CVE List - 2025 / October
Showing 301 - 400 of 4280 CVEs for October 2025 (Page 4 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-41010 | 2025-10-02 | Cross-origin resource sharing (CORS) in Hiberus Sintra |
| CVE-2025-11239 | 2025-10-02 | Job details are visible to all team members on KNIME Business Hub |
| CVE-2025-11240 | 2025-10-02 | Open redirect vulnerability in KNIME Business Hub |
| CVE-2025-0642 | 2025-10-02 | Hard-coded Credentials in PosCube's Assist |
| CVE-2025-22862 | 2025-10-02 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8,... |
| CVE-2025-53881 | 2025-10-02 | SUSE-specific logrotate configuration allows escalation from mail user/group to root |
| CVE-2025-59735 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59736 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59737 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59738 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59739 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59740 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59741 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59742 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59743 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59744 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59745 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59746 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59747 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59748 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59749 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59750 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59751 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59752 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59753 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59754 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59755 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59756 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59757 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59758 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59759 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59760 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59761 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59762 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59763 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59764 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59765 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59766 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59767 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59768 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59769 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59770 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59771 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59772 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59773 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-59774 | 2025-10-02 | Multiple vulnerabilities in AndSoft's e-TMS |
| CVE-2025-34208 | 2025-10-02 | Vasion Print (formerly PrinterLogic) Insecure Password Hashing |
| CVE-2025-34210 | 2025-10-02 | Vasion Print (formerly PrinterLogic) Readable Cleartext Passwords |
| CVE-2025-59835 | 2025-10-02 | LangBot has a cross-directory file upload vulnerability, which could lead to system takeover |
| CVE-2025-61595 | 2025-10-02 | MANTRA tx gas limit is not enforced in send hooks |
| CVE-2025-61603 | 2025-10-02 | WeGIA: SQL Injection (Blind Time-Based) Vulnerability in API `descricao` Parameter |
| CVE-2025-54086 | 2025-10-02 | Excess Permissions in Warehouse |
| CVE-2025-10653 | 2025-10-02 | Raise3D Pro2 Series 3D Printers Authentication Bypass Using an Alternate Path or Channel |
| CVE-2025-54087 | 2025-10-02 | Server-side request forgery in Secure Access |
| CVE-2025-61604 | 2025-10-02 | WeGIA: Cross-Site Request Forgery (CSRF) Vulnerability in `control.php` Endpoint |
| CVE-2025-54088 | 2025-10-02 | Open Redirect in Secure Access prior to 14.10 |
| CVE-2025-61605 | 2025-10-02 | WeGIA: SQL Injection (Blind Time-Based) Vulnerability in /pet/profile_pet.php Endpoint |
| CVE-2025-54089 | 2025-10-02 | Cross-site Scripting vulnerability in Secure Access prior to 14.10 |
| CVE-2025-61606 | 2025-10-02 | WeGIA: Open Redirect Vulnerability in `control.php` endpoint |
| CVE-2025-61665 | 2025-10-02 | WeGIA: Broken Access Control in `get_relatorios_socios.php` Endpoint |
| CVE-2025-61666 | 2025-10-02 | Traccar Unauthenticated Local File Inclusion on Windows - Leakage of Traccar Config File |
| CVE-2025-61600 | 2025-10-02 | Unbounded Memory Allocation in Stalwart IMAP parser |
| CVE-2025-61668 | 2025-10-02 | @plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user |
| CVE-2021-42193 | 2025-10-03 | nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/Product/Edit/[id]. Each time a user views the product in the shop, the XSS payload fires. |
| CVE-2025-55971 | 2025-10-03 | TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the UPnP MediaRenderer service (AVTransport:1). The... |
| CVE-2025-55972 | 2025-10-03 | A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS) condition. By sending a flood of malformed or oversized SetAVTransportURI... |
| CVE-2025-56551 | 2025-10-03 | An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying a crafted GET request. |
| CVE-2025-57423 | 2025-10-03 | A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an... |
| CVE-2025-59489 | 2025-10-03 | Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built... |
| CVE-2025-60445 | 2025-10-03 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers... |
| CVE-2025-60447 | 2025-10-03 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input... |
| CVE-2025-60448 | 2025-10-03 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers... |
| CVE-2025-60449 | 2025-10-03 | An information disclosure vulnerability has been discovered in SeaCMS 13.1. The vulnerability exists in the admin_safe.php component located in the /btcoan/ directory. This security flaw allows authenticated administrators to scan... |
| CVE-2025-60450 | 2025-10-03 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php... |
| CVE-2025-60451 | 2025-10-03 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php... |
| CVE-2025-60452 | 2025-10-03 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\download_admin.class.php component. The vulnerability allows... |
| CVE-2025-60453 | 2025-10-03 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows... |
| CVE-2025-60454 | 2025-10-03 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\img_admin.class.php component. The vulnerability allows... |
| CVE-2025-60787 | 2025-10-03 | MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with... |
| CVE-2025-11241 | 2025-10-03 | Yoast SEO Premium 25.7-25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-59297 | 2025-10-03 | File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen |
| CVE-2025-59298 | 2025-10-03 | File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen |
| CVE-2025-59299 | 2025-10-03 | File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen |
| CVE-2025-59300 | 2025-10-03 | File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen |
| CVE-2025-61597 | 2025-10-03 | Emlog Pro is vulnerable to stored XSS attack through HTML template injection |
| CVE-2025-61599 | 2025-10-03 | Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input |
| CVE-2025-59536 | 2025-10-03 | Claude Code's startup trust dialog could lead to Command Execution attack |
| CVE-2025-61589 | 2025-10-03 | Cursor: Potential Information Leakage via Mermaid Diagram |
| CVE-2025-11223 | 2025-10-03 | Installer of Panasonic AutoDownloader version 1.2.8 contains an issue with the DLL search path, which may lead to loading a crafted DLL file in the same directory. |
| CVE-2025-0616 | 2025-10-03 | SQLi in Teknolojik Center Telecommunication's B2B - Netsis Panel |
| CVE-2025-6388 | 2025-10-03 | Spirit Framework <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation |
| CVE-2025-11234 | 2025-10-03 | Qemu-kvm: vnc websocket handshake use-after-free |
| CVE-2025-9213 | 2025-10-03 | TextBuilder 1.0.0 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account Takeover |
| CVE-2025-10212 | 2025-10-03 | SiteAlert (Formerly WP Health) <= 1.9.8 - Missing Authorization to Unauthenticated Site Health Information Exposure |
| CVE-2025-9045 | 2025-10-03 | Easy Elementor Addons <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-10311 | 2025-10-03 | Comment Info Detector <= 1.0.5 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-10726 | 2025-10-03 | WPRecovery <= 2.0 - Unauthenticated SQL Injection to Arbitrary File Deletion |
| CVE-2025-9130 | 2025-10-03 | Unify <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via unify_checkout Shortcode |
| CVE-2025-9333 | 2025-10-03 | Smart Docs <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-9885 | 2025-10-03 | MPWizard – Create Mercado Pago Payment Links <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion |