CVE List - 2025 / October
Showing 1401 - 1500 of 4280 CVEs for October 2025 (Page 15 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-37727 | 2025-10-10 | Elasticsearch Insertion of sensitive information in log file |
| CVE-2025-52632 | 2025-10-10 | HCL AION is susceptible to Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability |
| CVE-2025-61856 | 2025-10-10 | A stack-based buffer overflow vulnerability exists in VS6ComFile!CV7BaseMap::WriteV7DataToRom of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary... |
| CVE-2025-52635 | 2025-10-10 | HCL AION is susceptible to Trusted types in scripts not enforced in CSP |
| CVE-2025-52624 | 2025-10-10 | HCL AION is susceptible to Bypass of the script allow list configuration vulnerability |
| CVE-2025-61858 | 2025-10-10 | An out-of-bounds write vulnerability exists in VS6ComFile!set_AnimationItem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code... |
| CVE-2025-52625 | 2025-10-10 | HCL AION is susceptible to Cacheable SSL Page Found vulnerability |
| CVE-2025-61857 | 2025-10-10 | An out-of-bounds write vulnerability exists in VS6ComFile!CItemExChange::WinFontDynStrCheck of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code... |
| CVE-2025-61859 | 2025-10-10 | An out-of-bounds write vulnerability exists in VS6ComFile!CItemDraw::is_motion_tween of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code... |
| CVE-2025-61860 | 2025-10-10 | An out-of-bounds read vulnerability exists in VS6MemInIF!set_temp_type_default of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code... |
| CVE-2025-61861 | 2025-10-10 | An out-of-bounds read vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code... |
| CVE-2025-61862 | 2025-10-10 | An out-of-bounds read vulnerability exists in VS6ComFile!get_ovlp_element_size of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code... |
| CVE-2025-61863 | 2025-10-10 | An out-of-bounds read vulnerability exists in VS6ComFile!CSaveData::delete_mem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code... |
| CVE-2025-11188 | 2025-10-10 | CVE-2025-11188 |
| CVE-2025-11189 | 2025-10-10 | CVE-2025-11189 |
| CVE-2025-11190 | 2025-10-10 | CVE-2025-11190 |
| CVE-2025-61864 | 2025-10-10 | A use after free vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary... |
| CVE-2025-11579 | 2025-10-10 | DoS via Out Of Memory Crash |
| CVE-2025-7781 | 2025-10-10 | WP JobHunt <= 7.6 - Authenticated (Candidate+) Stored Cross-Site Scripting via ‘cs_job_title’ |
| CVE-2025-7374 | 2025-10-10 | WP JobHunt <= 7.6 Authenticated (Custom+) Authorization Bypass |
| CVE-2025-62239 | 2025-10-10 | Cross-site scripting (XSS) vulnerability in workflow process builder in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92... |
| CVE-2025-62238 | 2025-10-10 | Stored cross-site scripting (XSS) vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update... |
| CVE-2025-62237 | 2025-10-10 | Stored cross-site scripting (XSS) vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through... |
| CVE-2025-8886 | 2025-10-10 | Authorization Bypass in Usta Information Systems' Aybs Interaktif |
| CVE-2025-8887 | 2025-10-10 | IDOR in Usta Information Systems' Aybs Interaktif |
| CVE-2025-48043 | 2025-10-10 | Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization |
| CVE-2025-59530 | 2025-10-10 | quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame |
| CVE-2025-61689 | 2025-10-10 | HTTP.jl vulnerable to Header injection/Response splitting via header construction. |
| CVE-2025-61780 | 2025-10-10 | Rack has Possible Information Disclosure Vulnerability |
| CVE-2025-11616 | 2025-10-10 | Buffer Over-read when receiving improperly sized ICMPv6 packets in FreeRTOS-Plus-TCP |
| CVE-2025-11617 | 2025-10-10 | Buffer Over-read when receiving IPv6 packets with incorrect payload length in FreeRTOS-Plus-TCP |
| CVE-2025-11618 | 2025-10-10 | Invalid Pointer Dereference when receiving UDP/IPv6 packets in FreeRTOS-Plus-TCP |
| CVE-2025-23309 | 2025-10-10 | NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering. |
| CVE-2025-23280 | 2025-10-10 | NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data... |
| CVE-2025-23282 | 2025-10-10 | NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead... |
| CVE-2025-11580 | 2025-10-10 | PowerJob list authorization |
| CVE-2025-11581 | 2025-10-10 | PowerJob OpenAPIController runJob authorization |
| CVE-2025-62245 | 2025-10-10 | Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to... |
| CVE-2025-61919 | 2025-10-10 | Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing |
| CVE-2025-61920 | 2025-10-10 | Authlib is vulnerable to Denial of Service via Oversized JOSE Segments |
| CVE-2025-61921 | 2025-10-10 | Sinatra has ReDoS vulnerability in ETag header value generation |
| CVE-2025-61925 | 2025-10-10 | Astro's `X-Forwarded-Host` is reflected with no validation |
| CVE-2025-61927 | 2025-10-10 | Happy-DOM has VM Context Escape |
| CVE-2025-61929 | 2025-10-10 | Cherry Studio allows one-click on a specific URL to cause a command to execute |
| CVE-2025-61930 | 2025-10-10 | Emlog Pro has CSRF issue that Enables Admin Password Reset |
| CVE-2025-11582 | 2025-10-10 | code-projects Online Job Search Engine registration.php sql injection |
| CVE-2025-11583 | 2025-10-10 | code-projects Online Job Search Engine postjob.php sql injection |
| CVE-2025-62158 | 2025-10-10 | Frappe had attachments made by students to their assignments of type Text set to public |
| CVE-2025-11584 | 2025-10-10 | code-projects Online Job Search Engine searchjob.php sql injection |
| CVE-2025-11585 | 2025-10-10 | code-projects Project Monitoring System useredit.php sql injection |
| CVE-2025-11586 | 2025-10-10 | Tenda AC7 setNotUpgrade stack-based overflow |
| CVE-2025-11588 | 2025-10-10 | CodeAstro Gym Management System index.php sql injection |
| CVE-2025-11589 | 2025-10-10 | CodeAstro Gym Management System user-payment.php sql injection |
| CVE-2025-61911 | 2025-10-10 | python-ldap has sanitization bypass in ldap.filter.escape_filter_chars |
| CVE-2025-61912 | 2025-10-10 | python-ldap Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination |
| CVE-2025-52885 | 2025-10-10 | GHSL-2025-042: Poppler has Use-After-Free |
| CVE-2025-52647 | 2025-10-10 | HCL BigFix WebUI is affected by a host header poisoning vulnerability |
| CVE-2025-62159 | 2025-10-10 | External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval |
| CVE-2025-8093 | 2025-10-10 | Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098 |
| CVE-2025-9549 | 2025-10-10 | Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099 |
| CVE-2025-9550 | 2025-10-10 | Facets - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-100 |
| CVE-2025-9551 | 2025-10-10 | Protected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101 |
| CVE-2025-9552 | 2025-10-10 | Synchronize composer.json With Contrib Modules - Critical - Unsupported - SA-CONTRIB-2025-102 |
| CVE-2025-9553 | 2025-10-10 | API Key manager - Critical - Unsupported - SA-CONTRIB-2025-103 |
| CVE-2025-62162 | 2025-10-10 | cel-rust May Panic During Parsing of Invalid CEL Expressions |
| CVE-2025-9554 | 2025-10-10 | Owl Carousel 2 - Critical - Unsupported - SA-CONTRIB-2025-104 |
| CVE-2025-11626 | 2025-10-10 | Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark |
| CVE-2025-31717 | 2025-10-11 | In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. |
| CVE-2025-31718 | 2025-10-11 | In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. |
| CVE-2025-11590 | 2025-10-11 | CodeAstro Gym Management System equipment-entry.php sql injection |
| CVE-2025-54654 | 2025-10-11 | Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality |
| CVE-2025-9560 | 2025-10-11 | Colibri Page Builder <= 1.0.334 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_newsletter Shortcode |
| CVE-2025-11380 | 2025-10-11 | Everest Backup <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure |
| CVE-2025-58277 | 2025-10-11 | Permission verification bypass vulnerability in the Camera app. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-58278 | 2025-10-11 | Identity authentication bypass vulnerability in the Gallery app. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-58282 | 2025-10-11 | Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-58283 | 2025-10-11 | Permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-58284 | 2025-10-11 | Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-58285 | 2025-10-11 | Permission control vulnerability in the media module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-11591 | 2025-10-11 | CodeAstro Gym Management System delete-member.php sql injection |
| CVE-2025-11592 | 2025-10-11 | CodeAstro Gym Management System edit-equipmentform.php sql injection |
| CVE-2025-11593 | 2025-10-11 | CodeAstro Gym Management System delete-equipment.php sql injection |
| CVE-2025-9496 | 2025-10-11 | Enable Media Replace <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode |
| CVE-2025-11533 | 2025-10-11 | WP Freeio <= 1.2.21 - Unauthenticated Privilege Escalation |
| CVE-2025-11197 | 2025-10-11 | Draft List <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-9196 | 2025-10-11 | Trinity Audio <= 5.21.0 - Unauthenticated Information Exposure |
| CVE-2025-10048 | 2025-10-11 | My Auctions Allegro Plugin <= 3.6.31 - Authenticated (Admin+) SQL Injection |
| CVE-2025-10185 | 2025-10-11 | NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection |
| CVE-2025-6553 | 2025-10-11 | Ovatheme Events Manager <= 1.8.5 - Unauthenticated Arbitrary File Upload |
| CVE-2025-11254 | 2025-10-11 | Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.3 - Unauthenticated CSV Injection |
| CVE-2025-11518 | 2025-10-11 | WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation |
| CVE-2025-11167 | 2025-10-11 | CM Registration – Tailored tool for seamless login and invitation-based registrations <= 2.5.6 - Open Redirect |
| CVE-2025-58286 | 2025-10-11 | Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-58287 | 2025-10-11 | Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-58288 | 2025-10-11 | Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-58290 | 2025-10-11 | Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-58291 | 2025-10-11 | Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-58292 | 2025-10-11 | Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-58295 | 2025-10-11 | Buffer overflow vulnerability in the development framework module. Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-58297 | 2025-10-11 | Buffer overflow vulnerability in the sensor service. Successful exploitation of this vulnerability may affect availability. |