CVE List - 2025 / October
Showing 1001 - 1100 of 4280 CVEs for October 2025 (Page 11 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-53673 | 2025-10-07 | Bluetooth: hci_event: call disconnect callback before deleting conn |
| CVE-2023-53674 | 2025-10-07 | clk: Fix memory leak in devm_clk_notifier_register() |
| CVE-2023-53675 | 2025-10-07 | scsi: ses: Fix possible desc_ptr out-of-bounds accesses |
| CVE-2023-53676 | 2025-10-07 | scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() |
| CVE-2023-53677 | 2025-10-07 | drm/i915: Fix memory leaks in i915 selftests |
| CVE-2023-53678 | 2025-10-07 | drm/i915: Fix system suspend without fbdev being initialized |
| CVE-2023-53679 | 2025-10-07 | wifi: mt7601u: fix an integer underflow |
| CVE-2023-53680 | 2025-10-07 | NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL |
| CVE-2023-53681 | 2025-10-07 | bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent |
| CVE-2023-53682 | 2025-10-07 | hwmon: (xgene) Fix ioremap and memremap leak |
| CVE-2023-53683 | 2025-10-07 | fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() |
| CVE-2023-53684 | 2025-10-07 | xfrm: Zero padding when dumping algos and encap |
| CVE-2023-53685 | 2025-10-07 | tun: Fix memory leak for detached NAPI queue. |
| CVE-2023-53686 | 2025-10-07 | net/handshake: fix null-ptr-deref in handshake_nl_done_doit() |
| CVE-2023-53687 | 2025-10-07 | tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk |
| CVE-2025-11399 | 2025-10-07 | SourceCodester Hotel and Lodge Management System save_room.php sql injection |
| CVE-2025-11400 | 2025-10-07 | SourceCodester Hotel and Lodge Management System del_room.php sql injection |
| CVE-2025-11401 | 2025-10-07 | SourceCodester Hotel and Lodge Management System save_curr.php sql injection |
| CVE-2025-11402 | 2025-10-07 | SourceCodester Hotel and Lodge Management System del_curr.php sql injection |
| CVE-2025-36156 | 2025-10-07 | IBM InfoSphere Data Replication VSAM for z/OS Remote Source code execution |
| CVE-2025-43914 | 2025-10-07 | Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions... |
| CVE-2025-1826 | 2025-10-07 | IBM Jazz Foundation cross-site scripting |
| CVE-2025-43890 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023... |
| CVE-2025-11403 | 2025-10-07 | SourceCodester Hotel and Lodge Management System del_booking.php sql injection |
| CVE-2025-43906 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023... |
| CVE-2025-3450 | 2025-10-07 | Automation Runtime SDM requests may impact system |
| CVE-2025-43911 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023... |
| CVE-2025-8291 | 2025-10-07 | ZIP64 End of Central Directory (EOCD) Locator record offset not checked |
| CVE-2025-43907 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023... |
| CVE-2025-3448 | 2025-10-07 | XSS on SDM |
| CVE-2025-3449 | 2025-10-07 | Weak Session Token used in Automation Runtime SDM |
| CVE-2025-43908 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023... |
| CVE-2025-43934 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023... |
| CVE-2025-11404 | 2025-10-07 | SourceCodester Hotel and Lodge Management System save_tax.php sql injection |
| CVE-2025-43889 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4, LTS2024 release Versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through... |
| CVE-2025-43891 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023... |
| CVE-2025-43912 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023... |
| CVE-2025-61670 | 2025-10-07 | Wasmtime has memory leak in C API with `externref` and `anyref` types |
| CVE-2025-43913 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023... |
| CVE-2025-61776 | 2025-10-07 | Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org |
| CVE-2025-45375 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023... |
| CVE-2025-61784 | 2025-10-07 | LLaMA Factory's Chat API has Critical SSRF and LFI Vulnerabilities |
| CVE-2025-11405 | 2025-10-07 | SourceCodester Hotel and Lodge Management System del_tax.php sql injection |
| CVE-2025-43905 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023... |
| CVE-2025-11192 | 2025-10-07 | Fabric Engine (VOSS) AutoSense Authentication Bypass |
| CVE-2025-43909 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023... |
| CVE-2025-43910 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023... |
| CVE-2025-43727 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through... |
| CVE-2025-61910 | 2025-10-07 | NASA ION-DTN BPv7 4.1.3s Uncontrolled Memory Allocation that leads to Denial-of-Service |
| CVE-2025-36567 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through... |
| CVE-2025-11406 | 2025-10-07 | kaifangqian kaifangqian-base SysUserController.java getAllUsers information disclosure |
| CVE-2025-36569 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through... |
| CVE-2025-36566 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through... |
| CVE-2025-11462 | 2025-10-07 | Local Privilege Escalation Vulnerability in AWS Client VPN macOS Client |
| CVE-2025-6242 | 2025-10-07 | Vllm: server side request forgery (ssrf) in mediaconnector |
| CVE-2025-36565 | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through... |
| CVE-2025-11407 | 2025-10-07 | D-Link DI-7001 MINI upgrade_filter.asp os command injection |
| CVE-2025-11408 | 2025-10-07 | D-Link DI-7001 MINI dbsrv.asp buffer overflow |
| CVE-2025-11409 | 2025-10-07 | Campcodes Advanced Online Voting Management System index.php sql injection |
| CVE-2025-11410 | 2025-10-07 | Campcodes Advanced Online Voting Management System voters_add.php sql injection |
| CVE-2025-43823 | 2025-10-07 | Cross-site scripting (XSS) vulnerability in the Commerce Search Result widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4 before patch 6, 2023.Q3 before patch 9, and 7.4 GA... |
| CVE-2025-11412 | 2025-10-07 | GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds |
| CVE-2025-11413 | 2025-10-07 | GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds |
| CVE-2025-43822 | 2025-10-07 | Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote... |
| CVE-2025-11414 | 2025-10-07 | GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds |
| CVE-2025-11415 | 2025-10-07 | PHPGurukul Beauty Parlour Management System customer-list.php sql injection |
| CVE-2025-11416 | 2025-10-07 | PHPGurukul Beauty Parlour Management System invoices.php sql injection |
| CVE-2025-61996 | 2025-10-07 | OPEXUS FOIAXpress stored XSS via annual report template |
| CVE-2025-61997 | 2025-10-07 | OPEXUS FOIAXpress stored XSS via banner image |
| CVE-2025-61998 | 2025-10-07 | OPEXUS FOIAXpress stored XSS via Hyperlink Manager |
| CVE-2025-61999 | 2025-10-07 | OPEXUS FOIAXpress stored XSS via logo image |
| CVE-2025-11417 | 2025-10-07 | Campcodes Advanced Online Voting Management System voters_add.php unrestricted upload |
| CVE-2025-53967 | 2025-10-08 | Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is... |
| CVE-2025-57457 | 2025-10-08 | An OS Command Injection vulnerability in the Admin panel in Curo UC300 5.42.1.7.1.63R1 allows local attackers to inject arbitrary OS Commands via the "IP Addr" parameter. |
| CVE-2025-59303 | 2025-10-08 | HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret... |
| CVE-2025-60298 | 2025-10-08 | Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the... |
| CVE-2025-60299 | 2025-10-08 | Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying... |
| CVE-2025-60311 | 2025-10-08 | ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page |
| CVE-2025-60313 | 2025-10-08 | Sourcecodester Link Status Checker 1.0 is vulnerable to a Cross-Site Scripting (XSS) in the Enter URLs to check input field. This allows a remote attacker to execute arbitrary code. |
| CVE-2025-60314 | 2025-10-08 | Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting (XSS) due to the lack of input sanitization on the product name parameter (Nombre:Producto) allowing an authenticated... |
| CVE-2025-60318 | 2025-10-08 | SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the fname (First Name) and lname (Last Name) fields. |
| CVE-2025-60828 | 2025-10-08 | WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface. |
| CVE-2025-60830 | 2025-10-08 | redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key. |
| CVE-2025-60833 | 2025-10-08 | An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data. |
| CVE-2025-60834 | 2025-10-08 | A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input. |
| CVE-2025-61183 | 2025-10-08 | Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar() method of UserBase.php |
| CVE-2025-61524 | 2025-10-08 | An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system... |
| CVE-2025-11418 | 2025-10-08 | Tenda CH22 HTTP Request AdvSetWrlsafeset formWrlsafeset stack-based overflow |
| CVE-2025-11420 | 2025-10-08 | code-projects E-Commerce Website edit_order_details.php sql injection |
| CVE-2025-61785 | 2025-10-08 | Deno's --deny-write check does not prevent permission bypass |
| CVE-2025-48981 | 2025-10-08 | An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for... |
| CVE-2025-61786 | 2025-10-08 | Deno's --deny-read check does not prevent permission bypass |
| CVE-2025-61787 | 2025-10-08 | Deno is Vulnerable to Command Injection on Windows During Batch File Execution |
| CVE-2025-11421 | 2025-10-08 | code-projects Voting System candidates_edit.php cross site scripting |
| CVE-2025-11422 | 2025-10-08 | Campcodes Advanced Online Voting Management System login.php sql injection |
| CVE-2025-11423 | 2025-10-08 | Tenda CH22 SafeEmailFilter formSafeEmailFilter memory corruption |
| CVE-2025-11424 | 2025-10-08 | code-projects Web-Based Inventory and POS System login.php sql injection |
| CVE-2025-11425 | 2025-10-08 | projectworlds Advanced Library Management System edit_admin.php cross site scripting |
| CVE-2025-11426 | 2025-10-08 | projectworlds Advanced Library Management System edit_book.php unrestricted upload |
| CVE-2025-10494 | 2025-10-08 | Motors – Car Dealership & Classified Listings Plugin <= 1.4.89 - Authenticated (Subscriber+) Arbitrary File Deletion |