CVE List - 2025 / October
Showing 701 - 800 of 4280 CVEs for October 2025 (Page 8 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-11292 | 2025-10-05 | Belkin F9K1015 formBSSetSitesurvey command injection |
| CVE-2025-11293 | 2025-10-05 | Belkin F9K1015 formConnectionSetting buffer overflow |
| CVE-2025-11294 | 2025-10-05 | Belkin F9K1015 formL2TPSetup buffer overflow |
| CVE-2025-11295 | 2025-10-05 | Belkin F9K1015 formPPPoESetup buffer overflow |
| CVE-2025-11296 | 2025-10-05 | Belkin F9K1015 formPPTPSetup buffer overflow |
| CVE-2025-11297 | 2025-10-05 | Belkin F9K1015 formSetLanguage buffer overflow |
| CVE-2025-11298 | 2025-10-05 | Belkin F9K1015 formSetWanStatic command injection |
| CVE-2025-11299 | 2025-10-05 | Belkin F9K1015 formWanTcpipSetup buffer overflow |
| CVE-2025-11300 | 2025-10-05 | Belkin F9K1015 formWlanMP buffer overflow |
| CVE-2025-11301 | 2025-10-05 | Belkin F9K1015 formWlanSetupWPS buffer overflow |
| CVE-2025-11302 | 2025-10-05 | Belkin F9K1015 formWpsStart buffer overflow |
| CVE-2025-11303 | 2025-10-05 | Belkin F9K1015 mp command injection |
| CVE-2025-11304 | 2025-10-05 | CodeCanyon/ui-lib Mentor LMS API cross-domain policy |
| CVE-2025-11305 | 2025-10-05 | UTT HiPER 840G formTaskEdit strcpy buffer overflow |
| CVE-2025-11306 | 2025-10-05 | qianfox FoxCMS Search cross site scripting |
| CVE-2025-11308 | 2025-10-05 | Vanderlande Baggage 360 messages cross site scripting |
| CVE-2025-11309 | 2025-10-05 | Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findDeptPage.do doFilter sql injection |
| CVE-2025-11310 | 2025-10-05 | Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findFileServerPage.do findFileServerPage sql injection |
| CVE-2025-28129 | 2025-10-06 | Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking. |
| CVE-2025-29192 | 2025-10-06 | Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log. |
| CVE-2025-50538 | 2025-10-06 | Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log. |
| CVE-2025-56382 | 2025-10-06 | A stored Cross-site scripting (XSS) vulnerability exists in the Customer Management Module of LionCoders SalePro POS 5.4.8. An authenticated attacker can inject arbitrary web script or HTML via the 'Customer... |
| CVE-2025-57247 | 2025-10-06 | The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a) contains incorrect access control implementation in whitelist management functions. The setColdWhiteList() and setSpecialAddress() functions in the base ERC20 contract are declared... |
| CVE-2025-57515 | 2025-10-06 | A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows remote attackers to inject arbitrary SQL commands via vulnerable input fields, enabling the execution of... |
| CVE-2025-59447 | 2025-10-06 | The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network... |
| CVE-2025-59448 | 2025-10-06 | Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information... |
| CVE-2025-59449 | 2025-10-06 | The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the... |
| CVE-2025-59450 | 2025-10-06 | The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials. |
| CVE-2025-59451 | 2025-10-06 | The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes. |
| CVE-2025-59452 | 2025-10-06 | The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key... |
| CVE-2025-60956 | 2025-10-06 | Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service,... |
| CVE-2025-60957 | 2025-10-06 | OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated... |
| CVE-2025-60958 | 2025-10-06 | Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information. |
| CVE-2025-60959 | 2025-10-06 | OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information. |
| CVE-2025-60960 | 2025-10-06 | OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated... |
| CVE-2025-60961 | 2025-10-06 | Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts. |
| CVE-2025-60962 | 2025-10-06 | OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts. |
| CVE-2025-60963 | 2025-10-06 | OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated... |
| CVE-2025-60964 | 2025-10-06 | OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated... |
| CVE-2025-60965 | 2025-10-06 | OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated... |
| CVE-2025-60967 | 2025-10-06 | Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information. |
| CVE-2025-60969 | 2025-10-06 | Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information. |
| CVE-2025-61197 | 2025-10-06 | An issue in Orban Optimod 5950, Optimod 5950HD, Optimod 5750, Optimod 5750HD, Optimod Trio Optimod version 1.0.0.33 - System version 2.5.26 allows a remote attacker to escalate privileges via the... |
| CVE-2025-61198 | 2025-10-06 | A stored cross-site scripting (XSS) vulnerability in Optimod 5950 - Optimod 5950HD - Optimod 5750 - Optimod 5750HD - Optimod Trio - Optimod version 1.0.0.33 - System version 2.5.26, allows... |
| CVE-2025-61224 | 2025-10-06 | Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q parameter |
| CVE-2025-61984 | 2025-10-06 | ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources... |
| CVE-2025-61985 | 2025-10-06 | ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. |
| CVE-2025-11311 | 2025-10-06 | Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findTenantPage.do findTenantPage sql injection |
| CVE-2025-11312 | 2025-10-06 | Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findModulePage.do findModulePage sql injection |
| CVE-2025-11313 | 2025-10-06 | Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findRolePage.do findRolePage sql injection |
| CVE-2025-11314 | 2025-10-06 | Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findSingConfigPage.do findRolePage sql injection |
| CVE-2025-11315 | 2025-10-06 | Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findUserPage.do findUserPage sql injection |
| CVE-2025-11316 | 2025-10-06 | Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findCategoryPage.do findCategoryPage sql injection |
| CVE-2025-11317 | 2025-10-06 | Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findSingConfigPage.do findRolePage sql injection |
| CVE-2025-11318 | 2025-10-06 | Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 uploadWxFile.do unrestricted upload |
| CVE-2025-11319 | 2025-10-06 | nahiduddinahammed Hospital-Management-System-Website delete.php sql injection |
| CVE-2025-11320 | 2025-10-06 | zhuimengshaonian wisdom-education UploadController.java uploadFile unrestricted upload |
| CVE-2025-11321 | 2025-10-06 | zhuimengshaonian wisdom-education WrongBookController.java authorization |
| CVE-2025-57781 | 2025-10-06 | The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code... |
| CVE-2025-11322 | 2025-10-06 | Mangati NovoSGA User Creation new weak password |
| CVE-2025-9703 | 2025-10-06 | Ultimate Addons for Elementor Lite < 2.5.0 - Author+ Stored XSS |
| CVE-2025-9710 | 2025-10-06 | Responsive Lightbox & Gallery < 2.5.3 - Unauthenticated Stored-XSS via Comments |
| CVE-2025-11323 | 2025-10-06 | UTT 1250GW formUserStatusRemark strcpy buffer overflow |
| CVE-2025-11324 | 2025-10-06 | Tenda AC18 setNotUpgrade stack-based overflow |
| CVE-2025-9913 | 2025-10-06 | Cross Site Scripting: Session Hijacking |
| CVE-2025-9914 | 2025-10-06 | The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could... |
| CVE-2025-58578 | 2025-10-06 | Unlimited user creation by authorized users |
| CVE-2025-58580 | 2025-10-06 | Injection via log file |
| CVE-2025-58581 | 2025-10-06 | Information Disclosure Through Stacktrace-/MQTT/Config/changeAll |
| CVE-2025-58582 | 2025-10-06 | Uncontrolled Resource Consumption via log file |
| CVE-2025-58583 | 2025-10-06 | User Enumeration |
| CVE-2025-58584 | 2025-10-06 | Plain Text Transmission of Username and Password in the URL |
| CVE-2025-58585 | 2025-10-06 | Sensitive Information Disclosure Through Missing Authentication |
| CVE-2025-11325 | 2025-10-06 | Tenda AC18 fast_setting_pppoe_set stack-based overflow |
| CVE-2025-58586 | 2025-10-06 | User Enumeration by excessive error output |
| CVE-2025-58587 | 2025-10-06 | Improper Restriction of Excessive Authentication Attempts |
| CVE-2025-58589 | 2025-10-06 | Information Disclosure Through Stacktrace |
| CVE-2025-58590 | 2025-10-06 | Path traversal |
| CVE-2025-58591 | 2025-10-06 | Path Traversal |
| CVE-2025-58579 | 2025-10-06 | Username Disclosure Through Missing Authentication |
| CVE-2025-11326 | 2025-10-06 | Tenda AC18 WifiMacFilterSet stack-based overflow |
| CVE-2025-11327 | 2025-10-06 | Tenda AC18 SetUpnpCfg stack-based overflow |
| CVE-2025-59728 | 2025-10-06 | Heap-buffer-overflow write in FFmpeg MDASH resolve_content_path |
| CVE-2025-59729 | 2025-10-06 | Heap-buffer-overflow read in FFmpeg DHAV get_duration |
| CVE-2025-59730 | 2025-10-06 | Heap-buffer-overflow write in FFmpeg SANM decoding due to lack of bounds-checking in old_codec48 |
| CVE-2025-59731 | 2025-10-06 | Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress |
| CVE-2025-59732 | 2025-10-06 | Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress |
| CVE-2025-59733 | 2025-10-06 | Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress |
| CVE-2025-59734 | 2025-10-06 | Heap-buffer-overflow write in FFmpeg SANM process_ftch |
| CVE-2025-11328 | 2025-10-06 | Tenda AC18 SetDDNSCfg stack-based overflow |
| CVE-2025-11329 | 2025-10-06 | code-projects Online Course Registration manage-students.php sql injection |
| CVE-2025-0606 | 2025-10-06 | IDOR in Logo Software's Logo Cloud |
| CVE-2025-0607 | 2025-10-06 | HTML Injection in Logo Software's Logo Cloud |
| CVE-2025-0608 | 2025-10-06 | Open Redirect in Logo Software's Logo Cloud |
| CVE-2025-0609 | 2025-10-06 | XSS in Logo Software's Logo Cloud |
| CVE-2025-11330 | 2025-10-06 | PHPGurukul Beauty Parlour Management System sales-reports-detail.php sql injection |
| CVE-2025-11331 | 2025-10-06 | IdeaCMS Website Name Config.php command injection |
| CVE-2025-11332 | 2025-10-06 | CmsEasy URL view.php cross site scripting |
| CVE-2025-11333 | 2025-10-06 | langleyfcu Online Banking System Add Customer customer_add_action.php cross site scripting |
| CVE-2025-11334 | 2025-10-06 | Campcodes Online Apartment Visitor Management System visitor-detail.php sql injection |