CVE List - 2025 / July
Showing 1101 - 1200 of 3776 CVEs for July 2025 (Page 12 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-7196 | 2025-07-08 | code-projects Jonnys Liquor browse.php sql injection |
| CVE-2025-43582 | 2025-07-08 | Substance3D - Viewer | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-43583 | 2025-07-08 | Substance3D - Viewer | NULL Pointer Dereference (CWE-476) |
| CVE-2025-43584 | 2025-07-08 | Substance3D - Viewer | Out-of-bounds Read (CWE-125) |
| CVE-2025-27165 | 2025-07-08 | Substance3D - Stager | Out-of-bounds Read (CWE-125) |
| CVE-2025-27203 | 2025-07-08 | Adobe Connect | Deserialization of Untrusted Data (CWE-502) |
| CVE-2025-7197 | 2025-07-08 | code-projects Jonnys Liquor delete-row.php sql injection |
| CVE-2025-49533 | 2025-07-08 | Adobe Experience Manager (MS) | Deserialization of Untrusted Data (CWE-502) |
| CVE-2025-53547 | 2025-07-08 | Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution |
| CVE-2025-49534 | 2025-07-08 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-49547 | 2025-07-08 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-6759 | 2025-07-08 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges |
| CVE-2025-47103 | 2025-07-08 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-47136 | 2025-07-08 | InDesign Desktop | Integer Underflow (Wrap or Wraparound) (CWE-191) |
| CVE-2025-47134 | 2025-07-08 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-43594 | 2025-07-08 | InDesign Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2025-43592 | 2025-07-08 | InDesign Desktop | Access of Uninitialized Pointer (CWE-824) |
| CVE-2025-43591 | 2025-07-08 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-30313 | 2025-07-08 | Illustrator | Out-of-bounds Read (CWE-125) |
| CVE-2025-49526 | 2025-07-08 | Illustrator | Out-of-bounds Write (CWE-787) |
| CVE-2025-49530 | 2025-07-08 | Illustrator | Out-of-bounds Write (CWE-787) |
| CVE-2025-49529 | 2025-07-08 | Illustrator | Access of Uninitialized Pointer (CWE-824) |
| CVE-2025-49525 | 2025-07-08 | Illustrator | Out-of-bounds Read (CWE-125) |
| CVE-2025-49532 | 2025-07-08 | Illustrator | Integer Underflow (Wrap or Wraparound) (CWE-191) |
| CVE-2025-49527 | 2025-07-08 | Illustrator | Stack-based Buffer Overflow (CWE-121) |
| CVE-2025-49531 | 2025-07-08 | Illustrator | Integer Overflow or Wraparound (CWE-190) |
| CVE-2025-49528 | 2025-07-08 | Illustrator | Stack-based Buffer Overflow (CWE-121) |
| CVE-2025-49524 | 2025-07-08 | Illustrator | NULL Pointer Dereference (CWE-476) |
| CVE-2025-7198 | 2025-07-08 | code-projects Jonnys Liquor admin-area.php sql injection |
| CVE-2025-47132 | 2025-07-08 | Adobe Framemaker | Out-of-bounds Write (CWE-787) |
| CVE-2025-47123 | 2025-07-08 | Adobe Framemaker | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-47125 | 2025-07-08 | Adobe Framemaker | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-47119 | 2025-07-08 | Adobe Framemaker | NULL Pointer Dereference (CWE-476) |
| CVE-2025-47129 | 2025-07-08 | Adobe Framemaker | Out-of-bounds Write (CWE-787) |
| CVE-2025-47127 | 2025-07-08 | Adobe Framemaker | Out-of-bounds Write (CWE-787) |
| CVE-2025-47124 | 2025-07-08 | Adobe Framemaker | Out-of-bounds Write (CWE-787) |
| CVE-2025-47121 | 2025-07-08 | Adobe Framemaker | Access of Uninitialized Pointer (CWE-824) |
| CVE-2025-47133 | 2025-07-08 | Adobe Framemaker | Out-of-bounds Write (CWE-787) |
| CVE-2025-47130 | 2025-07-08 | Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191) |
| CVE-2025-47122 | 2025-07-08 | Adobe Framemaker | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-47131 | 2025-07-08 | Adobe Framemaker | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-47128 | 2025-07-08 | Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191) |
| CVE-2025-47126 | 2025-07-08 | Adobe Framemaker | Out-of-bounds Write (CWE-787) |
| CVE-2025-47120 | 2025-07-08 | Adobe Framemaker | Stack-based Buffer Overflow (CWE-121) |
| CVE-2025-47099 | 2025-07-08 | InCopy | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-47097 | 2025-07-08 | InCopy | Integer Underflow (Wrap or Wraparound) (CWE-191) |
| CVE-2025-47098 | 2025-07-08 | InCopy | Access of Uninitialized Pointer (CWE-824) |
| CVE-2025-7199 | 2025-07-08 | code-projects Library System notapprove.php sql injection |
| CVE-2024-56468 | 2025-07-08 | IBM InfoSphere Data Replication VSAM for z/OS Remote Source denial of service |
| CVE-2025-7200 | 2025-07-08 | krishna9772 Pharmacy Management System quantity_upd.php sql injection |
| CVE-2025-3780 | 2025-07-08 | WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorization to Unauthenticated Plugin Settings Modification |
| CVE-2025-4828 | 2025-07-08 | Support Board <= 3.8.0 - Unauthenticated Arbitrary File Deletion |
| CVE-2025-4855 | 2025-07-08 | Support Board <= 3.8.0 - Unauthenticated Authorization Bypass due to Use of Default Secret Key |
| CVE-2025-7206 | 2025-07-08 | D-Link DIR-825 httpd switch_language.cgi sub_410DDC stack-based overflow |
| CVE-2021-27961 | 2025-07-09 | evesys 7.1 (2152) through 8.0 (2202) allows Reflected XSS via the indexeva.php action parameter. |
| CVE-2025-44177 | 2025-07-09 | A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS... |
| CVE-2025-44525 | 2025-07-09 | Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers... |
| CVE-2025-44526 | 2025-07-09 | Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial... |
| CVE-2025-49604 | 2025-07-09 | For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03. In the WLAN driver defragment function, lack... |
| CVE-2025-52357 | 2025-07-09 | Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router (firmware V2.2.14), allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the... |
| CVE-2025-52364 | 2025-07-09 | Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to connect to... |
| CVE-2025-53645 | 2025-07-09 | Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path... |
| CVE-2025-7207 | 2025-07-09 | mruby nregs codegen.c scope_new heap-based overflow |
| CVE-2025-7208 | 2025-07-09 | 9fans plan9port x509.c edump heap-based overflow |
| CVE-2025-34077 | 2025-07-09 | WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE |
| CVE-2025-7209 | 2025-07-09 | 9fans plan9port x509.c value_decode null pointer dereference |
| CVE-2025-7210 | 2025-07-09 | code-projects/Fabian Ros Library Management System profile_update.php unrestricted upload |
| CVE-2025-5678 | 2025-07-09 | Kadence Blocks – Gutenberg Blocks for Page Builder Features <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via `redirectURL` Parameter |
| CVE-2025-7211 | 2025-07-09 | code-projects LifeStyle Store cart_add.php sql injection |
| CVE-2025-7212 | 2025-07-09 | itsourcecode Insurance Management System insertAgent.php sql injection |
| CVE-2025-7213 | 2025-07-09 | FNKvision FNK-GU2 UART Interface on-chip debug and test interface with improper access control |
| CVE-2025-7059 | 2025-07-09 | Simple Featured Image <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via slideshow Parameter |
| CVE-2025-4606 | 2025-07-09 | Sala - Startup & SaaS WordPress Theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover |
| CVE-2025-7214 | 2025-07-09 | FNKvision FNK-GU2 MD5 shadow risky encryption |
| CVE-2025-7215 | 2025-07-09 | FNKvision FNK-GU2 wpa_supplicant.conf cleartext storage |
| CVE-2025-7216 | 2025-07-09 | lty628 Aidigu PHP Object common.php checkUserCookie deserialization |
| CVE-2025-7217 | 2025-07-09 | Campcodes Payroll Management System ajax.php sql injection |
| CVE-2025-6742 | 2025-07-09 | SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated PHP Object Injection (PHAR) Triggered via Admin Submission Deletion |
| CVE-2025-6691 | 2025-07-09 | SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Submission Deletion |
| CVE-2025-7218 | 2025-07-09 | Campcodes Payroll Management System ajax.php sql injection |
| CVE-2025-7219 | 2025-07-09 | Campcodes Payroll Management System ajax.php sql injection |
| CVE-2025-7220 | 2025-07-09 | Campcodes Payroll Management System ajax.php sql injection |
| CVE-2025-7378 | 2025-07-09 | An improper input validation vulnerability was found on manipulating configuration of ADM |
| CVE-2025-7379 | 2025-07-09 | A security bypass vulnerability was found in DataSync Center installed on ADM |
| CVE-2025-27027 | 2025-07-09 | Restricted shell evasion in Radiflow iSAP Smart Collector |
| CVE-2025-27028 | 2025-07-09 | Read access of deprivileged Radiflow iSAP Smart Collector user |
| CVE-2025-3497 | 2025-07-09 | Radiflow iSAP Smart Collector Linux distribution unmaintained |
| CVE-2025-3498 | 2025-07-09 | Unauthenticated modification of Radiflow iSAP Smart Collector configuration |
| CVE-2025-3499 | 2025-07-09 | Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector |
| CVE-2025-38238 | 2025-07-09 | scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out |
| CVE-2025-38239 | 2025-07-09 | scsi: megaraid_sas: Fix invalid node index |
| CVE-2025-38241 | 2025-07-09 | mm/shmem, swap: fix softlockup with mTHP swapin |
| CVE-2025-38242 | 2025-07-09 | mm: userfaultfd: fix race of userfaultfd_move and swap cache |
| CVE-2025-38243 | 2025-07-09 | btrfs: fix invalid inode pointer dereferences during log replay |
| CVE-2025-38244 | 2025-07-09 | smb: client: fix potential deadlock when reconnecting channels |
| CVE-2025-38245 | 2025-07-09 | atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). |
| CVE-2025-38246 | 2025-07-09 | bnxt: properly flush XDP redirect lists |
| CVE-2025-38247 | 2025-07-09 | userns and mnt_idmap leak in open_tree_attr(2) |
| CVE-2025-38248 | 2025-07-09 | bridge: mcast: Fix use-after-free during router port configuration |
| CVE-2025-38249 | 2025-07-09 | ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() |