CVE List - 2025 / October
Showing 1201 - 1300 of 4280 CVEs for October 2025 (Page 13 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-27040 | 2025-10-09 | Improper Input Validation in TZ Firmware |
| CVE-2025-27041 | 2025-10-09 | Buffer Over-read in Video |
| CVE-2025-27045 | 2025-10-09 | Buffer Over-read in Video |
| CVE-2025-27048 | 2025-10-09 | Untrusted Pointer Dereference in Camera |
| CVE-2025-27049 | 2025-10-09 | Buffer Over-read in Camera |
| CVE-2025-27053 | 2025-10-09 | Incorrect Calculation of Buffer Size in HLOS |
| CVE-2025-27054 | 2025-10-09 | Out-of-bounds Write in Display |
| CVE-2025-27059 | 2025-10-09 | Use of Out-of-range Pointer Offset in TZ Firmware |
| CVE-2025-27060 | 2025-10-09 | Untrusted Pointer Dereference in TZ Firmware |
| CVE-2025-47338 | 2025-10-09 | Untrusted Pointer Dereference in DSP Service |
| CVE-2025-47340 | 2025-10-09 | Out-of-bounds Write in DSP Service |
| CVE-2025-47341 | 2025-10-09 | Buffer Copy Without Checking Size of Input in Camera |
| CVE-2025-47342 | 2025-10-09 | Use After Free in BT Controller |
| CVE-2025-47347 | 2025-10-09 | Stack-based Buffer Overflow in Automotive Software platform based on QNX |
| CVE-2025-47349 | 2025-10-09 | Use of Out-of-range Pointer Offset in DSP Service |
| CVE-2025-47351 | 2025-10-09 | Integer Overflow or Wraparound in DSP Service |
| CVE-2025-47354 | 2025-10-09 | Use After Free in DSP Service |
| CVE-2025-47355 | 2025-10-09 | Out-of-bounds Write in DSP Service |
| CVE-2025-6038 | 2025-10-09 | Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-11530 | 2025-10-09 | code-projects Online Complaint Site state.php sql injection |
| CVE-2025-7526 | 2025-10-09 | WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming |
| CVE-2025-7634 | 2025-10-09 | WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion |
| CVE-2025-11539 | 2025-10-09 | Arbitrary Code Execution in Grafana Image Renderer Plugin |
| CVE-2025-11522 | 2025-10-09 | Search & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover |
| CVE-2025-10862 | 2025-10-09 | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.3 - Unauthenticated SQL Injection via 'id' |
| CVE-2025-39954 | 2025-10-09 | clk: sunxi-ng: mp: Fix dual-divider clock rate readback |
| CVE-2025-39955 | 2025-10-09 | tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). |
| CVE-2025-39956 | 2025-10-09 | igc: don't fail igc_probe() on LED setup error |
| CVE-2025-39957 | 2025-10-09 | wifi: mac80211: increase scan_ies_len for S1G |
| CVE-2025-39958 | 2025-10-09 | iommu/s390: Make attach succeed when the device was surprise removed |
| CVE-2025-39959 | 2025-10-09 | ASoC: amd: acp: Fix incorrect retrival of acp_chip_info |
| CVE-2025-10249 | 2025-10-09 | Slider Revolution <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Read |
| CVE-2025-9371 | 2025-10-09 | Betheme <= 28.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_title' |
| CVE-2025-2934 | 2025-10-09 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-11340 | 2025-10-09 | Incorrect Authorization in GitLab |
| CVE-2025-10004 | 2025-10-09 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-39960 | 2025-10-09 | gpiolib: acpi: initialize acpi_gpio_info struct |
| CVE-2025-39961 | 2025-10-09 | iommu/amd/pgtbl: Fix possible race while increase page table level |
| CVE-2025-39962 | 2025-10-09 | rxrpc: Fix untrusted unsigned subtract |
| CVE-2025-39963 | 2025-10-09 | io_uring: fix incorrect io_kiocb reference in io_link_skb |
| CVE-2025-10239 | 2025-10-09 | Unintended command execution via troubleshooting scripts in Progress Flowmon |
| CVE-2025-10240 | 2025-10-09 | Possibility of unintended actions when a user clicks a malicious link in the Progress Flowmon web application |
| CVE-2025-62228 | 2025-10-09 | Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injection via maliciously crafted identifiers |
| CVE-2025-11561 | 2025-10-09 | Sssd: sssd default kerberos configuration allows privilege escalation on ad-joined linux systems |
| CVE-2023-37401 | 2025-10-09 | IBM Aspera Faspex cross-origin resource sharing |
| CVE-2025-36225 | 2025-10-09 | IBM Aspera Faspex information disclosure |
| CVE-2025-36171 | 2025-10-09 | IBM Aspera Faspex denial of service |
| CVE-2025-32916 | 2025-10-09 | Sensitive form data in URL query parameters |
| CVE-2025-32919 | 2025-10-09 | Privilege Escalation in Windows License plugin for Checkmk Windows Agent |
| CVE-2025-39664 | 2025-10-09 | Path-Traversal in report scheduler |
| CVE-2025-11198 | 2025-10-09 | Security Director Policy Enforcer: An unrestricted API allows a network-based unauthenticated attacker to deploy malicious vSRX images to VMWare NSX Server |
| CVE-2025-52960 | 2025-10-09 | Junos OS: SRX Series and MX Series: Receipt of specific SIP packets in a high utilization situation causes a flowd crash |
| CVE-2025-52961 | 2025-10-09 | Junos OS Evolved: PTX Series except PTX10003: An unauthenticated adjacent attacker sending specific valid traffic can cause a memory leak in cfmman leading to FPC crash and restart |
| CVE-2025-59957 | 2025-10-09 | Junos OS: EX4600 Series and QFX5000 Series: An attacker with physical access can open a persistent backdoor |
| CVE-2025-59958 | 2025-10-09 | Junos OS Evolved: PTX Series: When a firewall filter rejects traffic these packets are erroneously sent to the RE |
| CVE-2025-59962 | 2025-10-09 | Junos OS and Junos OS Evolved: With BGP sharding enabled, change in indirect next-hop can cause RPD crash |
| CVE-2025-10281 | 2025-10-09 | Insecure URL Handling in git_clone Leading to Leaked API Key |
| CVE-2025-10282 | 2025-10-09 | GitLab Domain Confusion in gitlab Leaks API Key |
| CVE-2025-10283 | 2025-10-09 | Improper .git Sanitization in gitdumper Enables RCE |
| CVE-2025-10284 | 2025-10-09 | Improper Archive Extraction in unarchive Enables RCE |
| CVE-2025-59964 | 2025-10-09 | Junos OS: SRX4700: When forwarding-options sampling is enabled any traffic destined to the RE will cause the forwarding line card to crash and restart |
| CVE-2025-59967 | 2025-10-09 | Junos OS Evolved: ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7348, ACX7509: When specific valid multicast traffic is received on the L3 interface on a vulnerable device evo-pfemand crashes and restarts |
| CVE-2025-59968 | 2025-10-09 | Junos Space Security Director: Insufficient authorization for sensitive resources in web interface |
| CVE-2025-59974 | 2025-10-09 | Junos Space Security Director: Persistent Cross-Site Scripting (XSS) vulnerability |
| CVE-2025-59975 | 2025-10-09 | Junos Space: Flooding device with inbound API calls leads to WebUI and CLI management access DoS |
| CVE-2025-59976 | 2025-10-09 | Junos Space: Arbitrary file download vulnerability in web interface |
| CVE-2025-59978 | 2025-10-09 | Junos Space: Stored cross-site scripting vulnerability in web application |
| CVE-2025-59980 | 2025-10-09 | Junos OS: When a user with the name ftp or anonymous is configured unauthenticated filesystem access is allowed |
| CVE-2025-59981 | 2025-10-09 | Junos Space: Device Template Definition page is vulnerable to reflected cross-site script injection |
| CVE-2025-59982 | 2025-10-09 | Junos Space: Dashboard Search field is vulnerable to reflected cross-site script injection |
| CVE-2025-59983 | 2025-10-09 | Junos Space: Template Definition page is vulnerable to reflected cross-site script injection |
| CVE-2025-59984 | 2025-10-09 | Junos Space: Global Search is vulnerable to reflected cross-site script injection |
| CVE-2025-59985 | 2025-10-09 | Junos Space: Purging Policy field is vulnerable to reflected cross-site script injection |
| CVE-2025-59986 | 2025-10-09 | Junos Space: Input fields in Model Devices are vulnerable to reflected cross-site script injection |
| CVE-2025-59987 | 2025-10-09 | Junos Space: The arbitrary device search field is vulnerable to reflected cross-site script injection |
| CVE-2025-59988 | 2025-10-09 | Junos Space: Generate Report page is vulnerable to reflected cross-site script injection |
| CVE-2025-59989 | 2025-10-09 | Junos Space: Device Discovery page is vulnerable to reflected cross-site script injection |
| CVE-2025-59990 | 2025-10-09 | Junos Space: Template creation pages are vulnerable to reflected cross-site script injection |
| CVE-2025-59991 | 2025-10-09 | Junos Space: Device Management pages are vulnerable to reflected cross-site script injection |
| CVE-2025-59992 | 2025-10-09 | Junos Space: Secure Console page is vulnerable to reflected cross-site script injection |
| CVE-2025-59993 | 2025-10-09 | Junos Space: Space Node Setting fields are vulnerable to reflected cross-site script injection |
| CVE-2025-59994 | 2025-10-09 | Junos Space: Quick Template page is vulnerable to reflected cross-site script injection |
| CVE-2025-59995 | 2025-10-09 | Junos Space: Template creation through Definition is vulnerable to reflected cross-site script injection |
| CVE-2025-59996 | 2025-10-09 | Junos Space: Configuration View page is vulnerable to reflected cross-site script injection |
| CVE-2025-59997 | 2025-10-09 | Junos Space: Fields in the CLI Configlets are vulnerable to reflected cross-site script injection |
| CVE-2025-59998 | 2025-10-09 | Junos Space: Archive Logs screen is vulnerable to reflected cross-site script injection |
| CVE-2025-59999 | 2025-10-09 | Junos Space: API Access Profiles page is vulnerable to reflected cross-site script injection |
| CVE-2025-60000 | 2025-10-09 | Junos Space: Generate Report page is vulnerable to reflected cross-site script injection |
| CVE-2025-60001 | 2025-10-09 | Junos Space: Create Quick Template page is vulnerable to reflected cross-site script injection |
| CVE-2025-60002 | 2025-10-09 | Junos Space: Template Definitions page is vulnerable to reflected cross-site script injection |
| CVE-2025-60004 | 2025-10-09 | Junos OS and Junos OS Evolved: Specific BGP EVPN update message causes rpd crash |
| CVE-2025-60006 | 2025-10-09 | Junos OS Evolved: OS command injection vulnerabilities fixed |
| CVE-2025-60009 | 2025-10-09 | Junos Space: CLI Configlet page is vulnerable to reflected cross-site script injection |
| CVE-2025-60010 | 2025-10-09 | Junos OS and Junos OS Evolved: Device allows login for user with expired password |
| CVE-2025-11371 | 2025-10-09 | Gladinet CentreStack and TrioFox Local File Inclusion Flaw |
| CVE-2017-20203 | 2025-10-09 | NetSarang v5.0 Malicious Backdoor Supply Chain Compromise |
| CVE-2025-11549 | 2025-10-09 | Tenda W12 HTTP Request modules wifiMacFilterSet stack-based overflow |
| CVE-2025-11573 | 2025-10-09 | Denial of Service issue in Amazon.IonDotnet |
| CVE-2025-11550 | 2025-10-09 | Tenda W12 HTTP Request modules wifiScheduledSet null pointer dereference |
| CVE-2025-11551 | 2025-10-09 | code-projects Student Result Manager Database.java sql injection |