CVE List - 2025 / October
Showing 1101 - 1200 of 4280 CVEs for October 2025 (Page 12 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-10587 | 2025-10-08 | Community Events <= 1.5.1 - Unauthenticated SQL Injection |
| CVE-2025-11430 | 2025-10-08 | SourceCodester Simple E-Commerce Bookstore cart.php sql injection |
| CVE-2025-11431 | 2025-10-08 | code-projects Web-Based Inventory and POS System transaction.php sql injection |
| CVE-2025-11204 | 2025-10-08 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection |
| CVE-2025-11432 | 2025-10-08 | itsourcecode Leave Management System reset.php sql injection |
| CVE-2025-11433 | 2025-10-08 | itsourcecode Leave Management System Query Parameter controller.php redirect cross site scripting |
| CVE-2025-11434 | 2025-10-08 | itsourcecode Student Transcript Processing System login.php sql injection |
| CVE-2025-11171 | 2025-10-08 | Chartify – WordPress Chart Plugin <= 3.5.9 - Missing Authentication for Administrative Function |
| CVE-2025-11435 | 2025-10-08 | JhumanJ OpnForm submissions cross site scripting |
| CVE-2025-11436 | 2025-10-08 | JhumanJ OpnForm answer unrestricted upload |
| CVE-2025-10635 | 2025-10-08 | Find Me On <= 2.0.9.1 - Subscriber+ SQL Injection |
| CVE-2025-11437 | 2025-10-08 | JhumanJ OpnForm Form Editor forms cross site scripting |
| CVE-2025-11438 | 2025-10-08 | JhumanJ OpnForm API Endpoint custom-domains authorization |
| CVE-2025-11439 | 2025-10-08 | JhumanJ OpnForm integrations authorization |
| CVE-2025-48464 | 2025-10-08 | Exposure of Sensitive Information |
| CVE-2025-11440 | 2025-10-08 | JhumanJ OpnForm edit access control |
| CVE-2025-11441 | 2025-10-08 | JhumanJ OpnForm HTTP Header excessive authentication |
| CVE-2025-11442 | 2025-10-08 | JhumanJ OpnForm API Endpoint cross-site request forgery |
| CVE-2025-11443 | 2025-10-08 | JhumanJ OpnForm Forgotten Password email information exposure |
| CVE-2025-11444 | 2025-10-08 | TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow |
| CVE-2025-11445 | 2025-10-08 | Kilo Code Prompt ClineProvider.ts ClineProvider injection |
| CVE-2025-11469 | 2025-10-08 | SourceCodester Hotel and Lodge Management System save_customer.php sql injection |
| CVE-2025-11470 | 2025-10-08 | SourceCodester Hotel and Lodge Management System manage_website.php unrestricted upload |
| CVE-2025-10351 | 2025-10-08 | SQL injection vulnerability in Melis Platform |
| CVE-2025-10352 | 2025-10-08 | Missing Authorization vulnerability in Melis Platform |
| CVE-2025-10353 | 2025-10-08 | Missing Authorization vulnerability in Melis Platform |
| CVE-2025-10649 | 2025-10-08 | Welcart e-Commerce <= 2.11.21 - Authenticated (Author+) SQL Injection via Cookie |
| CVE-2025-11471 | 2025-10-08 | SourceCodester Hotel and Lodge Management System edit_customer.php sql injection |
| CVE-2025-11472 | 2025-10-08 | SourceCodester Hotel and Lodge Management System edit_room.php sql injection |
| CVE-2025-11473 | 2025-10-08 | SourceCodester Hotel and Lodge Management System edit_curr.php sql injection |
| CVE-2025-11474 | 2025-10-08 | SourceCodester Hotel and Lodge Management System edit_booking.php sql injection |
| CVE-2025-43821 | 2025-10-08 | Cross-site scripting (XSS) vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through... |
| CVE-2025-11475 | 2025-10-08 | projectworlds Advanced Library Management System view_member.php sql injection |
| CVE-2025-43830 | 2025-10-08 | Stored cross-site scripting (XSS) vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA... |
| CVE-2025-11476 | 2025-10-08 | SourceCodester Simple E-Commerce Bookstore index.php sql injection |
| CVE-2025-43829 | 2025-10-08 | Stored cross-site scripting (XSS) vulnerability in diagram type products in Commerce in Liferay Portal 7.4.3.18 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 18... |
| CVE-2025-11477 | 2025-10-08 | SourceCodester Wedding Reservation Management System global.php sql injection |
| CVE-2025-11478 | 2025-10-08 | SourceCodester Farm Management System myCart.php sql injection |
| CVE-2025-43771 | 2025-10-08 | Multiple cross-site scripting (XSS) vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject... |
| CVE-2025-11479 | 2025-10-08 | SourceCodester Wedding Reservation Management System function.php insertReservation sql injection |
| CVE-2025-11480 | 2025-10-08 | SourceCodester Simple E-Commerce Bookstore register.php sql injection |
| CVE-2025-43724 | 2025-10-08 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized... |
| CVE-2025-61672 | 2025-10-08 | Synapse: Invalid device keys degrade federation functionality |
| CVE-2025-36636 | 2025-10-08 | Improper Access Control |
| CVE-2025-5009 | 2025-10-08 | Information Disclosure in Gemini iOS App |
| CVE-2025-11481 | 2025-10-08 | varunsardana004 Blood-Bank-And-Donation-Management-System donate_blood.php sql injection |
| CVE-2025-9970 | 2025-10-08 | Application credential stored in clear text in memory |
| CVE-2025-11485 | 2025-10-08 | SourceCodester Student Grades Management System Manage Users admin.php add_user cross site scripting |
| CVE-2025-11486 | 2025-10-08 | SourceCodester Farm Management System buyNow.php sql injection |
| CVE-2025-9868 | 2025-10-08 | Nexus Repository 2 - SSRF Vulnerability in Remote Browser Plugin |
| CVE-2025-42706 | 2025-10-08 | CrowdStrike Falcon Sensor for Windows Logic Error |
| CVE-2025-42701 | 2025-10-08 | CrowdStrike Falcon Sensor for Windows Race Condition |
| CVE-2025-11487 | 2025-10-08 | SourceCodester Farm Management System uploadProduct.php sql injection |
| CVE-2025-11488 | 2025-10-08 | D-Link DIR-852 HNAP1 command injection |
| CVE-2025-11489 | 2025-10-08 | wonderwhy-er DesktopCommanderMCP filesystem.ts isPathAllowed symlink |
| CVE-2025-61788 | 2025-10-08 | Opencast Paella Player 7 vulnerable to Cross-Site-Scripting |
| CVE-2025-61906 | 2025-10-08 | Opencast's editor accidentally publishes videos/overwrites publications #1626 |
| CVE-2025-11490 | 2025-10-08 | wonderwhy-er DesktopCommanderMCP Absolute Path command-manager.ts extractBaseCommand os command injection |
| CVE-2025-11491 | 2025-10-08 | wonderwhy-er DesktopCommanderMCP command-manager.ts CommandManager os command injection |
| CVE-2025-11494 | 2025-10-08 | GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds |
| CVE-2025-11495 | 2025-10-08 | GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow |
| CVE-2025-11503 | 2025-10-08 | PHPGurukul Beauty Parlour Management System manage-services.php sql injection |
| CVE-2025-11505 | 2025-10-08 | PHPGurukul Beauty Parlour Management System new-appointment.php sql injection |
| CVE-2025-11506 | 2025-10-08 | PHPGurukul Beauty Parlour Management System search-appointment.php sql injection |
| CVE-2025-11507 | 2025-10-08 | PHPGurukul Beauty Parlour Management System search-invoices.php sql injection |
| CVE-2017-20201 | 2025-10-08 | CCleaner v5.33.6162 & CCleaner Cloud v1.07.3191 Malicious Backdoor Supply Chain Compromise |
| CVE-2017-20202 | 2025-10-08 | Web Developer for Chrome v0.4.9 Malicious Backdoor Supply Chain Compromise |
| CVE-2025-11535 | 2025-10-08 | MongoDB Connector for BI installation MSI leave ACLs unset on custom installation directories |
| CVE-2025-11508 | 2025-10-08 | code-projects Voting System voters_add.php unrestricted upload |
| CVE-2025-11509 | 2025-10-08 | code-projects E-Commerce Website product_add.php sql injection |
| CVE-2025-61913 | 2025-10-08 | Flowise is vulnerable to arbitrary file read, arbitrary file write |
| CVE-2025-11511 | 2025-10-08 | code-projects E-Commerce Website supplier_add.php sql injection |
| CVE-2025-11512 | 2025-10-08 | code-projects Voting System voters_add.php cross site scripting |
| CVE-2025-11513 | 2025-10-08 | code-projects E-Commerce Website supplier_update.php sql injection |
| CVE-2025-45095 | 2025-10-09 | Lavasoft Web Companion (also known as Ad-Aware WebCompanion) versions 8.9.0.1091 through 12.1.3.1037 installs the DCIService.exe service with an unquoted service path vulnerability. An attacker with write access to the file... |
| CVE-2025-56426 | 2025-10-09 | An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly. |
| CVE-2025-56683 | 2025-10-09 | A cross-site scripting (XSS) vulnerability in the component /app/marketplace.html of Logseq v0.10.9 allows attackers to execute arbitrary code via injecting arbitrary Javascript into a crafted README.md file. |
| CVE-2025-60265 | 2025-10-09 | In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability. |
| CVE-2025-60266 | 2025-10-09 | In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability. |
| CVE-2025-60267 | 2025-10-09 | In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability. |
| CVE-2025-60302 | 2025-10-09 | code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting (XSS). When adding customer information, the client details system fills in malicious JavaScript code in the username field. |
| CVE-2025-60304 | 2025-10-09 | code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Subject Description field. |
| CVE-2025-60316 | 2025-10-09 | SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/view_customer.php via the ID parameter. |
| CVE-2025-60375 | 2025-10-09 | The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request,... |
| CVE-2025-61532 | 2025-10-09 | Cross Site Scripting vulnerability in SVX Portal v.2.7A to execute arbitrary code via the TG parameter on last_heard_page.php component |
| CVE-2025-61577 | 2025-10-09 | D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2025-11514 | 2025-10-09 | code-projects Online Complaint Site index.php sql injection |
| CVE-2025-11515 | 2025-10-09 | code-projects Online Complaint Site register-complaint.php sql injection |
| CVE-2025-11516 | 2025-10-09 | code-projects Online Complaint Site complaint-details.php sql injection |
| CVE-2025-11523 | 2025-10-09 | Tenda AC7 AdvSetLanip command injection |
| CVE-2025-11524 | 2025-10-09 | Tenda AC7 SetDDNSCfg stack-based overflow |
| CVE-2025-11525 | 2025-10-09 | Tenda AC7 SetUpnpCfg stack-based overflow |
| CVE-2025-11166 | 2025-10-09 | WP Go Maps (formerly WP Google Maps) <= 9.0.46 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2025-10586 | 2025-10-09 | Community Events <= 1.5.1 - Unauthenticated SQL Injection |
| CVE-2025-10496 | 2025-10-09 | Cookie Notice & Consent <= 1.6.5 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-11526 | 2025-10-09 | Tenda AC7 WifiMacFilterSet stack-based overflow |
| CVE-2025-11527 | 2025-10-09 | Tenda AC7 fast_setting_pppoe_set stack-based overflow |
| CVE-2025-11528 | 2025-10-09 | Tenda AC7 saveAutoQos stack-based overflow |
| CVE-2025-11529 | 2025-10-09 | ChurchCRM API Endpoint AuthMiddleware.php AuthMiddleware missing authentication |
| CVE-2025-27039 | 2025-10-09 | Detection of Error Condition Without Action in Computer Vision |