CVE List - 2025 / October
Showing 2601 - 2700 of 4280 CVEs for October 2025 (Page 27 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-6542 | 2025-10-21 | OS command injection in multiple parameters |
| CVE-2025-7850 | 2025-10-21 | Authenticated OS command execution |
| CVE-2025-7851 | 2025-10-21 | Unauthorized root access via debug functionality |
| CVE-2025-8078 | 2025-10-21 | A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions... |
| CVE-2025-9133 | 2025-10-21 | A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from... |
| CVE-2025-62699 | 2025-10-21 | Special:Translate tool does not use the correct IP and User-Agent in the CheckUser tool |
| CVE-2025-62696 | 2025-10-21 | Multiple critical security issues in Springboard |
| CVE-2025-62695 | 2025-10-21 | Stored XSS through system messages |
| CVE-2025-62694 | 2025-10-21 | Stored XSS through a system message |
| CVE-2025-62702 | 2025-10-21 | Stored XSS through system messages |
| CVE-2025-62701 | 2025-10-21 | Stored XSS through system messages |
| CVE-2025-10916 | 2025-10-21 | FormGent < 1.0.4 - Unauthenticated Arbitrary File Deletion |
| CVE-2025-12004 | 2025-10-21 | The compare API module breaks Extension:Lockdown |
| CVE-2025-11949 | 2025-10-21 | Digiwin|EasyFlow .NET and EasyFlow AiNet - Missing Authentication |
| CVE-2025-26392 | 2025-10-21 | SolarWinds Observability Self-Hosted SQL Injection Vulnerability |
| CVE-2025-10612 | 2025-10-21 | XSS in GiSoft's City Guide |
| CVE-2025-5496 | 2025-10-21 | Arbitrary File Deletion |
| CVE-2025-7473 | 2025-10-21 | XML Injection |
| CVE-2025-10639 | 2025-10-21 | Usage of Hardcoded FTP Credentials EfficientLab WorkExaminer Professional |
| CVE-2025-9428 | 2025-10-21 | SQL Injection |
| CVE-2025-10640 | 2025-10-21 | Missing Server-Side Authentication Checks in EfficientLab WorkExaminer Professional |
| CVE-2025-10641 | 2025-10-21 | Unencrypted cleartext communication in EfficientLab WorkExaminer Professional |
| CVE-2025-10020 | 2025-10-21 | Command Injection |
| CVE-2025-6239 | 2025-10-21 | Information disclosure |
| CVE-2025-11624 | 2025-10-21 | Buffer overwrite when processing file handles with the SFTP server |
| CVE-2025-11151 | 2025-10-21 | Information Disclosure in Beyaz Computer's CityPLus |
| CVE-2025-11625 | 2025-10-21 | Host verification bypass and credential leak |
| CVE-2025-9339 | 2025-10-21 | SQL Injection in SIMPLE.ERP |
| CVE-2020-36855 | 2025-10-21 | DCMTK dcmqrscp parseQuota stack-based overflow |
| CVE-2022-4981 | 2025-10-21 | DCMTK dcmqrscp dcmqrcnf.cc readPeerList null pointer dereference |
| CVE-2025-62250 | 2025-10-21 | Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and... |
| CVE-2025-22166 | 2025-10-21 | This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows... |
| CVE-2025-62518 | 2025-10-21 | astral-tokio-tar Vulnerable to PAX Header Desynchronization |
| CVE-2025-62595 | 2025-10-21 | Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic |
| CVE-2025-62597 | 2025-10-21 | WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'sql' |
| CVE-2025-62598 | 2025-10-21 | WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'action' |
| CVE-2025-62605 | 2025-10-21 | Mastodon quotes control can be bypassed |
| CVE-2025-11534 | 2025-10-21 | Authentication Bypass Using an Alternate Path or Channel in Raisecomm RAX701-GC Series |
| CVE-2025-8050 | 2025-10-21 | External Control of File vulnerability has been discovered in opentext Flipper. |
| CVE-2025-12031 | 2025-10-21 | HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute |
| CVE-2025-11757 | 2025-10-21 | Improper Neutralization of Wildcards or Matching Symbols in CloudEdge Online Cameras and App |
| CVE-2025-62249 | 2025-10-21 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through... |
| CVE-2025-62661 | 2025-10-21 | Do permission checking when getting counts of global and local edits, new articles and thanks |
| CVE-2025-50074 | 2025-10-21 | Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Security Management System). Supported versions that are affected are 2.9.0.0.0-7.2.0.0.0. Easily exploitable vulnerability... |
| CVE-2025-50075 | 2025-10-21 | Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Security Management System). Supported versions that are affected are 2.9.0.0.0-7.2.0.0.0. Easily exploitable vulnerability... |
| CVE-2025-53034 | 2025-10-21 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability... |
| CVE-2025-53035 | 2025-10-21 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability... |
| CVE-2025-53036 | 2025-10-21 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability... |
| CVE-2025-53037 | 2025-10-21 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability... |
| CVE-2025-53040 | 2025-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2025-53041 | 2025-10-21 | Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via... |
| CVE-2025-53042 | 2025-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2025-53043 | 2025-10-21 | Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2025-53044 | 2025-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2025-53045 | 2025-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2025-53046 | 2025-10-21 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Analytics). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2025-53047 | 2025-10-21 | Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via... |
| CVE-2025-53048 | 2025-10-21 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged... |
| CVE-2025-53049 | 2025-10-21 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Administration). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows high... |
| CVE-2025-53050 | 2025-10-21 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2025-53051 | 2025-10-21 | Vulnerability in the RDBMS Functional Index component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network... |
| CVE-2025-53052 | 2025-10-21 | Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2025-53053 | 2025-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2025-53054 | 2025-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2025-53055 | 2025-10-21 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2025-53056 | 2025-10-21 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Object and Environment Tech). Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2025-53057 | 2025-10-21 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE:... |
| CVE-2025-53058 | 2025-10-21 | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Application Logging Interfaces). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2025-53059 | 2025-10-21 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2025-53060 | 2025-10-21 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2025-53061 | 2025-10-21 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged... |
| CVE-2025-53062 | 2025-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2025-53063 | 2025-10-21 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged... |
| CVE-2025-53064 | 2025-10-21 | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access... |
| CVE-2025-53065 | 2025-10-21 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2025-53066 | 2025-10-21 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE:... |
| CVE-2025-53067 | 2025-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via... |
| CVE-2025-53068 | 2025-10-21 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the... |
| CVE-2025-53069 | 2025-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2025-53070 | 2025-10-21 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the... |
| CVE-2025-53071 | 2025-10-21 | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Upload Attachments). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2025-53072 | 2025-10-21 | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via... |
| CVE-2025-61748 | 2025-10-21 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE:... |
| CVE-2025-61749 | 2025-10-21 | Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access... |
| CVE-2025-61750 | 2025-10-21 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2025-61751 | 2025-10-21 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability... |
| CVE-2025-61752 | 2025-10-21 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2025-61753 | 2025-10-21 | Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP... |
| CVE-2025-61754 | 2025-10-21 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Service API). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2025-61755 | 2025-10-21 | Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit... |
| CVE-2025-61757 | 2025-10-21 | Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2025-61758 | 2025-10-21 | Vulnerability in the PeopleSoft Enterprise FIN IT Asset Management product of Oracle PeopleSoft (component: IT Asset Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low... |
| CVE-2025-61759 | 2025-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows low privileged attacker with logon... |
| CVE-2025-61760 | 2025-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Difficult to exploit vulnerability allows low privileged attacker with... |
| CVE-2025-61761 | 2025-10-21 | Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged... |
| CVE-2025-61762 | 2025-10-21 | Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Payables). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2025-61763 | 2025-10-21 | Vulnerability in Oracle Essbase (component: Essbase Web Platform). The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise... |
| CVE-2025-61764 | 2025-10-21 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2025-61881 | 2025-10-21 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access... |
| CVE-2025-61885 | 2025-10-21 | Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications (component: Web Server). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows low privileged... |