CVE List - 2025 / July
Showing 1601 - 1700 of 3776 CVEs for July 2025 (Page 17 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-7475 | 2025-07-12 | code-projects Simple Car Rental System pay.php sql injection |
| CVE-2025-7476 | 2025-07-12 | code-projects Simple Car Rental System approve.php sql injection |
| CVE-2025-7477 | 2025-07-12 | code-projects Simple Car Rental System add_cars.php unrestricted upload |
| CVE-2025-7478 | 2025-07-12 | code-projects Modern Bag category-list.php sql injection |
| CVE-2025-7479 | 2025-07-12 | PHPGurukul Vehicle Parking Management System view--detail.php sql injection |
| CVE-2025-7480 | 2025-07-12 | PHPGurukul Vehicle Parking Management System signup.php sql injection |
| CVE-2024-41169 | 2025-07-12 | Apache Zeppelin: raft directory listing and file read |
| CVE-2025-7481 | 2025-07-12 | PHPGurukul Vehicle Parking Management System profile.php sql injection |
| CVE-2025-7482 | 2025-07-12 | PHPGurukul Vehicle Parking Management System print.php sql injection |
| CVE-2025-7483 | 2025-07-12 | PHPGurukul Vehicle Parking Management System forgot-password.php sql injection |
| CVE-2025-7484 | 2025-07-12 | PHPGurukul Vehicle Parking Management System view-outgoingvehicle-detail.php sql injection |
| CVE-2025-7485 | 2025-07-12 | Open5GS SCTP Partial Message recv_handler assertion |
| CVE-2025-7487 | 2025-07-12 | JoeyBling SpringBoot_MyBatisPlus upload SysFileController unrestricted upload |
| CVE-2025-7488 | 2025-07-12 | JoeyBling SpringBoot_MyBatisPlus download path traversal |
| CVE-2025-7489 | 2025-07-12 | PHPGurukul Vehicle Parking Management System search-vehicle.php sql injection |
| CVE-2025-7490 | 2025-07-12 | PHPGurukul Vehicle Parking Management System reg-users.php sql injection |
| CVE-2025-7491 | 2025-07-12 | PHPGurukul Vehicle Parking Management System manage-outgoingvehicle.php sql injection |
| CVE-2025-7492 | 2025-07-12 | PHPGurukul Vehicle Parking Management System manage-incomingvehicle.php sql injection |
| CVE-2025-7505 | 2025-07-12 | Tenda FH451 HTTP POST Request L7Prot frmL7ProtForm stack-based overflow |
| CVE-2025-7506 | 2025-07-12 | Tenda FH451 HTTP POST Request Natlimit fromNatlimit stack-based overflow |
| CVE-2025-7508 | 2025-07-12 | code-projects Modern Bag product-update.php sql injection |
| CVE-2024-58258 | 2025-07-13 | SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur. |
| CVE-2025-53865 | 2025-07-13 | In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive). |
| CVE-2025-7509 | 2025-07-13 | code-projects Modern Bag slide.php sql injection |
| CVE-2025-7510 | 2025-07-13 | code-projects Modern Bag productadd_back.php sql injection |
| CVE-2025-7511 | 2025-07-13 | code-projects Chat System update_account.php sql injection |
| CVE-2025-7512 | 2025-07-13 | code-projects Modern Bag contact-back.php sql injection |
| CVE-2025-7513 | 2025-07-13 | code-projects Modern Bag slideupdate.php sql injection |
| CVE-2025-7514 | 2025-07-13 | code-projects Modern Bag contact-list.php sql injection |
| CVE-2025-7515 | 2025-07-13 | code-projects Online Appointment Booking System ulocateus.php sql injection |
| CVE-2025-7516 | 2025-07-13 | code-projects Online Appointment Booking System cancelbookingpatient.php sql injection |
| CVE-2025-7517 | 2025-07-13 | code-projects Online Appointment Booking System getDay.php sql injection |
| CVE-2025-7520 | 2025-07-13 | PHPGurukul Vehicle Parking Management System manage-category.php sql injection |
| CVE-2025-7521 | 2025-07-13 | PHPGurukul Vehicle Parking Management System index.php sql injection |
| CVE-2025-7522 | 2025-07-13 | PHPGurukul Vehicle Parking Management System bwdates-reports-details.php sql injection |
| CVE-2025-7523 | 2025-07-13 | Jinher OA DelTemp.aspx xml external entity reference |
| CVE-2025-7012 | 2025-07-13 | Cato Networks Linux Client Local Privilege Escalation via Symlink |
| CVE-2025-7524 | 2025-07-13 | TOTOLINK T6 HTTP POST Request cstecgi.cgi setDiagnosisCfg command injection |
| CVE-2025-7525 | 2025-07-13 | TOTOLINK T6 HTTP POST Request cstecgi.cgi setTracerouteCfg command injection |
| CVE-2025-7527 | 2025-07-13 | Tenda FH1202 AdvSetWan fromAdvSetWan stack-based overflow |
| CVE-2025-7528 | 2025-07-13 | Tenda FH1202 GstDhcpSetSer fromGstDhcpSetSer stack-based overflow |
| CVE-2025-7529 | 2025-07-13 | Tenda FH1202 Natlimit fromNatlimit stack-based overflow |
| CVE-2025-7530 | 2025-07-13 | Tenda FH1202 PPTPDClient fromPptpUserAdd stack-based overflow |
| CVE-2025-7531 | 2025-07-13 | Tenda FH1202 PPTPUserSetting fromPptpUserSetting stack-based overflow |
| CVE-2025-7532 | 2025-07-13 | Tenda FH1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow |
| CVE-2025-7533 | 2025-07-13 | code-projects Job Diary view-details.php sql injection |
| CVE-2025-7534 | 2025-07-13 | PHPGurukul Student Result Management System GET Parameter notice-details.php sql injection |
| CVE-2025-7535 | 2025-07-13 | Campcodes Sales and Inventory System reprint_cash.php sql injection |
| CVE-2025-7536 | 2025-07-13 | Campcodes Sales and Inventory System receipt_credit.php sql injection |
| CVE-2025-7537 | 2025-07-13 | Campcodes Sales and Inventory System product_update.php sql injection |
| CVE-2025-7538 | 2025-07-13 | Campcodes Sales and Inventory System product_update.php unrestricted upload |
| CVE-2025-7539 | 2025-07-13 | code-projects Online Appointment Booking System getdoctordaybooking.php sql injection |
| CVE-2025-7540 | 2025-07-13 | code-projects Online Appointment Booking System getclinic.php sql injection |
| CVE-2025-7541 | 2025-07-13 | code-projects Online Appointment Booking System get_town.php sql injection |
| CVE-2025-7542 | 2025-07-13 | PHPGurukul User Registration & Login and User Management System user-profile.php sql injection |
| CVE-2025-7543 | 2025-07-13 | PHPGurukul User Registration & Login and User Management System manage-users.php sql injection |
| CVE-2025-7544 | 2025-07-13 | Tenda AC1206 setMacFilterCfg formSetMacFilterCfg stack-based overflow |
| CVE-2025-7545 | 2025-07-13 | GNU Binutils objcopy.c copy_section heap-based overflow |
| CVE-2025-7546 | 2025-07-13 | GNU Binutils elf.c bfd_elf_set_group_contents out-of-bounds write |
| CVE-2025-6491 | 2025-07-13 | NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix |
| CVE-2025-7547 | 2025-07-13 | Campcodes Online Movie Theater Seat Reservation System admin_class.php save_movie unrestricted upload |
| CVE-2025-1220 | 2025-07-13 | Null byte termination in hostnames |
| CVE-2025-1735 | 2025-07-13 | pgsql extension does not check for errors during escaping |
| CVE-2025-7548 | 2025-07-13 | Tenda FH1201 SafeEmailFilter formSafeEmailFilter stack-based overflow |
| CVE-2025-7549 | 2025-07-13 | Tenda FH1201 L7Prot frmL7ProtForm stack-based overflow |
| CVE-2025-7550 | 2025-07-13 | Tenda FH1201 GstDhcpSetSer fromGstDhcpSetSer stack-based overflow |
| CVE-2025-7551 | 2025-07-13 | Tenda FH1201 PPTPDClient fromPptpUserAdd stack-based overflow |
| CVE-2025-7552 | 2025-07-13 | Dromara Northstar Path AuthorizationInterceptor.java preHandle access control |
| CVE-2025-1384 | 2025-07-13 | Least Privilege Violation Vulnerability in the communications functions of NJ/NX-series Machine Automation Controllers |
| CVE-2025-7553 | 2025-07-13 | D-Link DIR-818LW System Time Page os command injection |
| CVE-2024-42646 | 2025-07-14 | A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages. |
| CVE-2024-42648 | 2025-07-14 | NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message. |
| CVE-2024-42649 | 2025-07-14 | NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message. |
| CVE-2025-27582 | 2025-07-14 | The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to... |
| CVE-2025-29606 | 2025-07-14 | py-libp2p before 0.2.3 allows a peer to cause a denial of service (resource consumption) via a large RSA key. |
| CVE-2025-50756 | 2025-07-14 | Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted... |
| CVE-2025-51650 | 2025-07-14 | An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file. |
| CVE-2025-51651 | 2025-07-14 | An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via a crafted GET request. |
| CVE-2025-51652 | 2025-07-14 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php. |
| CVE-2025-51653 | 2025-07-14 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php. |
| CVE-2025-51654 | 2025-07-14 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php. |
| CVE-2025-51655 | 2025-07-14 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php. |
| CVE-2025-51656 | 2025-07-14 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php. |
| CVE-2025-51657 | 2025-07-14 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php. |
| CVE-2025-51658 | 2025-07-14 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php. |
| CVE-2025-51659 | 2025-07-14 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php. |
| CVE-2025-51660 | 2025-07-14 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php. |
| CVE-2025-52363 | 2025-07-14 | Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to... |
| CVE-2025-7554 | 2025-07-14 | Sapido RB-1802 URL Filtering Page urlfilter.asp cross site scripting |
| CVE-2025-7555 | 2025-07-14 | code-projects Voting System voters_add.php sql injection |
| CVE-2025-7556 | 2025-07-14 | code-projects Voting System voters_edit.php sql injection |
| CVE-2025-7557 | 2025-07-14 | code-projects Voting System voters_row.php sql injection |
| CVE-2025-7558 | 2025-07-14 | code-projects Voting System positions_add.php sql injection |
| CVE-2025-7559 | 2025-07-14 | PHPGurukul Online Fire Reporting System bwdates-report-result.php sql injection |
| CVE-2025-7560 | 2025-07-14 | PHPGurukul Online Fire Reporting System workin-progress-requests.php sql injection |
| CVE-2025-25180 | 2025-07-14 | GPU DDK - Insufficient validation in RGXCREATEFREELIST creates corrupt freelist |
| CVE-2025-7561 | 2025-07-14 | PHPGurukul Online Fire Reporting System team-ontheway-requests.php sql injection |
| CVE-2025-7562 | 2025-07-14 | PHPGurukul Online Fire Reporting System new-requests.php sql injection |
| CVE-2025-7563 | 2025-07-14 | PHPGurukul Online Fire Reporting System completed-requests.php sql injection |
| CVE-2025-7564 | 2025-07-14 | LB-LINK BL-AC3600 shadow hard-coded credentials |