CVE List - 2025 / October
Showing 1701 - 1800 of 4280 CVEs for October 2025 (Page 18 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-46581 | 2025-10-14 | ZTE ZXCDN product has a Struts RCE Vulnerability |
| CVE-2025-20712 | 2025-10-14 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional... |
| CVE-2025-20711 | 2025-10-14 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional... |
| CVE-2025-20710 | 2025-10-14 | In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution... |
| CVE-2025-20709 | 2025-10-14 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional... |
| CVE-2025-20718 | 2025-10-14 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2025-20719 | 2025-10-14 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional... |
| CVE-2025-20720 | 2025-10-14 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional... |
| CVE-2025-20721 | 2025-10-14 | In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already... |
| CVE-2025-20713 | 2025-10-14 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor... |
| CVE-2025-20714 | 2025-10-14 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor... |
| CVE-2025-20722 | 2025-10-14 | In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained... |
| CVE-2025-20723 | 2025-10-14 | In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has... |
| CVE-2025-20715 | 2025-10-14 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor... |
| CVE-2025-20716 | 2025-10-14 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor... |
| CVE-2025-20717 | 2025-10-14 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor... |
| CVE-2025-20724 | 2025-10-14 | In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed.... |
| CVE-2011-20001 | 2025-10-14 | A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.3).... |
| CVE-2011-20002 | 2025-10-14 | A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.2), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.2).... |
| CVE-2025-40755 | 2025-10-14 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit... |
| CVE-2025-40765 | 2025-10-14 | A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote... |
| CVE-2025-40771 | 2025-10-14 | A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions <... |
| CVE-2025-40772 | 2025-10-14 | A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that... |
| CVE-2025-40773 | 2025-10-14 | A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an... |
| CVE-2025-40774 | 2025-10-14 | A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative... |
| CVE-2025-40809 | 2025-10-14 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The affected applications contains an out... |
| CVE-2025-40810 | 2025-10-14 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The affected applications contains an out... |
| CVE-2025-40811 | 2025-10-14 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The affected applications contains an out... |
| CVE-2025-40812 | 2025-10-14 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The affected applications contains an out... |
| CVE-2025-10228 | 2025-10-14 | Session Hijacking in Rolantis Information Technologies' Agentis |
| CVE-2025-9437 | 2025-10-14 | Rockwell Automation ArmorStart® AOP Denial-of-Service Vulnerability |
| CVE-2025-9066 | 2025-10-14 | Rockwell Automation FactoryTalk® ViewPoint XXE to Denial-of-Service Vulnerability |
| CVE-2025-9063 | 2025-10-14 | Rockwell Automation PanelView Plus 7 Performance Series B Authentication Bypass |
| CVE-2025-9064 | 2025-10-14 | Rockwell Automation FactoryTalk View Machine Edition Path Traversal |
| CVE-2025-9068 | 2025-10-14 | Rockwell Automation FactoryTalk® Linx Privilege Escalation Vulnerabilities |
| CVE-2025-9124 | 2025-10-14 | Rockwell Automation Compact GuardLogix® 5370 Denial-Of-Service Vulnerability |
| CVE-2025-9067 | 2025-10-14 | Rockwell Automation FactoryTalk® Linx Privilege Escalation Vulnerabilities |
| CVE-2025-11709 | 2025-10-14 | Out of bounds read/write in a privileged process triggered by WebGL textures |
| CVE-2025-11710 | 2025-10-14 | Cross-process information leaked due to malicious IPC messages |
| CVE-2025-11711 | 2025-10-14 | Some non-writable Object properties could be modified |
| CVE-2025-11714 | 2025-10-14 | Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 |
| CVE-2025-11708 | 2025-10-14 | Use-after-free in MediaTrackGraphImpl::GetInstance() |
| CVE-2025-11712 | 2025-10-14 | An OBJECT tag type attribute overrode browser behavior on web resources without a content-type |
| CVE-2025-11713 | 2025-10-14 | Potential user-assisted code execution in “Copy as cURL” command |
| CVE-2025-11715 | 2025-10-14 | Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 |
| CVE-2025-11716 | 2025-10-14 | Sandboxed iframes allowed links to open in external apps (Android only) |
| CVE-2025-11719 | 2025-10-14 | Use-after-free caused by the native messaging web extension API on Windows |
| CVE-2025-11721 | 2025-10-14 | Memory safety bug fixed in Firefox 144 and Thunderbird 144 |
| CVE-2025-11717 | 2025-10-14 | The password edit screen was not hidden in Android card view |
| CVE-2025-11718 | 2025-10-14 | Address bar could be spoofed on Android using visibilitychange |
| CVE-2025-11720 | 2025-10-14 | Spoofing risk in Android custom tabs |
| CVE-2025-7328 | 2025-10-14 | Rockwell Automation Comms - 1783-NATR Multiple Broken Authentication Vulnerabilities |
| CVE-2025-7329 | 2025-10-14 | Rockwell Automation Comms - 1783-NATR Stored Cross-Site Scripting Vulnerability |
| CVE-2025-11498 | 2025-10-14 | CSV Formula Injection Vulnerability |
| CVE-2025-10610 | 2025-10-14 | SQLi in SFS Winsure |
| CVE-2025-7330 | 2025-10-14 | Rockwell Automation 1783-NATR Cross-Site Request Forgery Vulnerability |
| CVE-2025-9177 | 2025-10-14 | Rockwell Automation 1715 EtherNet/IP Comms Module Denial-Of-Service Vulnerability |
| CVE-2025-9178 | 2025-10-14 | Rockwell Automation 1715 EtherNet/IP Comms Module Denial-Of-Service Vulnerability |
| CVE-2025-47856 | 2025-10-14 | Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiVoice version 7.2.0, 7.0.0 through 7.0.6 and before 6.4.10 allows a privileged... |
| CVE-2025-22831 | 2025-10-14 | Buffer Overflow in NTFS when parsing the VOLUME_NAME |
| CVE-2025-22832 | 2025-10-14 | Buffer Overflow in NTFS when parsing the ATTRIBUTE_LIST |
| CVE-2025-22833 | 2025-10-14 | FixupArray Pointer Validation in NTFS |
| CVE-2025-33044 | 2025-10-14 | exFat Memory Corruption Issue |
| CVE-2025-27906 | 2025-10-14 | IBM Content Navigator information disclosure |
| CVE-2025-10242 | 2025-10-14 | OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| CVE-2025-10243 | 2025-10-14 | OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| CVE-2025-10985 | 2025-10-14 | OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| CVE-2025-8428 | 2025-10-14 | XSS found in the HTTP loader widget |
| CVE-2025-10986 | 2025-10-14 | Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write data in unintended locations on... |
| CVE-2025-5946 | 2025-10-14 | RCE via the poller reload feature available only to user with high privilege |
| CVE-2024-44088 | 2025-10-14 | Apache Geode: Reflected XSS |
| CVE-2025-59428 | 2025-10-14 | EspoCRM allows arbitrary user creation via stored SVG injection and CSRF |
| CVE-2025-0033 | 2025-10-14 | Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity. |
| CVE-2025-62156 | 2025-10-14 | argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite |
| CVE-2025-54889 | 2025-10-14 | A user with elevated privileges can inject XSS in the SNMP traps manufacturer configuration page |
| CVE-2025-54892 | 2025-10-14 | A user with elevated privileges can inject XSS in the SNMP traps group configuration page |
| CVE-2025-62157 | 2025-10-14 | Argo Workflows exposes artifact repository credentials in workflow-controller logs |
| CVE-2025-54891 | 2025-10-14 | A user with elevated privileges can inject XSS in the ACL Resource Access configuration page |
| CVE-2025-62172 | 2025-10-14 | Home Assistant vulnerable to Stored XSS in Energy dashboard from Energy Entity Name |
| CVE-2024-48891 | 2025-10-14 | An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions... |
| CVE-2025-58903 | 2025-10-14 | An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http... |
| CVE-2025-58324 | 2025-10-14 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all... |
| CVE-2025-58325 | 2025-10-14 | An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to... |
| CVE-2025-49201 | 2025-10-14 | A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code... |
| CVE-2025-57741 | 2025-10-14 | An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or... |
| CVE-2025-47890 | 2025-10-14 | An URL Redirection to Untrusted Site vulnerabilities [CWE-601] in FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4... |
| CVE-2025-57740 | 2025-10-14 | An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version... |
| CVE-2025-25253 | 2025-10-14 | An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2... |
| CVE-2025-22258 | 2025-10-14 | A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy 7.6.0 through 7.6.1,... |
| CVE-2025-31366 | 2025-10-14 | An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] in FortiOS 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0... |
| CVE-2024-50571 | 2025-10-14 | A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15, 6.2.0 through 6.2.17, FortiManager Cloud 7.6.2, 7.4.1 through... |
| CVE-2023-46718 | 2025-10-14 | A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through... |
| CVE-2025-54973 | 2025-10-14 | A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows... |
| CVE-2024-47569 | 2025-10-14 | A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiVoice 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.7 through 6.0.12, FortiMail 7.4.0 through 7.4.2, 7.2.0... |
| CVE-2024-26008 | 2025-10-14 | An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0... |
| CVE-2025-25252 | 2025-10-14 | An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker... |
| CVE-2025-25255 | 2025-10-14 | An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0.1 through 7.0.21, and FortiOS 7.6.0 through 7.6.3 explicit web... |
| CVE-2025-57716 | 2025-10-14 | An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL... |
| CVE-2024-33507 | 2025-10-14 | An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may... |
| CVE-2025-59921 | 2025-10-14 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions... |