CVE List - 2025 / July
Showing 1701 - 1800 of 3776 CVEs for July 2025 (Page 18 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-7451 | 2025-07-14 | Hgiga|iSherlock - OS Command Injection |
| CVE-2025-7565 | 2025-07-14 | LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure |
| CVE-2025-7619 | 2025-07-14 | WellChoose|BatchSignCS - Arbitrary File Write through Path Traversal |
| CVE-2025-7566 | 2025-07-14 | jshERP SystemConfigController.java exportExcelByParam path traversal |
| CVE-2025-7567 | 2025-07-14 | ShopXO header.html cross site scripting |
| CVE-2025-7620 | 2025-07-14 | DSIC|Cross-browser Components for Official Document Creation - Remote Code Execution |
| CVE-2025-7568 | 2025-07-14 | qianfox FoxCMS Video.php batchCope sql injection |
| CVE-2025-7569 | 2025-07-14 | Bigotry OneBase think_exception.tpl parse_args cross site scripting |
| CVE-2025-7570 | 2025-07-14 | UTT HiPER 840G aspRemoteApConfTempSend buffer overflow |
| CVE-2025-7571 | 2025-07-14 | UTT HiPER 840G aspApBasicConfigUrcp buffer overflow |
| CVE-2025-7572 | 2025-07-14 | LB-LINK BL-WR9000 lighttpd.cgi bs_GetHostInfo information disclosure |
| CVE-2025-7573 | 2025-07-14 | LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure |
| CVE-2025-7574 | 2025-07-14 | LB-LINK BL-WR9000 Web Interface lighttpd.cgi restore improper authentication |
| CVE-2025-7575 | 2025-07-14 | Zavy86 WikiDocs submit.php image_delete_ajax path traversal |
| CVE-2025-7576 | 2025-07-14 | Teledyne FLIR FB-Series O/FLIR FH-Series ID Production Tools production.html access control |
| CVE-2025-7380 | 2025-07-14 | A stored Cross-Site Scripting (XSS) vulnerability exists in the Access Control of ADM |
| CVE-2025-7577 | 2025-07-14 | Teledyne FLIR FB-Series O/FLIR FH-Series ID hard-coded password |
| CVE-2025-7578 | 2025-07-14 | Teledyne FLIR FB-Series O/FLIR FH-Series ID runcmd.sh sendCommand command injection |
| CVE-2025-7579 | 2025-07-14 | chinese-poetry server.js redos |
| CVE-2025-7580 | 2025-07-14 | code-projects Voting System positions_row.php sql injection |
| CVE-2025-7581 | 2025-07-14 | code-projects Voting System positions_edit.php sql injection |
| CVE-2025-7582 | 2025-07-14 | PHPGurukul Online Fire Reporting System assigned-requests.php sql injection |
| CVE-2025-7583 | 2025-07-14 | PHPGurukul Online Fire Reporting System all-requests.php sql injection |
| CVE-2025-7584 | 2025-07-14 | PHPGurukul Online Fire Reporting System add-team.php sql injection |
| CVE-2025-7585 | 2025-07-14 | PHPGurukul Online Fire Reporting System manage-site.php sql injection |
| CVE-2025-7586 | 2025-07-14 | Tenda AC500 setWtpData formSetAPCfg stack-based overflow |
| CVE-2024-26291 | 2025-07-14 | Authenticated Arbitrary File Read affecting Avid NEXIS |
| CVE-2025-7587 | 2025-07-14 | code-projects Online Appointment Booking System cover.php sql injection |
| CVE-2025-24391 | 2025-07-14 | Possible user enumeration |
| CVE-2024-26292 | 2025-07-14 | Authenticated Arbitrary File Deletion affecting Avid NEXIS |
| CVE-2025-7588 | 2025-07-14 | PHPGurukul Dairy Farm Shop Management System edit-product.php sql injection |
| CVE-2025-7589 | 2025-07-14 | PHPGurukul Dairy Farm Shop Management System edit-company.php sql injection |
| CVE-2025-7590 | 2025-07-14 | PHPGurukul Dairy Farm Shop Management System edit-category.php sql injection |
| CVE-2025-7591 | 2025-07-14 | PHPGurukul Dairy Farm Shop Management System view-invoice.php sql injection |
| CVE-2025-53689 | 2025-07-14 | Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons |
| CVE-2024-26293 | 2025-07-14 | Unauthenticated Path Traversal affecting Avid NEXIS |
| CVE-2025-7592 | 2025-07-14 | PHPGurukul Dairy Farm Shop Management System invoices.php sql injection |
| CVE-2025-7593 | 2025-07-14 | code-projects Job Diary view-all.php sql injection |
| CVE-2025-7594 | 2025-07-14 | code-projects Job Diary view-emp.php sql injection |
| CVE-2025-7595 | 2025-07-14 | code-projects Job Diary view-cad.php sql injection |
| CVE-2025-7618 | 2025-07-14 | A stored Cross-Site Scripting (XSS) vulnerability exists in the File Explorer and Text Editor of ADM |
| CVE-2024-51767 | 2025-07-14 | An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. |
| CVE-2024-51768 | 2025-07-14 | An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. |
| CVE-2024-51769 | 2025-07-14 | An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. |
| CVE-2025-7596 | 2025-07-14 | Tenda FH1205 WifiExtraSet formWifiExtraSet stack-based overflow |
| CVE-2024-51770 | 2025-07-14 | An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. |
| CVE-2025-7597 | 2025-07-14 | Tenda AX1803 setMacFilterCfg formSetMacFilterCfg stack-based overflow |
| CVE-2025-7598 | 2025-07-14 | Tenda AX1803 setWifiFilterCfg formSetWifiMacFilterCfg stack-based overflow |
| CVE-2025-7599 | 2025-07-14 | PHPGurukul Dairy Farm Shop Management System invoice.php sql injection |
| CVE-2025-7600 | 2025-07-14 | PHPGurukul Online Library Management System student-history.php sql injection |
| CVE-2025-7601 | 2025-07-14 | PHPGurukul Online Library Management System student-history.php cross site scripting |
| CVE-2025-7602 | 2025-07-14 | D-Link DI-8100 HTTP Request arp_sys.asp stack-based overflow |
| CVE-2025-7603 | 2025-07-14 | D-Link DI-8100 HTTP Request jingx.asp stack-based overflow |
| CVE-2025-7604 | 2025-07-14 | PHPGurukul Hospital Management System user-login.php sql injection |
| CVE-2025-7605 | 2025-07-14 | code-projects AVL Rooms profile.php sql injection |
| CVE-2025-7606 | 2025-07-14 | code-projects AVL Rooms city.php sql injection |
| CVE-2025-7607 | 2025-07-14 | code-projects Simple Shopping Cart save_order.php sql injection |
| CVE-2025-7608 | 2025-07-14 | code-projects Simple Shopping Cart userlogin.php sql injection |
| CVE-2025-7519 | 2025-07-14 | Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write |
| CVE-2025-7609 | 2025-07-14 | code-projects Simple Shopping Cart register.php sql injection |
| CVE-2025-7610 | 2025-07-14 | code-projects Electricity Billing System change_password.php sql injection |
| CVE-2025-7611 | 2025-07-14 | code-projects Wedding Reservation global.php sql injection |
| CVE-2025-7612 | 2025-07-14 | code-projects Mobile Shop login.php sql injection |
| CVE-2025-7613 | 2025-07-14 | TOTOLINK T6 HTTP POST Request cstecgi.cgi CloudSrvVersionCheck command injection |
| CVE-2025-7614 | 2025-07-14 | TOTOLINK T6 HTTP POST Request cstecgi.cgi delDevice command injection |
| CVE-2025-7615 | 2025-07-14 | TOTOLINK T6 HTTP POST Request cstecgi.cgi clearPairCfg command injection |
| CVE-2025-7616 | 2025-07-14 | gmg137 snap7-rs Public API pthread_cond_destroy memory corruption |
| CVE-2025-7625 | 2025-07-14 | YiJiuSmile kkFileViewOfficeEdit download path traversal |
| CVE-2025-7626 | 2025-07-14 | YiJiuSmile kkFileViewOfficeEdit onlinePreview path traversal |
| CVE-2025-7627 | 2025-07-14 | YiJiuSmile kkFileViewOfficeEdit fileUpload unrestricted upload |
| CVE-2025-53014 | 2025-07-14 | ImageMagick has Heap Buffer Overflow in InterpretImageFilename |
| CVE-2025-7628 | 2025-07-14 | YiJiuSmile kkFileViewOfficeEdit deleteFile path traversal |
| CVE-2025-53015 | 2025-07-14 | ImageMagick has XMP profile write that triggers hang due to unbounded loop |
| CVE-2025-53019 | 2025-07-14 | ImageMagick has Memory Leak in magick stream |
| CVE-2025-53101 | 2025-07-14 | ImageMagick has Stack Buffer Overflow in image.c |
| CVE-2025-53623 | 2025-07-14 | Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class |
| CVE-2025-53639 | 2025-07-14 | Metersphere has SQL Injection Vulnerability in Sorting Field |
| CVE-2025-53640 | 2025-07-14 | Indico vulnerable to user enumeration via API endpoint |
| CVE-2025-53643 | 2025-07-14 | AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections |
| CVE-2025-53818 | 2025-07-14 | github-kanban-mcp-server Command Injection vulnerability |
| CVE-2025-53819 | 2025-07-14 | Nix's privilege dropping to build user broke for macOS |
| CVE-2025-53820 | 2025-07-14 | WeGIA vulnerable to Cross-Site Scripting (XSS) Reflected via endpoint 'index.php' parameter 'erro' |
| CVE-2025-53821 | 2025-07-14 | WeGIA vulnerable to Open Redirect in endpoint 'control.php' parameter 'nextPage' |
| CVE-2025-53822 | 2025-07-14 | WeGIA vulnerable to Reflected Cross-Site Scripting in endpoint 'relatorio_geracao.php' parameter 'tipo_relatorio' |
| CVE-2025-53823 | 2025-07-14 | WeGIA vulnerable to SQL Injection (Blind Time-Based) in `processa_deletar_socio.php` parameter `id_socio` |
| CVE-2025-53824 | 2025-07-14 | WeGIA ReflectedCross-Site Scripting (XSS) vulnerability in endpoint 'cadastro_pet.php' parameter 'msg' |
| CVE-2025-53825 | 2025-07-14 | Dokploy's Preview Deployments are vulnerable to Remote Code Execution |
| CVE-2025-53834 | 2025-07-14 | Caido Toast Vulnerable to Reflected Cross-site Scripting |
| CVE-2025-53833 | 2025-07-14 | LaRecipe is vulnerable to Server-Side Template Injection attacks |
| CVE-2025-53835 | 2025-07-14 | XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax |
| CVE-2025-53836 | 2025-07-14 | XWiki Rendering is vulnerable to RCE attacks when processing nested macros |
| CVE-2025-53839 | 2025-07-14 | DRACOON Branding Service vulnerable to Cross-site Scripting |
| CVE-2025-53885 | 2025-07-14 | Directus doesn't redact sensitive user data when logging via event hooks |
| CVE-2025-53886 | 2025-07-14 | Directus doesn't redact tokens in Flow logs |
| CVE-2025-53887 | 2025-07-14 | Directus's exact version number is exposed by the OpenAPI Spec |
| CVE-2025-53889 | 2025-07-14 | Directus missing permission checks for manual trigger Flows |
| CVE-2025-53890 | 2025-07-14 | pyLoad vulnerable to remote code execution through js2py onCaptchaResult |
| CVE-2024-42650 | 2025-07-15 | NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message. |
| CVE-2025-26186 | 2025-07-15 | SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php |
| CVE-2025-50819 | 2025-07-15 | Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 (commit fad168770b0e68aef3e5acfa16bb2e7a7765d687) when parsing the the topic.yml file in the generation logic in daily_arxiv.py. |