | 2025-09-02 | In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no... |
| CVE-2025-22430 | 2025-09-02 | In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional... |
| CVE-2025-22431 | 2025-09-02 | In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could... |
| CVE-2025-22433 | 2025-09-02 | In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code.... |
| CVE-2025-22434 | 2025-09-02 | In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional... |
| CVE-2025-22435 | 2025-09-02 | In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User... |
| CVE-2025-22437 | 2025-09-02 | In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation... |
| CVE-2025-22438 | 2025-09-02 | In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed... |
| CVE-2025-22439 | 2025-09-02 | In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege... |
| CVE-2025-22442 | 2025-09-02 | In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local... |
| CVE-2025-26416 | 2025-09-02 | In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution... |
| CVE-2025-9838 | 2025-09-02 | itsourcecode Student Information Management System index.php sql injection |
| CVE-2025-9839 | 2025-09-02 | itsourcecode Student Information Management System index.php sql injection |
| CVE-2025-9840 | 2025-09-02 | itsourcecode Sports Management System gametype.php sql injection |
| CVE-2025-9260 | 2025-09-02 | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read |
| CVE-2025-9841 | 2025-09-02 | code-projects Mobile Shop Management System AddNewProduct.php unrestricted upload |
| CVE-2025-54588 | 2025-09-02 | Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults |
| CVE-2025-26210 | 2025-09-03 | DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior. |
| CVE-2025-45805 | 2025-09-03 | In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a... |
| CVE-2025-52494 | 2025-09-03 | Adacore Ada Web Server (AWS) before 25.2 is vulnerable to a denial-of-service (DoS) condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS... |
| CVE-2025-55852 | 2025-09-03 | Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWifiBasicSet function via the parameter security or security_5g. |
| CVE-2025-55944 | 2025-09-03 | Slink v1.4.9 allows stored cross-site scripting (XSS) via crafted SVG uploads. When a user views the shared image in a new browser tab, the embedded JavaScript executes. The issue affects... |
| CVE-2025-56139 | 2025-09-03 | LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment before publishing.... |
| CVE-2025-56435 | 2025-09-03 | SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file /DataBackup.php and the operation on the parameter id. |
| CVE-2025-56498 | 2025-09-03 | An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr... |
| CVE-2025-56608 | 2025-09-03 | The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getInstance("MD5")` to hash credentials. MD5 is a broken cryptographic... |
| CVE-2025-56689 | 2025-09-03 | One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password (OTP)/Multifactor Authentication (MFA) bypass using response manipulation. An attacker who intercepts or captures a... |
| CVE-2025-56752 | 2025-09-03 | A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize... |
| CVE-2025-56760 | 2025-09-03 | When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file... |
| CVE-2025-56761 | 2025-09-03 | Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data... |
| CVE-2025-56803 | 2025-09-03 | Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in... |
| CVE-2025-57052 | 2025-09-03 | cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings... |
| CVE-2025-57146 | 2025-09-03 | phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter. |
| CVE-2025-57147 | 2025-09-03 | A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in... |
| CVE-2025-57148 | 2025-09-03 | phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation. |
| CVE-2025-57149 | 2025-09-03 | phpgurukul Complaint Management System 2.0 is vulnerable to SQL Injection in /complaint-details.php via the cid parameter. |
| CVE-2025-57150 | 2025-09-03 | phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/subcategory.php via the categoryName parameter. |
| CVE-2025-57151 | 2025-09-03 | phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter. |
| CVE-2025-57833 | 2025-09-03 | An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary,... |
| CVE-2025-9842 | 2025-09-03 | Das Parking Management System 停车场管理系统 Search information disclosure |
| CVE-2025-9843 | 2025-09-03 | Das Parking Management System 停车场管理系统 FindAll information disclosure |
| CVE-2025-9845 | 2025-09-03 | code-projects Fruit Shop Management System products.php cross site scripting |
| CVE-2025-57806 | 2025-09-03 | Local Deep Research's API keys are stored in plain text |
| CVE-2025-9847 | 2025-09-03 | ScriptAndTools Real Estate Management System register.php unrestricted upload |
| CVE-2025-9848 | 2025-09-03 | ScriptAndTools Real Estate Management System userlist.php redirect |
| CVE-2025-58163 | 2025-09-03 | FreeScout's deserialization of untrusted data can lead to Remote Code Execution |
| CVE-2025-7039 | 2025-09-03 | Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file() |
| CVE-2025-58351 | 2025-09-03 | Outline's Local File Storage Feature can Cause CSP Bypass |
| CVE-2025-58176 | 2025-09-03 | Dive's improper processing of custom urls can lead to Remote Code Execution |
| CVE-2025-9785 | 2025-09-03 | Misconfigured certificate validation with self-signed certificates for Print Deploy |
| CVE-2023-21466 | 2025-09-03 | PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission. |
| CVE-2023-21467 | 2025-09-03 | Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message. |
| CVE-2023-21468 | 2025-09-03 | Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission. |
| CVE-2023-21469 | 2025-09-03 | Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action. |
| CVE-2023-21470 | 2025-09-03 | Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action. |
| CVE-2023-21471 | 2025-09-03 | Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission. |
| CVE-2023-21472 | 2025-09-03 | Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. |
| CVE-2023-21473 | 2025-09-03 | Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. |
| CVE-2023-21475 | 2025-09-03 | Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2023-21476 | 2025-09-03 | Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2023-21477 | 2025-09-03 | Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data. |
| CVE-2023-21478 | 2025-09-03 | Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data. |
| CVE-2023-21479 | 2025-09-03 | Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule. |
| CVE-2023-21480 | 2025-09-03 | Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities. |
| CVE-2023-21481 | 2025-09-03 | Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information. |
| CVE-2023-21482 | 2025-09-03 | Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store... |
| CVE-2023-21483 | 2025-09-03 | Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service. |
| CVE-2025-58272 | 2025-09-03 | Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product... |
| CVE-2023-3666 | 2025-09-03 | Sticky Side Buttons < 2.0.0 - Admin+ Stored XSS |
| CVE-2023-21474 | 2025-09-03 | Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilege. |
| CVE-2025-21025 | 2025-09-03 | Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management. |
| CVE-2025-21026 | 2025-09-03 | Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call. |
| CVE-2025-21027 | 2025-09-03 | Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM. |
| CVE-2025-21028 | 2025-09-03 | Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items. |
| CVE-2025-21029 | 2025-09-03 | Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display. |
| CVE-2025-21030 | 2025-09-03 | Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background. |
| CVE-2025-21031 | 2025-09-03 | Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs. |
| CVE-2025-21032 | 2025-09-03 | Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions. |
| CVE-2025-21033 | 2025-09-03 | Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information. |
| CVE-2025-21034 | 2025-09-03 | Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code. |
| CVE-2025-21035 | 2025-09-03 | Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles. |
| CVE-2025-21036 | 2025-09-03 | Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability. |
| CVE-2025-21037 | 2025-09-03 | Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability. |
| CVE-2025-21038 | 2025-09-03 | Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. |
| CVE-2025-21039 | 2025-09-03 | Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. |
| CVE-2025-21040 | 2025-09-03 | Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. |
| CVE-2025-21041 | 2025-09-03 | Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information. |
| CVE-2025-9378 | 2025-09-03 | Vayu Blocks <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Block Attributes |
| CVE-2024-32444 | 2025-09-03 | WordPress RealHomes theme <= 4.3.6 - Privilege Escalation vulnerability |
| CVE-2025-58210 | 2025-09-03 | WordPress Makeaholic Theme <= 1.8.5 - Broken Access Control Vulnerability |
| CVE-2025-8663 | 2025-09-03 | Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.0.0 before 5.2.12. |
| CVE-2025-9817 | 2025-09-03 | NULL Pointer Dereference in Wireshark |
| CVE-2025-9219 | 2025-09-03 | Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update |
| CVE-2024-13063 | 2025-09-03 | IDOR in Akinsoft's MyRezzta |
| CVE-2014-125127 | 2025-09-03 | Denial of Service (DoS) vulnerability in mikecao/flight |
| CVE-2024-43115 | 2025-09-03 | Apache DolphinScheduler: Alert Script Attack |