CVE List - 2025 / July
Showing 1401 - 1500 of 3776 CVEs for July 2025 (Page 15 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-49464 | 2025-07-10 | Zoom Clients for Windows- Classic Buffer Overflow |
| CVE-2024-42516 | 2025-07-10 | Apache HTTP Server: HTTP response splitting |
| CVE-2024-43204 | 2025-07-10 | Apache HTTP Server: SSRF with mod_headers setting Content-Type header |
| CVE-2024-47252 | 2025-07-10 | Apache HTTP Server: mod_ssl error log variable escaping |
| CVE-2024-43394 | 2025-07-10 | Apache HTTP Server: SSRF on Windows due to UNC paths |
| CVE-2025-23048 | 2025-07-10 | Apache HTTP Server: mod_ssl access control bypass with session resumption |
| CVE-2025-49630 | 2025-07-10 | Apache HTTP Server: mod_proxy_http2 denial of service |
| CVE-2025-49812 | 2025-07-10 | Apache HTTP Server: mod_ssl TLS upgrade attack |
| CVE-2025-53020 | 2025-07-10 | Apache HTTP Server: HTTP/2 DoS by Memory Increase |
| CVE-2025-7410 | 2025-07-10 | code-projects LifeStyle Store cart_remove.php sql injection |
| CVE-2025-53371 | 2025-07-10 | DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs |
| CVE-2025-53542 | 2025-07-10 | Kubernetes Headlamp Allows Arbitrary Command Injection in macOS Process headlamp@codeSign |
| CVE-2025-53549 | 2025-07-10 | Matrix Rust SDK allows SQL injection in the EventCache implementation |
| CVE-2025-53625 | 2025-07-10 | DynamicPageList3 exposes hidden/suppressed usernames |
| CVE-2025-53709 | 2025-07-10 | Access control issues impacting secure-upload service |
| CVE-2025-52473 | 2025-07-10 | liboqs secret-dependent branching in HQC reference implementation when compiled with Clang 17-20 |
| CVE-2025-53626 | 2025-07-10 | pdfme has Sandbox Escape and Prototype Pollution vulnerabilities in pdfme expression evaluation |
| CVE-2025-52521 | 2025-07-10 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its... |
| CVE-2025-52837 | 2025-07-10 | Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and... |
| CVE-2025-53378 | 2025-07-10 | A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also... |
| CVE-2025-53503 | 2025-07-10 | Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. |
| CVE-2025-7411 | 2025-07-10 | code-projects LifeStyle Store success.php sql injection |
| CVE-2025-52434 | 2025-07-10 | Apache Tomcat: APR/Native Connector crash leading to DoS |
| CVE-2025-52520 | 2025-07-10 | Apache Tomcat: DoS via integer overflow in multipart file upload |
| CVE-2025-7021 | 2025-07-10 | OpenAI Operator - API Spoofing through Locking Operator on FullScreen |
| CVE-2025-34099 | 2025-07-10 | VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password |
| CVE-2025-34101 | 2025-07-10 | Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter |
| CVE-2025-34098 | 2025-07-10 | Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection |
| CVE-2025-34097 | 2025-07-10 | ProcessMaker < 3.5.4 Authenticated Plugin Upload RCE |
| CVE-2025-34093 | 2025-07-10 | Polycom HDX Series Telnet Command Injection via lan traceroute |
| CVE-2025-53506 | 2025-07-10 | Apache Tomcat: DoS via excessive h2 streams at connection start |
| CVE-2025-34095 | 2025-07-10 | Mako Server v2.5 and v2.6 OS Command Injection via examples/save.lsp |
| CVE-2025-34096 | 2025-07-10 | Easy File Sharing HTTP Server 7.2 Buffer Overflow via POST to /sendemail.ghp |
| CVE-2025-34102 | 2025-07-10 | CryptoLog Unauthenticated RCE via SQL Injection and Command Injection |
| CVE-2025-34100 | 2025-07-10 | BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload |
| CVE-2025-7412 | 2025-07-10 | code-projects Library System profile.php unrestricted upload |
| CVE-2025-53630 | 2025-07-10 | Integer Overflow in GGUF Parser can lead to Heap Out-of-Bounds Read/Write in gguf |
| CVE-2025-53632 | 2025-07-10 | Chall-Manager's scenario decoding process does not check for zip slips |
| CVE-2025-53633 | 2025-07-10 | Chall-Manager's scenario decoding process does not check for zip bombs |
| CVE-2025-53634 | 2025-07-10 | Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks |
| CVE-2025-53628 | 2025-07-10 | cpp-httplib does not limit the length of a line |
| CVE-2025-53629 | 2025-07-10 | cpp-httplib Unbounded Memory Allocation in Chunked/No-Length Requests Vulnerability |
| CVE-2025-2520 | 2025-07-10 | Dereferencing of an uninitialized pointer leads to denial of service. |
| CVE-2025-7413 | 2025-07-10 | code-projects Library System profile.php unrestricted upload |
| CVE-2025-2521 | 2025-07-10 | Lack of indexes’ validation against buffer borders leads to remote code execution. |
| CVE-2025-2522 | 2025-07-10 | Lack of buffer clearing before reuse may result in incorrect system behavior. |
| CVE-2025-2523 | 2025-07-10 | Lack of buffer clearing before reuse may result in incorrect system behavior. |
| CVE-2025-3946 | 2025-07-10 | Incorrect response generation during FTEB protocol processing |
| CVE-2025-3947 | 2025-07-10 | Integer underflow during processing of short network packets in CDA FTEB responder |
| CVE-2025-7414 | 2025-07-10 | Tenda O3V2 httpd setPingInfo fromNetToolGet os command injection |
| CVE-2025-4662 | 2025-07-10 | Plaintext security passwords are logged in the audit logs while executing openssl cmd |
| CVE-2025-7415 | 2025-07-10 | Tenda O3V2 httpd getTraceroute fromTraceroutGet command injection |
| CVE-2025-6390 | 2025-07-10 | Cleartext storage of sensitive information in Brocade SANnav server audit logs. |
| CVE-2025-6392 | 2025-07-10 | Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392) |
| CVE-2025-24798 | 2025-07-10 | Meshtastic crashes via an unimplemented routing module reply |
| CVE-2025-53637 | 2025-07-10 | Meshtastic allows Command Injection in GitHub Action |
| CVE-2025-7416 | 2025-07-10 | Tenda O3V2 httpd setSysTimeInfo fromSysToolTime stack-based overflow |
| CVE-2025-7417 | 2025-07-10 | Tenda O3V2 httpd setPingInfo fromNetToolGet stack-based overflow |
| CVE-2025-31267 | 2025-07-10 | An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able... |
| CVE-2025-7418 | 2025-07-10 | Tenda O3V2 httpd setPing fromPingResultGet stack-based overflow |
| CVE-2025-1727 | 2025-07-10 | End-of-Train and Head-of-Train Remote Linking Protocol Weak Authentication |
| CVE-2025-7419 | 2025-07-10 | Tenda O3V2 httpd setRateTest fromSpeedTestSet stack-based overflow |
| CVE-2025-53397 | 2025-07-10 | Advantech iView Cross-site Scripting |
| CVE-2025-53519 | 2025-07-10 | Advantech iView Cross-site Scripting |
| CVE-2025-41442 | 2025-07-10 | Advantech iView Cross-site Scripting |
| CVE-2025-48891 | 2025-07-10 | Advantech iView SQL Injection |
| CVE-2025-46704 | 2025-07-10 | Advantech iView Path Traversal |
| CVE-2025-53475 | 2025-07-10 | Advantech iView SQL Injection |
| CVE-2025-52577 | 2025-07-10 | Advantech iView SQL Injection |
| CVE-2025-53515 | 2025-07-10 | Advantech iView SQL Injection |
| CVE-2025-52459 | 2025-07-10 | Advantech iView Argument Injection |
| CVE-2025-53509 | 2025-07-10 | Advantech iView Argument Injection |
| CVE-2025-7420 | 2025-07-10 | Tenda O3V2 httpd setWrlBasicInfo formWifiBasicSet stack-based overflow |
| CVE-2025-52579 | 2025-07-10 | Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory |
| CVE-2025-50109 | 2025-07-10 | Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory |
| CVE-2025-46358 | 2025-07-10 | Emerson ValveLink Products Protection Mechanism Failure |
| CVE-2025-48496 | 2025-07-10 | Emerson ValveLink Products Uncontrolled Search Path Element |
| CVE-2025-53471 | 2025-07-10 | Emerson ValveLink Products Improper Input Validation |
| CVE-2013-3307 | 2025-07-11 | Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000. |
| CVE-2023-38327 | 2025-07-11 | An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response. |
| CVE-2023-38329 | 2025-07-11 | An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected (XSS) vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the... |
| CVE-2025-45582 | 2025-07-11 | GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../... |
| CVE-2025-51591 | 2025-07-11 | A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. |
| CVE-2025-52089 | 2025-07-11 | A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges. |
| CVE-2025-52994 | 2025-07-11 | gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value. This is fixed in 1.7.23-202506081709. |
| CVE-2025-53864 | 2025-07-11 | Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in... |
| CVE-2025-7421 | 2025-07-11 | Tenda O3V2 httpd operateMacFilter fromMacFilterModify stack-based overflow |
| CVE-2025-5241 | 2025-07-11 | Denial-of-Service Vulnerability in MELSEC iQ-F Series |
| CVE-2025-7422 | 2025-07-11 | Tenda O3V2 httpd setNetworkService setAutoReboot stack-based overflow |
| CVE-2025-7423 | 2025-07-11 | Tenda O3V2 httpd setWrlFilterList formWifiMacFilterSet stack-based overflow |
| CVE-2025-7434 | 2025-07-11 | Tenda FH451 POST Request addressNat fromAddressNat stack-based overflow |
| CVE-2025-7435 | 2025-07-11 | LiveHelperChat lhc-php-resque Extension List list cross site scripting |
| CVE-2025-7436 | 2025-07-11 | Campcodes Online Recruitment Management System ajax.php sql injection |
| CVE-2025-7401 | 2025-07-11 | Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Read and Write via remote_tunnel.php |
| CVE-2025-2942 | 2025-07-11 | Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure |
| CVE-2025-6200 | 2025-07-11 | GeoDirectory < 2.8.120 - Contributor+ Stored XSS |
| CVE-2025-30023 | 2025-07-11 | The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. |
| CVE-2025-30024 | 2025-07-11 | The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack. |
| CVE-2025-30025 | 2025-07-11 | The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation. |
| CVE-2025-30026 | 2025-07-11 | The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required. |