CVE List - 2025 / October
Showing 3201 - 3300 of 4280 CVEs for October 2025 (Page 33 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-58429 | 2025-10-23 | AutomationDirect Productivity Suite Relative Path Traversal |
| CVE-2025-62254 | 2025-10-23 | The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update... |
| CVE-2025-59776 | 2025-10-23 | AutomationDirect Productivity Suite Relative Path Traversal |
| CVE-2025-60023 | 2025-10-23 | AutomationDirect Productivity Suite Relative Path Traversal |
| CVE-2025-7730 | 2025-10-23 | Bold Page Builder <= 5.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter |
| CVE-2021-43768 | 2025-10-24 | In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe. |
| CVE-2025-46183 | 2025-10-24 | The Utils.deserialize function in pgCodeKeeper 10.12.0 processes serialized data from untrusted sources. If an attacker provides a specially crafted .ser file, deserialization may result in unintended code execution or other... |
| CVE-2025-46185 | 2025-10-24 | An Insecure Permission vulnerability in pgcodekeeper 10.12.0 allows a local attacker to obtain sensitive information via the plaintext storage of passwords and usernames. |
| CVE-2025-52099 | 2025-10-24 | Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function |
| CVE-2025-56438 | 2025-10-24 | An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar... |
| CVE-2025-60419 | 2025-10-24 | An issue was discovered in the NDIS Usermode IO driver (RtkIOAC60.sys, version 6.0.5600.16348) allowing local authenticated attackers to send a crafted IOCTL request to the driver to cause a denial... |
| CVE-2025-60547 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7. |
| CVE-2025-60548 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings. |
| CVE-2025-60549 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4. |
| CVE-2025-60550 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone. |
| CVE-2025-60551 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot. |
| CVE-2025-60552 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup. |
| CVE-2025-60553 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52. |
| CVE-2025-60554 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard. |
| CVE-2025-60555 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode. |
| CVE-2025-60556 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1. |
| CVE-2025-60557 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard. |
| CVE-2025-60558 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ. |
| CVE-2025-60559 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter. |
| CVE-2025-60561 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail. |
| CVE-2025-60562 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey. |
| CVE-2025-60563 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr. |
| CVE-2025-60564 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog. |
| CVE-2025-60565 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule. |
| CVE-2025-60566 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter. |
| CVE-2025-60568 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall. |
| CVE-2025-60569 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute. |
| CVE-2025-60570 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery. |
| CVE-2025-60571 | 2025-10-24 | D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS. |
| CVE-2025-60572 | 2025-10-24 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork. |
| CVE-2025-60729 | 2025-10-24 | PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function |
| CVE-2025-60730 | 2025-10-24 | PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function |
| CVE-2025-60731 | 2025-10-24 | PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function |
| CVE-2025-60735 | 2025-10-24 | PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function |
| CVE-2025-60801 | 2025-10-24 | jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function. |
| CVE-2025-60803 | 2025-10-24 | Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api/aaa;/../register. |
| CVE-2025-60936 | 2025-10-24 | Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view... |
| CVE-2025-60938 | 2025-10-24 | Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from insufficient... |
| CVE-2025-60954 | 2025-10-24 | Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which... |
| CVE-2025-61430 | 2025-10-24 | Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server to return request payloads... |
| CVE-2025-58070 | 2025-10-24 | Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser. |
| CVE-2025-61931 | 2025-10-24 | Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser. |
| CVE-2025-10723 | 2025-10-24 | PixelYourSite < 11.1.2 - Admin+ LFI |
| CVE-2025-10874 | 2025-10-24 | Orbit Fox < 3.0.2 - Author+ Server-Side Request Forgery |
| CVE-2025-9978 | 2025-10-24 | Jeg Elementor Kit < 2.7.0 - Author+ Stored XSS |
| CVE-2025-9158 | 2025-10-24 | Stored XSS in Request Tracker |
| CVE-2025-6440 | 2025-10-24 | WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload |
| CVE-2025-62868 | 2025-10-24 | WordPress Edge CPT plugin <= 1.4 - Local File Inclusion vulnerability |
| CVE-2025-12016 | 2025-10-24 | qnotsquiz <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-11992 | 2025-10-24 | Multi Item Responsive Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12072 | 2025-10-24 | Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update |
| CVE-2025-10740 | 2025-10-24 | URL Shortener Plugin For WordPress <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Link Manipulation |
| CVE-2025-11887 | 2025-10-24 | Supervisor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2025-10701 | 2025-10-24 | Time Clock – A WordPress Employee & Volunteer Time Clock Plugin <= 1.3.1 - Authenticated (Custom+) Stored Cross-Site Scripting |
| CVE-2025-12028 | 2025-10-24 | IndieAuth <= 4.5.4 - Cross-Site Request Forgery to Account Takeover via Stolen OAuth Tokens |
| CVE-2025-10748 | 2025-10-24 | RapidResult <= 1.2 - Authenticated (Contributor+) SQL Injection |
| CVE-2025-11504 | 2025-10-24 | Quickcreator – AI Blog Writer 0.0.9 - 0.1.17 - Unauthenticated API Key Exposure |
| CVE-2025-12096 | 2025-10-24 | Simple Excel Pricelist for WooCommerce <= 1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11257 | 2025-10-24 | LLM Hubspot Blog Import <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Hubspot Import |
| CVE-2025-11889 | 2025-10-24 | AIO Forms <= 1.3.15 - Authenticated (Admin+) Arbitrary File Upload via Zip Import |
| CVE-2025-12014 | 2025-10-24 | NGINX Cache Optimizer <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion Update |
| CVE-2025-10902 | 2025-10-24 | Originality.ai AI Checker <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Scan Log Deletion via ' ai_scan_result_remove' |
| CVE-2025-10901 | 2025-10-24 | Originality.ai AI Checker <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'ai_get_table' |
| CVE-2025-11172 | 2025-10-24 | Check Plagiarism <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2025-12017 | 2025-10-24 | VNPAY for Woocommerce <= 1.0.0 - Reflected Cross-Site Scripting |
| CVE-2025-10749 | 2025-10-24 | Microsoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Media Deletion |
| CVE-2025-11253 | 2025-10-24 | SQLi in Aksis Technologies' Netty ERP |
| CVE-2025-12136 | 2025-10-24 | Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint |
| CVE-2025-12134 | 2025-10-24 | ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable |
| CVE-2025-36361 | 2025-10-24 | IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA |
| CVE-2025-10680 | 2025-10-24 | OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use |
| CVE-2025-5350 | 2025-10-24 | SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products |
| CVE-2025-5605 | 2025-10-24 | Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure |
| CVE-2025-10861 | 2025-10-24 | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.4 - Unauthenticated Server-Side Request Forgery |
| CVE-2023-53733 | 2025-10-24 | net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode |
| CVE-2025-40018 | 2025-10-24 | ipvs: Defer ip_vs_ftp unregister during netns cleanup |
| CVE-2025-40019 | 2025-10-24 | crypto: essiv - Check ssize for decryption and in-place encryption |
| CVE-2025-40020 | 2025-10-24 | can: peak_usb: fix shift-out-of-bounds issue |
| CVE-2025-40021 | 2025-10-24 | tracing: dynevent: Add a missing lockdown check on dynevent |
| CVE-2025-40022 | 2025-10-24 | crypto: af_alg - Fix incorrect boolean values in af_alg_ctx |
| CVE-2025-40023 | 2025-10-24 | drm/xe/vf: Don't expose sysfs attributes not applicable for VFs |
| CVE-2025-40024 | 2025-10-24 | vhost: Take a reference on the task in struct vhost_task. |
| CVE-2025-11576 | 2025-10-24 | AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant <= 1.6.5 - Unauthenticated CSV Injection |
| CVE-2025-46425 | 2025-10-24 | Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this... |
| CVE-2025-43995 | 2025-10-24 | Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.... |
| CVE-2025-43994 | 2025-10-24 | Dell Storage Center - Dell Storage Manager, version(s) DSM 20.1.21, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading... |
| CVE-2025-8536 | 2025-10-24 | SQL Injection in DobryCMS |
| CVE-2025-11145 | 2025-10-24 | User Enumeration in CBK Soft's enVision |
| CVE-2025-62714 | 2025-10-24 | Karmada Dashboard API Unauthorized Access Vulnerability |
| CVE-2025-12176 | 2025-10-24 | Undocumented Administrative Accounts |
| CVE-2025-62716 | 2025-10-24 | Plane Vulnerable to Cross-Site Scripting via Open Redirect in ?next_path Parameter |
| CVE-2025-62717 | 2025-10-24 | Emlog Pro session verification code error due to clearing logic error |
| CVE-2025-62723 | 2025-10-24 | FlashMQ does not release memory of queued QoS messages |
| CVE-2025-34293 | 2025-10-24 | GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure |
| CVE-2025-4106 | 2025-10-24 | WatchGuard Firebox leftover debug code vulnerability |