CVE List - 2025 / July
Showing 1501 - 1600 of 3776 CVEs for July 2025 (Page 16 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-5028 | 2025-07-11 | Arbitrary file deletion vulnerability in ESET product installers |
| CVE-2025-6716 | 2025-07-11 | Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2025-5392 | 2025-07-11 | GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution |
| CVE-2025-5992 | 2025-07-11 | Passing values outside of expected range to QColorTransferGenericFunction can cause a denial of service |
| CVE-2025-4593 | 2025-07-11 | WP Register Profile With Shortcode <= 3.6.2 - Authenticated (Contributor+) Sensitive Information Exposure |
| CVE-2025-6745 | 2025-07-11 | WoodMart <= 8.2.5 - Unauthenticated Post Disclosure |
| CVE-2025-5530 | 2025-07-11 | WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-6068 | 2025-07-11 | FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2025-7442 | 2025-07-11 | WPGYM - Wordpress Gym Management System < 67.8.0 - Unauthenticated SQL Injection |
| CVE-2025-6851 | 2025-07-11 | Broken Link Notifier <= 1.3.0 - Unauthenticated Server-Side Request Forgery |
| CVE-2025-6838 | 2025-07-11 | Broken Link Notifier <= 1.3.0 - Authenticated (Contributor+) CSV Injection |
| CVE-2025-6438 | 2025-07-11 | A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when... |
| CVE-2025-50121 | 2025-07-11 | A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created... |
| CVE-2025-50122 | 2025-07-11 | A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts. |
| CVE-2025-3933 | 2025-07-11 | Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| CVE-2025-50123 | 2025-07-11 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console... |
| CVE-2025-50125 | 2025-07-11 | A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation... |
| CVE-2025-50124 | 2025-07-11 | A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a setup... |
| CVE-2025-6788 | 2025-07-11 | A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML... |
| CVE-2025-53862 | 2025-07-11 | Aap: aap-gateway: automation-hub: sensitive information disclosure |
| CVE-2025-53861 | 2025-07-11 | Aap: sensitive cookie(s) set without security flags |
| CVE-2025-30661 | 2025-07-11 | Junos OS: Low-privileged user can cause script to run as root, leading to privilege escalation |
| CVE-2025-52946 | 2025-07-11 | Junos OS and Junos OS Evolved: With traceoptions enabled, receipt of malformed AS PATH causes RPD crash |
| CVE-2025-52947 | 2025-07-11 | Junos OS: ACX Series: When 'hot-standby' mode is configured for an L2 circuit, interface flap causes the FEB to crash |
| CVE-2025-52948 | 2025-07-11 | Junos OS: Specific unknown traffic pattern causes FPC and system to crash when packet capturing is enabled |
| CVE-2025-52949 | 2025-07-11 | Junos OS and Junos OS Evolved: In an EVPN environment, receipt of specifically malformed BGP update causes RPD crash |
| CVE-2025-52950 | 2025-07-11 | Juniper Security Director: Insufficient authorization for multiple endpoints in web interface |
| CVE-2025-52951 | 2025-07-11 | Junos OS: IPv6 firewall filter fails to match payload-protocol |
| CVE-2025-52954 | 2025-07-11 | Junos OS Evolved: A low-privileged user can execute arbitrary Junos commands and modify the configuration, thereby compromising the system |
| CVE-2025-52955 | 2025-07-11 | Junos OS and Junos OS Evolved: When jflow/sflow is configured continuous logical interface flaps causes rpd crash and restart |
| CVE-2025-52958 | 2025-07-11 | Junos OS and Junos OS Evolved: When route validation is enabled, BGP connection establishment failure causes RPD crash |
| CVE-2025-48924 | 2025-07-11 | Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs |
| CVE-2025-52952 | 2025-07-11 | Junos OS: MX Series with MPC-BUILTIN, MPC 1 through MPC 9: Receipt and processing of a malformed packet causes one or more FPCs to crash |
| CVE-2025-52953 | 2025-07-11 | Junos OS and Junos OS Evolved: An unauthenticated adjacent attacker sending a valid BGP UPDATE packet forces a BGP session reset |
| CVE-2025-52963 | 2025-07-11 | Junos OS: A low-privileged user can disable an interface |
| CVE-2025-52964 | 2025-07-11 | Junos OS and Junos OS Evolved: Receipt of a specific BGP UPDATE causes an rpd crash on devices with BGP multipath configured |
| CVE-2025-52980 | 2025-07-11 | Junos OS: SRX300 Series: rpd will crash upon receiving a specific, valid BGP UPDATE message |
| CVE-2025-52981 | 2025-07-11 | Junos OS: SRX Series: Sequence of specific PIM packets causes a flowd crash |
| CVE-2025-52982 | 2025-07-11 | Junos OS: MX Series: When specific SIP packets are processed the MS-MPC will crash |
| CVE-2025-52983 | 2025-07-11 | Junos OS: After removing ssh public key authentication root can still log in |
| CVE-2025-52984 | 2025-07-11 | Junos OS and Junos OS Evolved: When a static route points to a reject next-hop and a gNMI query for this route is processed, RPD crashes |
| CVE-2025-52985 | 2025-07-11 | Junos OS Evolved: When a control-plane firewall filter refers to a prefix-list with more than 10 entries it's not matching |
| CVE-2025-52986 | 2025-07-11 | Junos OS and Junos OS Evolved: When RIB sharding is configured each time a show command is executed RPD memory leaks |
| CVE-2025-52989 | 2025-07-11 | Junos OS and Junos OS Evolved: Annotate configuration command can be used to change the configuration |
| CVE-2025-6549 | 2025-07-11 | Junos OS: SRX Series: J-Web can be exposed on additional interfaces |
| CVE-2025-52988 | 2025-07-11 | Junos OS and Junos OS Evolved: Privilege escalation to root via CLI command 'request system logout' |
| CVE-2025-7029 | 2025-07-11 | SMM Arbitrary Write via Unchecked OcHeader Buffer in Platform Configuration Handler |
| CVE-2025-7027 | 2025-07-11 | SMM Arbitrary Write via Dual-Controlled Pointers in CommandRcx1 |
| CVE-2025-7028 | 2025-07-11 | SMM Arbitrary Memory Access via Flash Handler with Unchecked FuncBlock Pointer |
| CVE-2025-7026 | 2025-07-11 | SMM Arbitrary Write via Unchecked RBX Pointer in CommandRcx0 |
| CVE-2025-47182 | 2025-07-11 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2025-47964 | 2025-07-11 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2025-47963 | 2025-07-11 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-47065 | 2025-07-11 | Traceroute_APP responses are not rate-limited. |
| CVE-2025-7450 | 2025-07-11 | letseeqiji gorobbs API user.go ResetUserAvatar path traversal |
| CVE-2025-43856 | 2025-07-11 | immich allows account hijacking through oauth2 |
| CVE-2025-53641 | 2025-07-11 | Postiz allows header mutation in middleware facilitates resulting in SSRF |
| CVE-2025-7452 | 2025-07-11 | kone-net go-chat Endpoint file_controller.go GetFile path traversal |
| CVE-2025-53642 | 2025-07-11 | haxcms-nodejs and haxcms-php Improperly Terminate Sessions |
| CVE-2025-30402 | 2025-07-11 | A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior... |
| CVE-2025-30403 | 2025-07-11 | A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00. |
| CVE-2025-7453 | 2025-07-11 | saltbo zpan JSON Web Token token.go NewToken hard-coded password |
| CVE-2025-3631 | 2025-07-11 | IBM MQ denial of service |
| CVE-2025-7503 | 2025-07-11 | An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and is... |
| CVE-2025-7454 | 2025-07-11 | Campcodes Online Movie Theater Seat Reservation System manage_theater.php sql injection |
| CVE-2025-7455 | 2025-07-11 | Campcodes Online Movie Theater Seat Reservation System manage_reserve.php sql injection |
| CVE-2025-7456 | 2025-07-11 | Campcodes Online Movie Theater Seat Reservation System reserve.php sql injection |
| CVE-2025-7457 | 2025-07-11 | Campcodes Online Movie Theater Seat Reservation System manage_movie.php sql injection |
| CVE-2025-7459 | 2025-07-11 | code-projects Mobile Shop EditMobile.php sql injection |
| CVE-2025-53636 | 2025-07-11 | Open OnDemand Shell App closed websocket DoS |
| CVE-2025-7460 | 2025-07-11 | TOTOLINK T6 HTTP POST Request cstecgi.cgi setWiFiAclRules buffer overflow |
| CVE-2025-5199 | 2025-07-11 | LPE on Multipass for macOS |
| CVE-2025-24294 | 2025-07-12 | The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.... |
| CVE-2023-38036 | 2025-07-12 | A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution. |
| CVE-2024-38648 | 2025-07-12 | A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials. |
| CVE-2023-39338 | 2025-07-12 | Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. It does... |
| CVE-2023-39339 | 2025-07-12 | A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request. |
| CVE-2025-6058 | 2025-07-12 | WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload |
| CVE-2025-6057 | 2025-07-12 | WPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-7461 | 2025-07-12 | code-projects Modern Bag action.php sql injection |
| CVE-2025-1313 | 2025-07-12 | Nokri - Job Board WordPress Theme <= 1.6.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover |
| CVE-2025-7462 | 2025-07-12 | Artifex GhostPDL New Output File Open Error gdevpdf.c pdf_ferror null pointer dereference |
| CVE-2025-7463 | 2025-07-12 | Tenda FH1201 HTTP POST Request AdvSetWrlsafeset formWrlsafeset buffer overflow |
| CVE-2025-7464 | 2025-07-12 | osrg GoBGP rtr.go SplitRTR out-of-bounds |
| CVE-2025-7465 | 2025-07-12 | Tenda FH1201 HTTP POST Request fromRouteStatic buffer overflow |
| CVE-2025-6423 | 2025-07-12 | BeeTeam368 Extensions <= 2.3.5 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-7466 | 2025-07-12 | 1000projects ABC Courier Management add_dealerrequest.php sql injection |
| CVE-2025-7504 | 2025-07-12 | Friends 3.5.1 - Authenticated (Subscriber+) PHP Object Injection |
| CVE-2025-7467 | 2025-07-12 | code-projects Modern Bag product-detail.php sql injection |
| CVE-2025-7468 | 2025-07-12 | Tenda FH1201 HTTP POST Request fromSafeUrlFilter buffer overflow |
| CVE-2020-36847 | 2025-07-12 | Simple File List < 4.2.3 - Remote Code Execution |
| CVE-2025-7518 | 2025-07-12 | RSFirewall! <= 1.1.42 - Authenticated (Admin+) Arbitrary File Read |
| CVE-2025-7469 | 2025-07-12 | Campcodes Sales and Inventory System product_add.php sql injection |
| CVE-2025-7470 | 2025-07-12 | Campcodes Sales and Inventory System product_add.php unrestricted upload |
| CVE-2021-4458 | 2025-07-12 | Modern Events Calendar Lite <= 6.3.0 - Unauthenticated SQL Injection |
| CVE-2020-36848 | 2025-07-12 | Total Upkeep by BoldGrid <= 1.14.9 - Unauthenticated Backup Download |
| CVE-2020-36849 | 2025-07-12 | AIT CSV import/export <= 3.0.3 - Unauthenticated Arbitrary File Upload |
| CVE-2025-36104 | 2025-07-12 | IBM Storage Scale information disclosure |
| CVE-2025-7471 | 2025-07-12 | code-projects Modern Bag login-back.php sql injection |
| CVE-2025-7474 | 2025-07-12 | code-projects Job Diary search.php sql injection |