Lista CVE - 2025 / Settembre

Visualizzazione 3801 - 3900 di 4322 CVE per Settembre 2025 (Pagina 39 di 44)

Torna alla Lista Precedente Successivo

ID CVE	Data	Titolo
CVE-2025-43816	2025-09-25	A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through...
CVE-2025-11005	2025-09-25	TOTOLINK X6000R Unauthenticated Command Injection Vulnerability
CVE-2025-10973	2025-09-25	JackieDYH Resume-management-system show.php sql injection
CVE-2025-26482	2025-09-25	Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.
CVE-2025-10974	2025-09-25	giantspatula SewKinect Endpoint calculate pickle.loads deserialization
CVE-2025-10975	2025-09-25	GuanxingLu vlarl ZeroMQ reasoning_server.py run_reasoning_server deserialization
CVE-2025-10976	2025-09-25	JeecgBoot getDepartUserList improper authorization
CVE-2025-10977	2025-09-25	JeecgBoot deleteBatch improper authorization
CVE-2025-10978	2025-09-25	JeecgBoot Filter exportXls improper authorization
CVE-2025-10979	2025-09-25	JeecgBoot exportXls improper authorization
CVE-2025-10980	2025-09-25	JeecgBoot exportXls improper authorization
CVE-2025-26258	2025-09-26	Sourcecodester Employee Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via 'Add Designation.'
CVE-2025-45994	2025-09-26	An issue in Aranda PassRecovery v1.0 allows attackers to enumerate valid user accounts in Active Directory via sending a crafted POST request to /user/existdirectory/1.
CVE-2025-55187	2025-09-26	In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges.
CVE-2025-55847	2025-09-26	Wavlink M86X3A_V240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit...
CVE-2025-55848	2025-09-26	An issue was discovered in DIR-823 firmware 20250416. There is an RCE vulnerability in the set_cassword settings interface, as the http_casswd parameter is not filtered by '&'to allow injection of...
CVE-2025-56383	2025-09-26	Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs...
CVE-2025-56463	2025-09-26	Mercusys MW305R 3.30 and below is has a Transport Layer Security (TLS) certificate private key disclosure.
CVE-2025-57292	2025-09-26	Todoist v8484 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata.
CVE-2025-57692	2025-09-26	PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.
CVE-2025-58384	2025-09-26	In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc administration interface.
CVE-2025-58385	2025-09-26	In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users (there is hard-coded and predictable data).
CVE-2025-59362	2025-09-26	Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.
CVE-2025-60017	2025-09-26	Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta).
CVE-2025-60250	2025-09-26	Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV.
CVE-2025-60251	2025-09-26	Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring.
CVE-2025-10981	2025-09-26	JeecgBoot exportXls improper authorization
CVE-2025-10987	2025-09-26	YunaiV yudao-cloud HTTP Request transfer improper authorization
CVE-2025-10988	2025-09-26	YunaiV ruoyi-vue-pro transfer improper authorization
CVE-2025-10989	2025-09-26	yangzongzhuan RuoYi selectAll improper authorization
CVE-2025-10992	2025-09-26	roncoo roncoo-pay lookupList improper authorization
CVE-2025-10993	2025-09-26	MuYuCMS Template Management admin.php code injection
CVE-2025-8906	2025-09-26	Widgets for Tiktok Feed <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-10178	2025-09-26	CM Business Directory <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-8200	2025-09-26	Mega Elements – Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget
CVE-2025-10752	2025-09-26	OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Cross-Site Request Forgery
CVE-2025-10994	2025-09-26	Open Babel gamessformat.cpp ReadMolecule use after free
CVE-2025-10995	2025-09-26	Open Babel zipstreamimpl.h underflow memory corruption
CVE-2025-10996	2025-09-26	Open Babel smilesformat.cpp ParseSmiles heap-based overflow
CVE-2025-10997	2025-09-26	Open Babel chemkinformat.cpp CheckSpecies heap-based overflow
CVE-2025-10998	2025-09-26	Open Babel chemkinformat.cpp ReadReactionQualifierLines null pointer dereference
CVE-2025-10999	2025-09-26	Open Babel cacaoformat.cpp SetHilderbrandt null pointer dereference
CVE-2025-10173	2025-09-26	ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 - Insufficient Authorization to Authenticated (Editor+) Settings Update
CVE-2025-10745	2025-09-26	Banhammer – Monitor Site Traffic, Block Bad Users and Bots <= 3.4.8 - Unauthenticated Protection Mechanism Bypass
CVE-2025-9044	2025-09-26	Mapster WP Maps <= 1.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-10377	2025-09-26	System Dashboard <= 2.8.20 - Cross-Site Request Forgery
CVE-2025-11000	2025-09-26	Open Babel PQSformat.cpp ReadMolecule null pointer dereference
CVE-2025-10037	2025-09-26	Featured Image from URL (FIFU) <= 5.2.7 - Authenticated (Admin+) SQL Injection
CVE-2025-9984	2025-09-26	Featured Image from URL (FIFU) <= 5.2.7 - Missing Authorization to Password Protected Post Disclosure
CVE-2025-9985	2025-09-26	Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File
CVE-2025-10036	2025-09-26	Featured Image from URL (FIFU) <= 5.2.7 - Authenticated (Admin+) SQL Injection
CVE-2025-10747	2025-09-26	WP-DownloadManager <= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload
CVE-2025-9490	2025-09-26	Popup Maker <= 1.20.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter
CVE-2025-10307	2025-09-26	Backuply – Backup, Restore, Migrate and Clone <= 1.4.8 - Authenticated (Admin+) Arbitrary File Deletion
CVE-2025-10137	2025-09-26	Snow Monkey <= 29.1.5 - Unauthenticated Blind Server-Side Request Forgery
CVE-2025-10180	2025-09-26	Markdown Shortcode <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-10136	2025-09-26	TweetThis Shortcode <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-10490	2025-09-26	Zephyr Project Manager <= 3.3.202 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2025-35027	2025-09-26	Unitree Multiple Robotic Products Command Injection
CVE-2025-54831	2025-09-26	Apache Airflow: Connection sensitive details exposed to users with READ permissions
CVE-2025-1396	2025-09-26	Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled
CVE-2025-1862	2025-09-26	Authenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code Execution
CVE-2025-59011	2025-09-26	WordPress Traveler Theme < 3.2.3 - Arbitrary Content Deletion Vulnerability
CVE-2025-59010	2025-09-26	WordPress Permalink Manager Lite Plugin <= 2.5.1.3 - Sensitive Data Exposure Vulnerability
CVE-2025-59002	2025-09-26	WordPress BM Content Builder Plugin < 3.16.3.3 - Arbitrary File Deletion Vulnerability
CVE-2025-59012	2025-09-26	WordPress Traveler theme < 3.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-58919	2025-09-26	WordPress Wide Banner plugin <= 1.0.4 - Broken Access Control vulnerability
CVE-2025-58917	2025-09-26	WordPress Quantities and Units for WooCommerce plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability
CVE-2025-58914	2025-09-26	WordPress Di Themes Demo Site Importer plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Plugin Activation vulnerability
CVE-2025-48326	2025-09-26	WordPress Acclectic Media Organizer Plugin <= 1.4 - Broken Access Control Vulnerability
CVE-2025-48107	2025-09-26	WordPress Uncode theme < 2.9.4.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-27006	2025-09-26	WordPress Authorsy Plugin <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-4957	2025-09-26	WordPress ProfileGrid plugin <= 5.9.5.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-60040	2025-09-26	WordPress wp-mpdf Plugin <= 3.9.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-60092	2025-09-26	WordPress Download Manager Plugin <= 3.3.24 - Sensitive Data Exposure Vulnerability
CVE-2025-60093	2025-09-26	WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-60094	2025-09-26	WordPress Stackable Plugin <= 3.18.1 - Broken Access Control Vulnerability
CVE-2025-60095	2025-09-26	WordPress Stackable Plugin <= 3.18.1 - Sensitive Data Exposure Vulnerability
CVE-2025-60096	2025-09-26	WordPress TheGem (Elementor) Theme <= 5.10.5 - Broken Access Control Vulnerability
CVE-2025-60097	2025-09-26	WordPress TheGem Theme <= 5.10.5 - Broken Access Control Vulnerability
CVE-2025-60098	2025-09-26	WordPress Theme My Login Plugin <= 7.1.12 - Broken Access Control Vulnerability
CVE-2025-60101	2025-09-26	WordPress Woostify Theme <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-60100	2025-09-26	WordPress XStore Theme <= 9.5.3 - Content Injection Vulnerability
CVE-2025-60099	2025-09-26	WordPress Embed Any Document Plugin <= 2.7.7 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-60102	2025-09-26	WordPress WPFront User Role Editor Plugin <= 4.2.3 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-60103	2025-09-26	WordPress ListingPro Plugin <= 2.9.8 - Broken Access Control Vulnerability
CVE-2025-60104	2025-09-26	WordPress Gallery Custom Links Plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-60105	2025-09-26	WordPress Ditty Plugin <= 3.1.58 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-60106	2025-09-26	WordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion Vulnerability
CVE-2025-60107	2025-09-26	WordPress LambertGroup - AllInOne - Banner with Playlist Plugin <= 3.8 - SQL Injection Vulnerability
CVE-2025-60108	2025-09-26	WordPress LambertGroup - AllInOne - Banner with Thumbnails Plugin <= 3.8 - SQL Injection Vulnerability
CVE-2025-60109	2025-09-26	WordPress LambertGroup - AllInOne - Content Slider Plugin <= 3.8 - SQL Injection Vulnerability
CVE-2025-60110	2025-09-26	WordPress AllInOne - Banner Rotator Plugin <= 3.8 - SQL Injection Vulnerability
CVE-2025-60111	2025-09-26	WordPress Javo Core Plugin <= 3.0.0.266 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-60112	2025-09-26	WordPress aThemes Addons for Elementor Plugin <= 1.1.3 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-60113	2025-09-26	WordPress Groovy Menu Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-60114	2025-09-26	WordPress YayCurrency Plugin <= 3.2 - Remote Code Execution (RCE) Vulnerability
CVE-2025-60115	2025-09-26	WordPress Instapage Plugin Plugin <= 3.5.12 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-60116	2025-09-26	WordPress Grand Conference Theme Custom Post Type Plugin <= 2.6.3 - Broken Access Control Vulnerability
CVE-2025-60117	2025-09-26	WordPress Vehica Core Plugin <= 1.0.100 - Cross Site Request Forgery (CSRF) Vulnerability