Lista CVE - 2025 / Settembre
Visualizzazione 801 - 900 di 4322 CVE per Settembre 2025 (Pagina 9 di 44)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-58887 | 2025-09-05 | WordPress Course Booking Platform Plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-10011 | 2025-09-05 | Portabilis i-Educar edit sql injection |
| CVE-2025-10012 | 2025-09-05 | Portabilis i-Educar educar_historico_escolar_lst.php sql injection |
| CVE-2025-10013 | 2025-09-05 | Portabilis i-Educar exportacao-para-o-seb access control |
| CVE-2024-0028 | 2025-09-05 | In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. This could lead to local escalation of privilege... |
| CVE-2025-26434 | 2025-09-05 | In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2025-26461 | 2025-09-05 | In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error... |
| CVE-2025-32316 | 2025-09-05 | In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2025-32317 | 2025-09-05 | In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2025-32318 | 2025-09-05 | In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed.... |
| CVE-2025-32320 | 2025-09-05 | In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-57889 | 2025-09-05 | WordPress InPost Gallery Plugin <= 2.1.4.5 - Local File Inclusion Vulnerability |
| CVE-2025-54744 | 2025-09-05 | WordPress MasterStudy LMS Plugin <= 3.6.15 - Broken Access Control Vulnerability |
| CVE-2025-53307 | 2025-09-05 | WordPress Assistant Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49401 | 2025-09-05 | WordPress Quiz And Survey Master Plugin <= 10.2.5 - PHP Object Injection Vulnerability |
| CVE-2025-48317 | 2025-09-05 | WordPress WooCommerce Payment Gateway for Saferpay Plugin <= 0.4.9 - Path Traversal Vulnerability |
| CVE-2025-48105 | 2025-09-05 | WordPress Easy Flash Embed plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48104 | 2025-09-05 | WordPress Floating Window Music Player plugin <= 3.4.2 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48103 | 2025-09-05 | WordPress Today's Date Inserter plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48102 | 2025-09-05 | WordPress GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-58628 | 2025-09-05 | WordPress Miraculous Theme < 2.0.9 - SQL Injection Vulnerability |
| CVE-2025-58214 | 2025-09-05 | WordPress Indutri Theme < 1.3.0 - Local File Inclusion Vulnerability |
| CVE-2025-58206 | 2025-09-05 | WordPress MaxCoach Theme <= 3.2.5 - Local File Inclusion Vulnerability |
| CVE-2025-53571 | 2025-09-05 | WordPress HAPPY Plugin <= 1.0.6 - Broken Access Control Vulnerability |
| CVE-2025-27003 | 2025-09-05 | WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-9998 | 2025-09-05 | Improper validation of packets sequencing |
| CVE-2025-9999 | 2025-09-05 | Improper validation of payload elements |
| CVE-2025-9709 | 2025-09-05 | NRF52810 Runtime EM Fault Injection APPROTECT Bypass |
| CVE-2025-38731 | 2025-09-05 | drm/xe: Fix vm_bind_ioctl double free bug |
| CVE-2025-38732 | 2025-09-05 | netfilter: nf_reject: don't leak dst refcount for loopback packets |
| CVE-2025-38733 | 2025-09-05 | s390/mm: Do not map lowcore with identity mapping |
| CVE-2025-38734 | 2025-09-05 | net/smc: fix UAF on smcsk after smc_listen_out() |
| CVE-2025-38735 | 2025-09-05 | gve: prevent ethtool ops after shutdown |
| CVE-2025-38736 | 2025-09-05 | net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization |
| CVE-2025-38737 | 2025-09-05 | cifs: Fix oops due to uninitialised variable |
| CVE-2025-39673 | 2025-09-05 | ppp: fix race conditions in ppp_fill_forward_path |
| CVE-2025-39674 | 2025-09-05 | scsi: ufs: ufs-qcom: Fix ESI null pointer dereference |
| CVE-2025-39675 | 2025-09-05 | drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() |
| CVE-2025-39676 | 2025-09-05 | scsi: qla4xxx: Prevent a potential error pointer dereference |
| CVE-2025-39677 | 2025-09-05 | net/sched: Fix backlog accounting in qdisc_dequeue_internal |
| CVE-2025-39678 | 2025-09-05 | platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL |
| CVE-2025-39679 | 2025-09-05 | drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). |
| CVE-2025-39680 | 2025-09-05 | i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer |
| CVE-2025-39681 | 2025-09-05 | x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper |
| CVE-2025-39682 | 2025-09-05 | tls: fix handling of zero-length records on the rx_list |
| CVE-2025-39683 | 2025-09-05 | tracing: Limit access to parser->buffer when trace_get_user failed |
| CVE-2025-39684 | 2025-09-05 | comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() |
| CVE-2025-39685 | 2025-09-05 | comedi: pcl726: Prevent invalid irq number |
| CVE-2025-39686 | 2025-09-05 | comedi: Make insn_rw_emulate_bits() do insn->n samples |
| CVE-2025-39687 | 2025-09-05 | iio: light: as73211: Ensure buffer holes are zeroed |
| CVE-2025-39689 | 2025-09-05 | ftrace: Also allocate and copy hash for reading of filter files |
| CVE-2025-39690 | 2025-09-05 | iio: accel: sca3300: fix uninitialized iio scan data |
| CVE-2025-39691 | 2025-09-05 | fs/buffer: fix use-after-free when call bh_read() helper |
| CVE-2025-39692 | 2025-09-05 | smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() |
| CVE-2025-39693 | 2025-09-05 | drm/amd/display: Avoid a NULL pointer dereference |
| CVE-2025-39694 | 2025-09-05 | s390/sclp: Fix SCCB present check |
| CVE-2025-39695 | 2025-09-05 | RDMA/rxe: Flush delayed SKBs while releasing RXE resources |
| CVE-2025-39696 | 2025-09-05 | ALSA: hda: tas2781: Fix wrong reference of tasdevice_priv |
| CVE-2025-39697 | 2025-09-05 | NFS: Fix a race when updating an existing write |
| CVE-2025-39698 | 2025-09-05 | io_uring/futex: ensure io_futex_wait() cleans up properly on failure |
| CVE-2025-39699 | 2025-09-05 | iommu/riscv: prevent NULL deref in iova_to_phys |
| CVE-2025-39700 | 2025-09-05 | mm/damon/ops-common: ignore migration request to invalid nodes |
| CVE-2025-39701 | 2025-09-05 | ACPI: pfr_update: Fix the driver update version check |
| CVE-2025-39702 | 2025-09-05 | ipv6: sr: Fix MAC comparison to be constant-time |
| CVE-2025-39703 | 2025-09-05 | net, hsr: reject HSR frame if skb can't hold tag |
| CVE-2025-39704 | 2025-09-05 | LoongArch: KVM: Fix stack protector issue in send_ipi_data() |
| CVE-2025-39705 | 2025-09-05 | drm/amd/display: fix a Null pointer dereference vulnerability |
| CVE-2025-39706 | 2025-09-05 | drm/amdkfd: Destroy KFD debugfs after destroy KFD wq |
| CVE-2025-39707 | 2025-09-05 | drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities |
| CVE-2025-39708 | 2025-09-05 | media: iris: Fix NULL pointer dereference |
| CVE-2025-39709 | 2025-09-05 | media: venus: protect against spurious interrupts during probe |
| CVE-2025-39710 | 2025-09-05 | media: venus: Add a check for packet size after reading from shared memory |
| CVE-2025-39711 | 2025-09-05 | media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls |
| CVE-2025-39712 | 2025-09-05 | media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval |
| CVE-2025-39713 | 2025-09-05 | media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() |
| CVE-2025-39714 | 2025-09-05 | media: usbtv: Lock resolution while streaming |
| CVE-2025-39715 | 2025-09-05 | parisc: Revise gateway LWS calls to probe user read access |
| CVE-2025-39716 | 2025-09-05 | parisc: Revise __get_user() to probe user read access |
| CVE-2025-39717 | 2025-09-05 | open_tree_attr: do not allow id-mapping changes without OPEN_TREE_CLONE |
| CVE-2025-39718 | 2025-09-05 | vsock/virtio: Validate length in packet header before skb_put() |
| CVE-2025-39719 | 2025-09-05 | iio: imu: bno055: fix OOB access of hw_xlate array |
| CVE-2025-39720 | 2025-09-05 | ksmbd: fix refcount leak causing resource not released |
| CVE-2025-39721 | 2025-09-05 | crypto: qat - flush misc workqueue during device shutdown |
| CVE-2025-39722 | 2025-09-05 | crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP |
| CVE-2025-39723 | 2025-09-05 | netfs: Fix unbuffered write error handling |
| CVE-2025-39724 | 2025-09-05 | serial: 8250: fix panic due to PSLVERR |
| CVE-2025-39725 | 2025-09-05 | mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list |
| CVE-2025-39726 | 2025-09-05 | s390/ism: fix concurrency management in ism_cmd() |
| CVE-2025-10014 | 2025-09-05 | elunez eladmin Email Address updateEmail updateUserEmail improper authorization |
| CVE-2025-30200 | 2025-09-05 | ECOVACS Vacuum and Base Station Hard-Coded AES Encryption |
| CVE-2025-35451 | 2025-09-05 | Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled |
| CVE-2025-30199 | 2025-09-05 | ECOVACS Vacuum and Base Station accept unsigned firmware |
| CVE-2025-30198 | 2025-09-05 | ECOVACS Vacuum and Base Station Hard-Coded WPA2-PSK |
| CVE-2025-35452 | 2025-09-05 | Pan-Tilt-Zoom cameras default administrative credentials for web interface |
| CVE-2025-9057 | 2025-09-05 | Biagiotti Core <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-10025 | 2025-09-05 | PHPGurukul Online Course Registration semester.php sql injection |
| CVE-2025-9566 | 2025-09-05 | Podman: podman kube play command may overwrite host files |
| CVE-2025-10044 | 2025-09-05 | Keycloak: keycloak error_description injection on error pages |
| CVE-2025-10026 | 2025-09-05 | itsourcecode POS Point of Sale System -complex_header.php cross site scripting |
| CVE-2025-10059 | 2025-09-05 | MongoDB Server router will crash when incorrect lsid is set on a sharded query |