CVE List - 2025 / October

Showing 3501 - 3600 of 4280 CVEs for October 2025 (Page 36 of 43)

Back to List Previous Next

CVE ID	Date	Title
CVE-2025-12215	2025-10-27	projectworlds Online Shopping System login_submit.php sql injection
CVE-2025-12222	2025-10-27	Bdtask Flight Booking Software Deposit deposit unrestricted upload
CVE-2025-12223	2025-10-27	Bdtask Flight Booking Software Package Information package-information unrestricted upload
CVE-2025-12224	2025-10-27	Iqbolshoh php-business-website contact.php cross site scripting
CVE-2025-12225	2025-10-27	Tenda AC6 HTTP Request WifiGuestSet stack-based overflow
CVE-2025-12226	2025-10-27	SourceCodester Best House Rental Management System admin_class.php save_house sql injection
CVE-2025-12227	2025-10-27	projectworlds Gate Pass Management System add-pass.php cross site scripting
CVE-2025-12228	2025-10-27	projectworlds Expense Management System Users Page create cross site scripting
CVE-2025-12229	2025-10-27	projectworlds Expense Management System Roles Page create cross site scripting
CVE-2025-11154	2025-10-27	IDonate < 2.1.13 - Unauthenticated User Deletion
CVE-2025-12230	2025-10-27	projectworlds Expense Management System Currency create cross site scripting
CVE-2025-12231	2025-10-27	projectworlds Expense Management System Expense Categories create cross site scripting
CVE-2025-12232	2025-10-27	Tenda CH22 SafeClientFilter fromSafeClientFilter buffer overflow
CVE-2025-12233	2025-10-27	Tenda CH22 SafeUrlFilter fromSafeUrlFilter buffer overflow
CVE-2025-12234	2025-10-27	Tenda CH22 SafeMacFilter fromSafeMacFilter buffer overflow
CVE-2025-12235	2025-10-27	Tenda CH22 SetIpBind fromSetIpBind buffer overflow
CVE-2025-12236	2025-10-27	Tenda CH22 DhcpListClient fromDhcpListClient buffer overflow
CVE-2025-12237	2025-10-27	projectworlds Advanced Library Management System index.php sql injection
CVE-2025-12238	2025-10-27	code-projects Automated Voting System user.php sql injection
CVE-2025-12239	2025-10-27	TOTOLINK A3300R cstecgi.cgi setDdnsCfg buffer overflow
CVE-2025-12240	2025-10-27	TOTOLINK A3300R cstecgi.cgi setDmzCfg buffer overflow
CVE-2025-12055	2025-10-27	Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System
CVE-2025-12241	2025-10-27	TOTOLINK A3300R POST Parameter cstecgi.cgi setLanguageCfg stack-based overflow
CVE-2025-12242	2025-10-27	CodeAstro Gym Management System check-attendance.php sql injection
CVE-2025-12243	2025-10-27	code-projects Client Details System GET Parameter welcome.php sql injection
CVE-2025-12244	2025-10-27	code-projects Simple E-Banking System register.php cross site scripting
CVE-2025-12245	2025-10-27	chatwoot Widget IFrameHelper.js initPostMessageCommunication origin validation
CVE-2025-12246	2025-10-27	chatwoot Admin IframeLoader.vue cross site scripting
CVE-2025-11682	2025-10-27	Stored Cross-Site Scripting in Perx Customer Engagement & Loyalty Platform
CVE-2025-12247	2025-10-27	Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path
CVE-2025-12248	2025-10-27	CLTPHP search.html sql injection
CVE-2025-12249	2025-10-27	Axosoft Scrum and Bug Tracking Edit Ticket csv injection
CVE-2025-12250	2025-10-27	OpenWGA TMLScript API WGA.File path traversal
CVE-2025-12251	2025-10-27	OpenWGA Admin UI cross site scripting
CVE-2025-12252	2025-10-27	code-projects Online Event Judging System action.php sql injection
CVE-2025-46582	2025-10-27	Private Key Disclosure Vulnerability in ZTE ZXMP M721 Product
CVE-2025-12080	2025-10-27	Intent Abuse in Google Messages for Wear OS for Silent Message Sending
CVE-2025-12253	2025-10-27	AMTT Hotel Broadband Operation System get_expiredtime.php sql injection
CVE-2025-12254	2025-10-27	code-projects Online Event Judging System add_judge.php sql injection
CVE-2025-12255	2025-10-27	code-projects Online Event Judging System add_contestant.php sql injection
CVE-2025-46583	2025-10-27	DOS Vulnerability in ZTE MC889A Pro product
CVE-2025-12256	2025-10-27	code-projects Online Event Judging System edit_contestant.php sql injection
CVE-2025-12257	2025-10-27	SourceCodester Online Student Result System view_result.php sql injection
CVE-2025-12258	2025-10-27	TOTOLINK A3300R POST Parameter cstecgi.cg setOpModeCfg stack-based overflow
CVE-2025-12259	2025-10-27	TOTOLINK A3300R POST Parameter cstecgi.cgi setScheduleCfg stack-based overflow
CVE-2025-12260	2025-10-27	TOTOLINK A3300R POST Parameter cstecgi.cgi setSyslogCfg stack-based overflow
CVE-2025-12261	2025-10-27	CodeAstro Gym Management System remove-announcement.php sql injection
CVE-2025-8432	2025-10-27	CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON
CVE-2025-59459	2025-10-27	Denial-of-service (DoS) via resource consumption
CVE-2025-59460	2025-10-27	Unsecure access configuration
CVE-2025-59461	2025-10-27	API does not require authentication
CVE-2025-59462	2025-10-27	Denial-of-service (DoS) via delayed or missing client response
CVE-2025-59463	2025-10-27	Denial-of-service (DoS) via chunk size mismatch
CVE-2025-12262	2025-10-27	code-projects Online Event Judging System edit_criteria.php sql injection
CVE-2025-12263	2025-10-27	code-projects Online Event Judging System edit_judge.php sql injection
CVE-2025-12264	2025-10-27	Wisencode Create Support Ticket create cross site scripting
CVE-2025-12265	2025-10-27	Tenda CH22 VirtualSer fromVirtualSer buffer overflow
CVE-2025-12266	2025-10-27	Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection
CVE-2025-12267	2025-10-27	abhicodebox ModernShop search cross site scripting
CVE-2025-11955	2025-10-27	Incorrect validation of OCSP certificates in TheGreenBow VPN Client Windows Enterprise
CVE-2025-12268	2025-10-27	LearnHouse Course Thumbnail courses unrestricted upload
CVE-2025-12269	2025-10-27	LearnHouse Account Setting previews cross site scripting
CVE-2025-41009	2025-10-27	SQL injection on the virtual campus platform of Diseño de Recursos Educativos
CVE-2025-12270	2025-10-27	LearnHouse Student Assignment Submission sub_file resource injection
CVE-2025-12271	2025-10-27	Tenda CH22 RouteStatic fromRouteStatic buffer overflow
CVE-2025-12272	2025-10-27	Tenda CH22 addressNat fromAddressNat buffer overflow
CVE-2025-12273	2025-10-27	Tenda CH22 webExcptypemanFilter fromwebExcptypemanFilter buffer overflow
CVE-2025-12274	2025-10-27	Tenda CH22 P2pListFilter fromP2pListFilter buffer overflow
CVE-2025-41067	2025-10-27	Reachable Assertion vulnerability in Open5GS
CVE-2025-41068	2025-10-27	Reachable Assertion vulnerability in Open5GS
CVE-2025-41384	2025-10-27	Reflected Cross-Site Scripting (XSS) in SuiteCRM
CVE-2025-11248	2025-10-27	Sensitive Information Logged
CVE-2025-12276	2025-10-27	LearnHouse Image information disclosure
CVE-2025-12277	2025-10-27	Abdullah-Hasan-Sajjad Online-School studentLogin.php sql injection
CVE-2025-12279	2025-10-27	code-projects Client Details System welcome.php cross site scripting
CVE-2025-12280	2025-10-27	code-projects Client Details System update-clients.php cross site scripting
CVE-2025-12281	2025-10-27	code-projects Client Details System clientview.php cross site scripting
CVE-2025-12282	2025-10-27	code-projects Client Details System manage-users.php cross site scripting
CVE-2025-50055	2025-10-27	Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary...
CVE-2025-9164	2025-10-27	Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows
CVE-2025-12283	2025-10-27	code-projects Client Details System authorization
CVE-2025-12286	2025-10-27	VeePN AVService avservice.exe unquoted search path
CVE-2025-12287	2025-10-27	Bdtask Wholesale Inventory Control and Inventory Management System edit_profile sql injection
CVE-2025-12288	2025-10-27	Bdtask Pharmacy Management System User Profile edit_user authorization
CVE-2025-34292	2025-10-27	BeWelcome/Rox PHP Object Injection RCE
CVE-2025-26862	2025-10-27	PingFederate unexpected browser flow initiation in redirectless mode
CVE-2025-36121	2025-10-27	HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application
CVE-2025-12289	2025-10-27	Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1001 cross site scripting
CVE-2025-12290	2025-10-27	Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 359 cross site scripting
CVE-2025-12351	2025-10-27	Inadequate access control measure allows unauthorized users to access restricted administrative functions
CVE-2025-10023	2025-10-27	A user with elevated privileges can inject XSS in the Services Meta-services configuration page
CVE-2025-34133	2025-10-27	Wimi Teamwork < v7.38.17 CSRF
CVE-2025-12291	2025-10-27	ashymuzuro Full-Ecommece-Website/Muzuro Ecommerce System Add Product index.php unrestricted upload
CVE-2025-12292	2025-10-27	SourceCodester Point of Sales index.php sql injection
CVE-2025-12293	2025-10-27	SourceCodester Point of Sales category.php sql injection
CVE-2025-12294	2025-10-27	SourceCodester Point of Sales delete_category.php sql injection
CVE-2025-12295	2025-10-27	D-Link DAP-2695 Firmware Update sub_40C6B8 signature verification
CVE-2025-12296	2025-10-27	D-Link DAP-2695 Firmware Update sub_4174B0 os command injection
CVE-2025-12297	2025-10-27	atjiu pybbs UserApiController.java information disclosure
CVE-2025-12298	2025-10-27	code-projects Simple Food Ordering System editcategory.php cross site scripting