CVE List - 2025 / October
Showing 501 - 600 of 4280 CVEs for October 2025 (Page 6 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-52658 | 2025-10-03 | HCL MyXalytics is affected by the use of vulnerable/outdated versions |
| CVE-2025-52656 | 2025-10-03 | HCL MyXalytics product is affected by Mass Assignment vulnerability |
| CVE-2025-46818 | 2025-10-03 | Redis: Authenticated users can execute LUA scripts as a different user |
| CVE-2025-46819 | 2025-10-03 | Redis is vulnerable to DoS via specially crafted LUA scripts |
| CVE-2025-49844 | 2025-10-03 | Redis Lua Use-After-Free may lead to remote code execution |
| CVE-2025-53354 | 2025-10-03 | NiceGUI is vulnerable to Reflected XSS attack |
| CVE-2025-54374 | 2025-10-03 | Eidos: One-click Remote Code Execution through Custom URL Handling |
| CVE-2025-59829 | 2025-10-03 | Claude Code: Permission deny bypass is possible through symlink |
| CVE-2025-59943 | 2025-10-03 | phpMyFAQ duplicate email registration allows multiple accounts with the same email |
| CVE-2025-59944 | 2025-10-03 | Cursor IDE: Sensitive File Overwrite Bypass is Possible |
| CVE-2025-10692 | 2025-10-03 | OpenSupports 4.11.0 — SQL Injection |
| CVE-2025-10696 | 2025-10-03 | OpenSupports 4.11.0 — Insecure Direct Object Reference in supervised list |
| CVE-2025-10695 | 2025-10-03 | OpenSupports 4.11.0 — SSRF via test imap and smtp endpoints |
| CVE-2025-61673 | 2025-10-03 | Karapace is vulnerable to Authentication Bypass |
| CVE-2025-43825 | 2025-10-03 | A vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.5, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1... |
| CVE-2025-61677 | 2025-10-03 | DataChain: Deserialization of Untrusted Data from Environment Variables |
| CVE-2025-61679 | 2025-10-03 | Anyquery Unauthenticated Access Vulnerability Exposes Private Integration Data |
| CVE-2025-61680 | 2025-10-03 | Minecraft RCON Terminal: Plain Text Password Storage in Configuration |
| CVE-2025-61681 | 2025-10-03 | Kuno is Vulnerable to Stored XSS Attack via SVG File Upload |
| CVE-2025-61685 | 2025-10-03 | Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure |
| CVE-2025-61962 | 2025-10-04 | In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context. |
| CVE-2025-10751 | 2025-10-04 | MacForge 1.2.0 Beta 1 - Local Privilege Escalation |
| CVE-2025-11227 | 2025-10-04 | GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure |
| CVE-2025-8726 | 2025-10-04 | WP Photo Album Plus <= 9.0.11.006 - Authenticated (Subscriber+) Stored Cross-Site Scripting via wppa_user_upload |
| CVE-2025-9243 | 2025-10-04 | Cost Calculator Builder <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions |
| CVE-2025-10746 | 2025-10-04 | Integrate Dynamics 365 CRM <= 1.0.9 - Missing Authorization |
| CVE-2025-9485 | 2025-10-04 | OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Authentication Bypass via get_resource_owner_from_id_token() |
| CVE-2025-11228 | 2025-10-04 | GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association |
| CVE-2025-9030 | 2025-10-04 | Majestic Before After Image <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-9029 | 2025-10-04 | WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authentication via wdkit_handle_review_submission Function |
| CVE-2025-9952 | 2025-10-04 | Trinity Audio <= 5.20.2 - Reflected Cross-Site Scripting |
| CVE-2025-10383 | 2025-10-04 | Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.2 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2025-9886 | 2025-10-04 | Trinity Audio <= 5.20.2 - Cross-Site Request Forgery |
| CVE-2025-39929 | 2025-10-04 | smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path |
| CVE-2025-39931 | 2025-10-04 | crypto: af_alg - Set merge to zero early in af_alg_sendmsg |
| CVE-2025-39932 | 2025-10-04 | smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) |
| CVE-2025-39933 | 2025-10-04 | smb: client: let recv_done verify data_offset, data_length and remaining_data_length |
| CVE-2025-39934 | 2025-10-04 | drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ |
| CVE-2025-39935 | 2025-10-04 | ASoC: codec: sma1307: Fix memory corruption in sma1307_setting_loaded() |
| CVE-2025-39936 | 2025-10-04 | crypto: ccp - Always pass in an error pointer to __sev_platform_shutdown_locked() |
| CVE-2025-39937 | 2025-10-04 | net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer |
| CVE-2025-39938 | 2025-10-04 | ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed |
| CVE-2025-39939 | 2025-10-04 | iommu/s390: Fix memory corruption when using identity domain |
| CVE-2025-39940 | 2025-10-04 | dm-stripe: fix a possible integer overflow |
| CVE-2025-39941 | 2025-10-04 | zram: fix slot write race condition |
| CVE-2025-39942 | 2025-10-04 | ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size |
| CVE-2025-39943 | 2025-10-04 | ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer |
| CVE-2025-39944 | 2025-10-04 | octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() |
| CVE-2025-39945 | 2025-10-04 | cnic: Fix use-after-free bugs in cnic_delete_task |
| CVE-2025-39946 | 2025-10-04 | tls: make sure to abort the stream if headers are bogus |
| CVE-2025-39947 | 2025-10-04 | net/mlx5e: Harden uplink netdev access against device unbind |
| CVE-2025-39948 | 2025-10-04 | ice: fix Rx page leak on multi-buffer frames |
| CVE-2025-39949 | 2025-10-04 | qed: Don't collect too many protection override GRC elements |
| CVE-2025-39950 | 2025-10-04 | net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR |
| CVE-2025-39951 | 2025-10-04 | um: virtio_uml: Fix use-after-free after put_device in probe |
| CVE-2025-39952 | 2025-10-04 | wifi: wilc1000: avoid buffer overflow in WID string configuration |
| CVE-2025-39953 | 2025-10-04 | cgroup: split cgroup_destroy_wq into 3 workqueues |
| CVE-2022-50470 | 2025-10-04 | xhci: Remove device endpoints from bandwidth list when freeing the device |
| CVE-2022-50471 | 2025-10-04 | xen/gntdev: Accommodate VMA splitting |
| CVE-2022-50472 | 2025-10-04 | IB/mad: Don't call to function that might sleep while in atomic context |
| CVE-2022-50473 | 2025-10-04 | cpufreq: Init completion before kobject_init_and_add() |
| CVE-2022-50474 | 2025-10-04 | macintosh: fix possible memory leak in macio_add_one_device() |
| CVE-2022-50475 | 2025-10-04 | RDMA/core: Make sure "ib_port" is valid when access sysfs node |
| CVE-2022-50476 | 2025-10-04 | ntb_netdev: Use dev_kfree_skb_any() in interrupt context |
| CVE-2022-50477 | 2025-10-04 | rtc: class: Fix potential memleak in devm_rtc_allocate_device() |
| CVE-2022-50478 | 2025-10-04 | nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() |
| CVE-2022-50479 | 2025-10-04 | drm/amd: fix potential memory leak |
| CVE-2022-50480 | 2025-10-04 | memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() |
| CVE-2022-50481 | 2025-10-04 | cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() |
| CVE-2022-50482 | 2025-10-04 | iommu/vt-d: Clean up si_domain in the init_dmars() error path |
| CVE-2022-50483 | 2025-10-04 | net: enetc: avoid buffer leaks on xdp_do_redirect() failure |
| CVE-2022-50484 | 2025-10-04 | ALSA: usb-audio: Fix potential memory leaks |
| CVE-2022-50485 | 2025-10-04 | ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode |
| CVE-2022-50486 | 2025-10-04 | net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() |
| CVE-2023-53533 | 2025-10-04 | Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe |
| CVE-2023-53534 | 2025-10-04 | drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc |
| CVE-2023-53535 | 2025-10-04 | net: bcmgenet: Add a check for oversized packets |
| CVE-2023-53536 | 2025-10-04 | blk-crypto: make blk_crypto_evict_key() more robust |
| CVE-2023-53537 | 2025-10-04 | f2fs: fix to avoid use-after-free for cached IPU bio |
| CVE-2023-53538 | 2025-10-04 | btrfs: insert tree mod log move in push_node_left |
| CVE-2023-53539 | 2025-10-04 | RDMA/rxe: Fix incomplete state save in rxe_requester |
| CVE-2023-53540 | 2025-10-04 | wifi: cfg80211: reject auth/assoc to AP with our address |
| CVE-2023-53541 | 2025-10-04 | mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write |
| CVE-2023-53542 | 2025-10-04 | ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy |
| CVE-2023-53543 | 2025-10-04 | vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check |
| CVE-2023-53544 | 2025-10-04 | cpufreq: davinci: Fix clk use after free |
| CVE-2023-53545 | 2025-10-04 | drm/amdgpu: unmap and remove csa_va properly |
| CVE-2023-53546 | 2025-10-04 | net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx |
| CVE-2023-53547 | 2025-10-04 | drm/amdgpu: Fix sdma v4 sw fini error |
| CVE-2023-53548 | 2025-10-04 | net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb |
| CVE-2023-53549 | 2025-10-04 | netfilter: ipset: Rework long task execution when adding/deleting entries |
| CVE-2023-53550 | 2025-10-04 | cpufreq: amd-pstate: fix global sysfs attribute type |
| CVE-2023-53551 | 2025-10-04 | usb: gadget: u_serial: Add null pointer check in gserial_resume |
| CVE-2023-53552 | 2025-10-04 | drm/i915: mark requests for GuC virtual engines to avoid use-after-free |
| CVE-2023-53553 | 2025-10-04 | HID: hyperv: avoid struct memcpy overrun warning |
| CVE-2023-53554 | 2025-10-04 | staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() |
| CVE-2023-53555 | 2025-10-04 | mm/damon/core: initialize damo_filter->list from damos_new_filter() |
| CVE-2023-53556 | 2025-10-04 | iavf: Fix use-after-free in free_netdev |
| CVE-2023-53557 | 2025-10-04 | fprobe: Release rethook after the ftrace_ops is unregistered |
| CVE-2023-53558 | 2025-10-04 | rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic() |