CVE List - 2025 / October
Showing 4101 - 4200 of 4280 CVEs for October 2025 (Page 42 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-36856 | 2025-10-30 | Nagios XI < 5.6.14 Authenticated RCE command_test.php via address |
| CVE-2012-10063 | 2025-10-30 | Nagios XI < 2012R1.3 Authenticated SQL Injection in Legacy CCM |
| CVE-2020-36857 | 2025-10-30 | Nagios XI < 5.6.14 Authenticated SQL Injection via SNMP Trap Interface Page |
| CVE-2013-10072 | 2025-10-30 | Nagios XI < 2012R1.6 Auto-Discovery Missing Authorization |
| CVE-2013-10073 | 2025-10-30 | Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection |
| CVE-2021-47694 | 2025-10-30 | Nagios XI < 5.8.6 Core Config Manager (CCM) Reflected XSS via Test Command |
| CVE-2021-47693 | 2025-10-30 | Nagios XI < 5.8.5 Core Config Manager (CCM) SQL Injection via Improper Escaping in Search Text |
| CVE-2020-36859 | 2025-10-30 | Nagios XI < 5.7.4 Core Config Manager (CCM) SQL Injection via Object Edit Pages |
| CVE-2022-50585 | 2025-10-30 | Nagios XI < 5.8.9 Core Config Manager (CCM) XSS via Audit Log Page Search Input |
| CVE-2020-36860 | 2025-10-30 | Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages |
| CVE-2021-47690 | 2025-10-30 | Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Overlay Modals |
| CVE-2020-36861 | 2025-10-30 | Nagios XI < 5.7.5 Core Config Manager (CCM) XSS via Overlay Rendering and Notification/Check Period Pages |
| CVE-2022-50584 | 2025-10-30 | Nagios XI < 5.8.8 Core Config Manager (CCM) XSS via Search & Deletion Flows |
| CVE-2021-47691 | 2025-10-30 | Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page |
| CVE-2021-47689 | 2025-10-30 | Nagios XI < 5.8.0 Core Config Manager (CCM) XSS via Templates Pages |
| CVE-2020-36867 | 2025-10-30 | Nagios XI < 5.7.3 Command Injection in Report PDF Download |
| CVE-2024-14005 | 2025-10-30 | Nagios XI < 2024R1.2 Command Injection via Docker Wizard |
| CVE-2018-25122 | 2025-10-30 | Nagios XI < 5.4.13 Component Download Page RCE |
| CVE-2024-14006 | 2025-10-30 | Nagios XI < 2024R1.2.2 Host Header Injection |
| CVE-2021-47700 | 2025-10-30 | Nagios XI < 5.8.7 Insecure Permissions on Highcharts Temporary Directory |
| CVE-2025-34135 | 2025-10-30 | Nagios XI < 2024R1.4.2 Overly Permissive Permissions on Systemd Unit Files |
| CVE-2025-34287 | 2025-10-30 | Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl |
| CVE-2020-36868 | 2025-10-30 | Nagios XI < 5.7.3 Privilege escalation via Insecure getprofile.sh Script |
| CVE-2018-25123 | 2025-10-30 | Nagios XI < 5.5.7 Privilege Escalation via MRTG Graphing Component |
| CVE-2024-14004 | 2025-10-30 | Nagios XI < 2024R1.2 Privilege Escalation via NagVis Configuration (nagvis.conf) |
| CVE-2024-14009 | 2025-10-30 | Nagios XI < 2024R1.0.1 Privilege Escalation via System Profile |
| CVE-2011-10035 | 2025-10-30 | Nagios XI < 2011R1.9 Race Conditions in Crontab Install Scripts LPE |
| CVE-2025-34134 | 2025-10-30 | Nagios XI < 2024R1.4.2 RCE via Business Process Intelligence (BPI) |
| CVE-2024-14003 | 2025-10-30 | Nagios XI < 2024R1.2 RCE via NRDP Server Plugins |
| CVE-2025-34286 | 2025-10-30 | Nagios XI < 2026R1 RCE via Run Check Command in CCM |
| CVE-2024-14008 | 2025-10-30 | Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard |
| CVE-2013-10071 | 2025-10-30 | Nagios XI < 2012R1.6 Reflected XSS via Dashlet AJAX Load Functionality |
| CVE-2024-13993 | 2025-10-30 | Nagios XI < 2024R1.1.2 Reflected XSS via Login Page on Older Browsers |
| CVE-2024-13996 | 2025-10-30 | Nagios XI < 2024R1.1.3 Session Not Invalidated After Password Change |
| CVE-2016-15050 | 2025-10-30 | Nagios XI < 5.2.4 SQL Injection in Notification Search |
| CVE-2020-36869 | 2025-10-30 | Nagios XI < 5.7.5 SQL injection via SNMP Trap Interface Edit Page |
| CVE-2022-50588 | 2025-10-30 | Nagios XI < 5.8.9 Stored XSS in Update Checking |
| CVE-2022-50586 | 2025-10-30 | Nagios XI < 5.8.9 Stored XSS via BPI Info URL |
| CVE-2022-50587 | 2025-10-30 | Nagios XI < 5.8.9 Stored XSS via Command Names in Apply Config Error Text |
| CVE-2020-36862 | 2025-10-30 | Nagios XI < 5.6.11 Unauthenticated XSS and SSRF via Highcharts |
| CVE-2020-36863 | 2025-10-30 | Nagios XI < 5.7.2 Unrestricted File Upload via Audio Import Directory |
| CVE-2023-7317 | 2025-10-30 | Nagios XI < 2024R1 Web SSH Terminal Missing Access Control |
| CVE-2023-53688 | 2025-10-30 | Nagios XI < 5.11.3 XSS & CSRF via Hypermap Replay |
| CVE-2021-47699 | 2025-10-30 | Nagios XI < 5.8.7 XSS in Audit Log via Send to NLS Form |
| CVE-2011-10039 | 2025-10-30 | Nagios XI < 2011R1.9 XSS via Alert Heatmap Report & “My Reports” Listing |
| CVE-2011-10036 | 2025-10-30 | Nagios XI < 2011R1.9 XSS via backend_url JavaScript Link Handler |
| CVE-2023-7314 | 2025-10-30 | Nagios XI < 5.11.3 XSS via Bandwidth Report |
| CVE-2021-47696 | 2025-10-30 | Nagios XI < 5.8.0 XSS via BPI Config ID Handling |
| CVE-2020-36865 | 2025-10-30 | Nagios XI < 5.7.2 XSS via BPI Config Management |
| CVE-2023-7313 | 2025-10-30 | Nagios XI < 5.11.3 XSS via Bulk Modifications |
| CVE-2024-14000 | 2025-10-30 | Nagios XI < 2024R1.1.3 XSS via Capacity Planning Report |
| CVE-2023-7318 | 2025-10-30 | Nagios XI < 2024R1.0.2 XSS via Core Command Expansion |
| CVE-2020-36864 | 2025-10-30 | Nagios XI < 5.7.2 XSS via Dashboard Background Color Setting |
| CVE-2024-14001 | 2025-10-30 | Nagios XI < 2024R1.1.3 XSS via Executive Summary Report |
| CVE-2023-7315 | 2025-10-30 | Nagios XI < 5.11.3 XSS via Graph Explorer |
| CVE-2023-7316 | 2025-10-30 | Nagios XI < 2024R1 XSS via Graph Explorer |
| CVE-2020-36866 | 2025-10-30 | Nagios XI < 5.7.3 XSS via Manage Users in Admin Interface |
| CVE-2016-15052 | 2025-10-30 | Nagios XI < 5.2.4 XSS via Menu System |
| CVE-2016-15053 | 2025-10-30 | Nagios XI < 5.2.4 XSS via “My Reports” Listing |
| CVE-2021-47695 | 2025-10-30 | Nagios XI < 5.8.0 XSS via My Tools Page |
| CVE-2011-10038 | 2025-10-30 | Nagios XI < 2011R1.9 XSS via Recurring Downtime Script |
| CVE-2016-15051 | 2025-10-30 | Nagios XI < 5.2.4 XSS via Report startdate/enddate Fields |
| CVE-2011-10040 | 2025-10-30 | Nagios XI < 2011R1.9 XSS via Status/Report Page Link Functions |
| CVE-2013-10074 | 2025-10-30 | Nagios XI < 2012R2.6 XSS via Tools Menu |
| CVE-2018-25121 | 2025-10-30 | Nagios XI < 5.4.13 XSS via Views Page |
| CVE-2021-47697 | 2025-10-30 | Nagios XI < 5.8.0 XSS via Views URL Handling |
| CVE-2011-10037 | 2025-10-30 | Nagios XI < 2011R1.9 XSS via xiwindow Variables Affecting Permalinks |
| CVE-2025-52664 | 2025-10-30 | SQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by logged in users |
| CVE-2025-48980 | 2025-10-30 | In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie... |
| CVE-2025-52663 | 2025-10-30 | A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network... |
| CVE-2025-52665 | 2025-10-30 | A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability... |
| CVE-2025-48984 | 2025-10-30 | A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. |
| CVE-2025-27208 | 2025-10-30 | A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver... |
| CVE-2025-48982 | 2025-10-30 | This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file. |
| CVE-2025-48983 | 2025-10-30 | A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user. |
| CVE-2025-8849 | 2025-10-30 | Denial of Service in danny-avila/librechat |
| CVE-2025-23050 | 2025-10-31 | QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2. |
| CVE-2025-29270 | 2025-10-31 | Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the... |
| CVE-2025-57106 | 2025-10-31 | Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data. |
| CVE-2025-57107 | 2025-10-31 | Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate... |
| CVE-2025-57108 | 2025-10-31 | Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory... |
| CVE-2025-60749 | 2025-10-31 | DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe. |
| CVE-2025-61427 | 2025-10-31 | A reflected cross-site scripting (XSS) vulnerability in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a... |
| CVE-2025-63454 | 2025-10-31 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-63458 | 2025-10-31 | Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-63459 | 2025-10-31 | Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_421CF0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-63460 | 2025-10-31 | Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-63461 | 2025-10-31 | Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-63462 | 2025-10-31 | Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub_421A04 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-63463 | 2025-10-31 | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-63464 | 2025-10-31 | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_42396C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-63465 | 2025-10-31 | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-63466 | 2025-10-31 | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-63467 | 2025-10-31 | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-63468 | 2025-10-31 | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-63469 | 2025-10-31 | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-63561 | 2025-10-31 | Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris-style Denial-of-Service (DoS) condition in the HTTP connection handling layer, where an attacker that opens and... |
| CVE-2025-63562 | 2025-10-31 | Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary... |
| CVE-2025-63563 | 2025-10-31 | Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token... |
| CVE-2025-63675 | 2025-10-31 | cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aes_decrypt_message in symmetric_encryption.py. |