CVE List - 2025 / October
Showing 2701 - 2800 of 4280 CVEs for October 2025 (Page 28 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-62287 | 2025-10-21 | Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications (component: Web Server). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2025-62288 | 2025-10-21 | Vulnerability in the Oracle Health Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Logger). Supported versions that are affected are 3.4.0.1.3 and 3.4.1.0.10. Easily exploitable vulnerability allows... |
| CVE-2025-62289 | 2025-10-21 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesystems). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2025-62290 | 2025-10-21 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2025-62475 | 2025-10-21 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2025-62476 | 2025-10-21 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2025-62477 | 2025-10-21 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2025-62478 | 2025-10-21 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2025-62479 | 2025-10-21 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2025-62480 | 2025-10-21 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Naming Subsystem). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2025-62481 | 2025-10-21 | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via... |
| CVE-2025-62587 | 2025-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon... |
| CVE-2025-62588 | 2025-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon... |
| CVE-2025-62589 | 2025-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon... |
| CVE-2025-62590 | 2025-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon... |
| CVE-2025-62591 | 2025-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon... |
| CVE-2025-62592 | 2025-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon... |
| CVE-2025-62641 | 2025-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon... |
| CVE-2025-61756 | 2025-10-21 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: System Configuration). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable... |
| CVE-2023-53691 | 2025-10-22 | Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025. |
| CVE-2024-58274 | 2025-10-22 | Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and... |
| CVE-2025-56447 | 2025-10-22 | TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure. |
| CVE-2025-60331 | 2025-10-22 | D-Link DIR-823G A1 v1.0.2B05 was discovered to contain a buffer overflow in the FillMacCloneMac parameter in the /EXCU_SHELL endpoint. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2025-60332 | 2025-10-22 | A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1.0.2B05 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| CVE-2025-60333 | 2025-10-22 | TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the wepkey2 parameter in the setWiFiMultipleConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-60334 | 2025-10-22 | TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the ssid parameter in the setWiFiBasicConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-60335 | 2025-10-22 | A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| CVE-2025-60336 | 2025-10-22 | A NULL pointer dereference in the sub_41773C function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| CVE-2025-60337 | 2025-10-22 | Tenda AC6 V2.0 15.03.06.50 was discovered to contain a buffer overflow in the speed_dir parameter in the SetSpeedWan function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2025-60338 | 2025-10-22 | Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the DhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2025-60339 | 2025-10-22 | Multiple buffer overflow vulnerabilities in the openSchedWifi function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the schedStartTime and... |
| CVE-2025-60340 | 2025-10-22 | Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the limitSpeed, deviceId, and... |
| CVE-2025-60341 | 2025-10-22 | Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2025-60342 | 2025-10-22 | Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the addressNat function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2025-60343 | 2025-10-22 | Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the wanMTU, wanSpeed, cloneType,... |
| CVE-2025-61035 | 2025-10-22 | The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incorrect default permissions given to the .kimlik file and .seffaflik file, which is created with mode 0777 and 0775... |
| CVE-2025-62771 | 2025-10-22 | Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks. |
| CVE-2025-62772 | 2025-10-22 | On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases. |
| CVE-2025-62773 | 2025-10-22 | Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator. |
| CVE-2025-62774 | 2025-10-22 | On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps. |
| CVE-2025-62775 | 2025-10-22 | Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password. |
| CVE-2025-22167 | 2025-10-22 | This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary... |
| CVE-2025-10651 | 2025-10-22 | Welcart e-Commerce <= 2.11.22 - Authenticated (Editor+) Stored Cross-Site Scripting via order_mail |
| CVE-2025-10638 | 2025-10-22 | NS Maintenance Mode for WP <= 1.3.1 - Unauthenticated Subscribers Export |
| CVE-2025-5983 | 2025-10-22 | Meta Tag Manager < 3.3 - Contributor+ Open Redirect |
| CVE-2025-10588 | 2025-10-22 | PixelYourSite <= 11.1.2 – Cross-Site Request Forgery to GDPR Options Modification |
| CVE-2025-12033 | 2025-10-22 | Simple Banner <= 3.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-10570 | 2025-10-22 | Flexible Refund and Return Order for WooCommerce <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund |
| CVE-2025-41719 | 2025-10-22 | Sauter: Improper Validation of user-controlled data |
| CVE-2025-41720 | 2025-10-22 | Sauter: Arbitrary File Upload |
| CVE-2025-41721 | 2025-10-22 | Sauter: Command Injection |
| CVE-2025-41722 | 2025-10-22 | Sauter: Hard-coded Authentication Credentials |
| CVE-2025-41723 | 2025-10-22 | Sauter: Directory Traversal in importFile SOAP Method |
| CVE-2025-41724 | 2025-10-22 | Sauter: Crash via Incomplete SOAP Request |
| CVE-2025-41108 | 2025-10-22 | Improper Authentication vulnerability in Ghost Robotics' Vision 60 |
| CVE-2025-41109 | 2025-10-22 | Use of Hard-coded Credentials vulnerability in Ghost Robotics' Vision 60 |
| CVE-2025-41110 | 2025-10-22 | Improper Authentication vulnerability in Ghost Robotics' Vision 60 |
| CVE-2025-11952 | 2025-10-22 | Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot |
| CVE-2025-11834 | 2025-10-22 | WP AD Gallery <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11804 | 2025-10-22 | JB News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11872 | 2025-10-22 | Material Design Iconic Font Integration <= 2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11809 | 2025-10-22 | WP-Force Images Download <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11878 | 2025-10-22 | ST Categories Widget <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11827 | 2025-10-22 | Oboxmedia Ads <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-10138 | 2025-10-22 | This-or-That by André Boekhorst <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11807 | 2025-10-22 | Mixlr Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11818 | 2025-10-22 | WP Responsive Meet The Team <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11810 | 2025-10-22 | Print Button Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11813 | 2025-10-22 | Responsive iframe GoogleMap <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11811 | 2025-10-22 | Simple Youtube Shortcode <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11880 | 2025-10-22 | SM CountDown Widget <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11830 | 2025-10-22 | WP Restaurant Listings <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11866 | 2025-10-22 | Photographers galleries <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11824 | 2025-10-22 | Cinza Grid <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Skin Content Field |
| CVE-2025-11819 | 2025-10-22 | WP-Thumbnail <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11867 | 2025-10-22 | Bg Book Publisher <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11870 | 2025-10-22 | Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11817 | 2025-10-22 | Simple Tableau Viz <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11883 | 2025-10-22 | Responsive Progress Bar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-10047 | 2025-10-22 | Email Tracker <= 5.3.12 - Authenticated (Admin+) SQL Injection |
| CVE-2025-11825 | 2025-10-22 | Playerzbr <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via URL Meta Field |
| CVE-2025-11915 | 2025-10-22 | HTTP Desynchronisation in Vertex AI for certain third-party models |
| CVE-2025-6833 | 2025-10-22 | All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Clocking In/Out |
| CVE-2025-11086 | 2025-10-22 | Academy LMS Pro <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon |
| CVE-2025-11411 | 2025-10-22 | Possible domain hijacking via promiscuous records in the authority section |
| CVE-2025-11750 | 2025-10-22 | User Enumeration via Distinct Error Messages in langgenius/dify-web |
| CVE-2025-11844 | 2025-10-22 | XPath Injection in Hugging Face Smolagents search_item_ctrl_f Function |
| CVE-2022-50556 | 2025-10-22 | drm: Fix potential null-ptr-deref due to drmm_mode_config_init() |
| CVE-2022-50557 | 2025-10-22 | pinctrl: thunderbay: fix possible memory leak in thunderbay_build_functions() |
| CVE-2022-50558 | 2025-10-22 | regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode |
| CVE-2022-50559 | 2025-10-22 | clk: imx: scu: fix memleak on platform_device_add() fails |
| CVE-2022-50560 | 2025-10-22 | drm/meson: explicitly remove aggregate driver at module unload time |
| CVE-2022-50561 | 2025-10-22 | iio: fix memory leak in iio_device_register_eventset() |
| CVE-2022-50562 | 2025-10-22 | tpm: acpi: Call acpi_put_table() to fix memory leak |
| CVE-2022-50563 | 2025-10-22 | dm thin: Fix UAF in run_timer_softirq() |
| CVE-2022-50564 | 2025-10-22 | s390/netiucv: Fix return type of netiucv_tx() |
| CVE-2022-50565 | 2025-10-22 | wifi: plfxlc: fix potential memory leak in __lf_x_usb_enable_rx() |
| CVE-2022-50566 | 2025-10-22 | mtd: Fix device name leak when register device failed in add_mtd_device() |
| CVE-2022-50567 | 2025-10-22 | fs: jfs: fix shift-out-of-bounds in dbAllocAG |
| CVE-2022-50568 | 2025-10-22 | usb: gadget: f_hid: fix f_hidg lifetime vs cdev |