VULNMAP - Security Vulnerabilities

CVE List - 2025 / October

Showing 401 - 500 of 4280 CVEs for October 2025 (Page 5 of 43)

CVE ID Date Title
CVE-2025-9209 2025-10-03 RestroPress – Online Food Ordering System 3.0.0 - 3.1.9.2 - Unauthenticated Information Exposure to Authentication Bypass via Forged JWT
CVE-2025-9286 2025-10-03 Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password
CVE-2025-9198 2025-10-03 Wp cycle text announcement <= 8.1 - Authenticated (Contributor+) SQL Injection
CVE-2025-9875 2025-10-03 Event Tickets, RSVPs, Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-9876 2025-10-03 Ird Slider <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-9332 2025-10-03 Interactive Medical Drawing of Human Body <= 2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2025-7721 2025-10-03 JoomSport <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion
CVE-2025-9077 2025-10-03 Ultra Addons Lite for Elementor <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Field
CVE-2025-9884 2025-10-03 Mobile Site Redirect <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-10192 2025-10-03 WP Photo Effects <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2025-10306 2025-10-03 Backup Bolt <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download
CVE-2025-9945 2025-10-03 Optimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset
CVE-2025-9854 2025-10-03 A Simple Multilanguage Plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-9080 2025-10-03 Generic Elements <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-9206 2025-10-03 Meks Easy Maps <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-10053 2025-10-03 TableGen – Data Table Generator <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2025-10309 2025-10-03 PayPal Forms <= 1.0.3 - Cross-Site Request Forgery
CVE-2025-9199 2025-10-03 Woo superb slideshow transition gallery with random effect <= 9.1 - Authenticated (Contributor+) SQL Injection
CVE-2025-9892 2025-10-03 Restrict User Registration <= 1.0.1 - Cross-Site Request Forgery to Settings Update
CVE-2025-9200 2025-10-03 Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection
CVE-2025-9372 2025-10-03 Ultimate Multi Design Video Carousel <= 1.4 - Authenticated (Editor+) Stored Cross-Site Scripting
CVE-2025-8776 2025-10-03 Epic Bootstrap Buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icol Parameter
CVE-2025-9859 2025-10-03 Fintelligence Calculator <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-8669 2025-10-03 Customify <= 0.4.11 - Cross-Site Request Forgery
CVE-2025-9889 2025-10-03 ContentMX Content Publisher <= 1.0.6 - Cross-Site Request Forgery
CVE-2025-10582 2025-10-03 WP Dispatcher <= 1.2.0 - Authenticated (Contributor+) SQL Injection
CVE-2025-9630 2025-10-03 WP SinoType <= 1.0 - Cross-Site Request Forgery
CVE-2025-9858 2025-10-03 Auto Bulb Finder for WordPress <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-9895 2025-10-03 Notification Bar <= 2.2 - Cross-Site Request Forgery
CVE-2025-7825 2025-10-03 Schema Plugin For Divi, Gutenberg & Shortcodes <= 4.3.2 - Authenticated (Contributor+) Object Instantiation
CVE-2025-9129 2025-10-03 Flexi <= 4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via flexi-form-tag Shortcode
CVE-2025-9204 2025-10-03 X Addons for Elementor <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Video ID Field
CVE-2025-9194 2025-10-03 Constructor <= 1.6.5 - Missing Authorization to Authenticated (Subscriber+) Theme Clean
CVE-2025-9561 2025-10-03 AP Background 3.8.1 - 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload via advParallaxBackAdminSaveSlider Function
CVE-2025-9212 2025-10-03 WP Dispatcher <= 1.2.0 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-9897 2025-10-03 AP Background <= 3.8.2 - Cross-Site Request Forgery
CVE-2025-10165 2025-10-03 AP Background <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-10302 2025-10-03 Ultimate Viral Quiz <= 1.0 - Cross-Site Request Forgery to Settings Update
CVE-2025-40636 2025-10-03 SQL injection in the mod_vvisit_counter module
CVE-2025-27231 2025-10-03 LDAP 'Bind password' field value can be leaked by a Zabbix Super Admin
CVE-2025-0876 2025-10-03 XSS in Isin Basi Advertisement & IT's Workif
CVE-2025-27236 2025-10-03 User information disclosure via api_jsonrpc.php on method user.get with param search
CVE-2025-27237 2025-10-03 DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration
CVE-2025-49641 2025-10-03 Insufficient permission check for the problem.view.refresh action
CVE-2025-10547 2025-10-03 CVE-2025-10547
CVE-2025-10609 2025-10-03 Hardcoded Credentials in Logo Software's TigerWings ERP
CVE-2025-10728 2025-10-03 Uncontrolled recursion in Qt SVG module
CVE-2025-10729 2025-10-03 Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG
CVE-2025-34226 2025-10-03 OpenPLC Runtime v3 Persistent DoS
CVE-2025-61590 2025-10-03 Cursor is vulnerable to RCE via .code-workspace files using Prompt Injection
CVE-2025-61591 2025-10-03 Cursor CLI's Cursor Agent MCP OAuth2 Communication is Vulnerable to Remote Code Execution
CVE-2025-61592 2025-10-03 Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config
CVE-2025-61593 2025-10-03 Cursor CLI Agent: Sensitive File Overwrite Bypass
CVE-2025-46817 2025-10-03 Lua library commands may lead to integer overflow and potential RCE
CVE-2025-52653 2025-10-03 Cross Site Scripting vulnerability in the web application
CVE-2024-56804 2025-10-03 Video Station
CVE-2025-33034 2025-10-03 Qsync Central
CVE-2025-33039 2025-10-03 Qsync Central
CVE-2025-33040 2025-10-03 Qsync Central
CVE-2025-44006 2025-10-03 Qsync Central
CVE-2025-44007 2025-10-03 Qsync Central
CVE-2025-44008 2025-10-03 Qsync Central
CVE-2025-44009 2025-10-03 Qsync Central
CVE-2025-44010 2025-10-03 Qsync Central
CVE-2025-44011 2025-10-03 Qsync Central
CVE-2025-44012 2025-10-03 Qsync Central
CVE-2025-44014 2025-10-03 Qsync Central
CVE-2025-47210 2025-10-03 Qsync Central
CVE-2025-47211 2025-10-03 QTS, QuTS hero
CVE-2025-47212 2025-10-03 QTS, QuTS hero
CVE-2025-47213 2025-10-03 QTS, QuTS hero
CVE-2025-47214 2025-10-03 QTS
CVE-2025-48726 2025-10-03 QTS, QuTS hero
CVE-2025-48727 2025-10-03 QTS, QuTS hero
CVE-2025-48728 2025-10-03 QTS, QuTS hero
CVE-2025-48729 2025-10-03 QTS, QuTS hero
CVE-2025-48730 2025-10-03 QTS, QuTS hero
CVE-2025-52424 2025-10-03 QTS, QuTS hero
CVE-2025-52427 2025-10-03 QTS, QuTS hero
CVE-2025-52428 2025-10-03 QTS
CVE-2025-52654 2025-10-03 HCL MyXalytics is affected by an HTML Injection
CVE-2025-52429 2025-10-03 QTS, QuTS hero
CVE-2025-52432 2025-10-03 QTS, QuTS hero
CVE-2025-52433 2025-10-03 QTS, QuTS hero
CVE-2025-52853 2025-10-03 QTS, QuTS hero
CVE-2025-52854 2025-10-03 QTS, QuTS hero
CVE-2025-52855 2025-10-03 QTS, QuTS hero
CVE-2025-52857 2025-10-03 QTS, QuTS hero
CVE-2025-52858 2025-10-03 QTS, QuTS hero
CVE-2025-52859 2025-10-03 QTS, QuTS hero
CVE-2025-52860 2025-10-03 QTS, QuTS hero
CVE-2025-52862 2025-10-03 QTS, QuTS hero
CVE-2025-52866 2025-10-03 QTS, QuTS hero
CVE-2025-52867 2025-10-03 Qsync Central
CVE-2025-53406 2025-10-03 QTS, QuTS hero
CVE-2025-53407 2025-10-03 QTS, QuTS hero
CVE-2025-53595 2025-10-03 Qsync Central
CVE-2025-54153 2025-10-03 Qsync Central
CVE-2025-54154 2025-10-03 QNAP Authenticator
CVE-2025-57714 2025-10-03 NetBak Replicator