CVE List - 2025 / July
Showing 1801 - 1900 of 3776 CVEs for July 2025 (Page 19 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-52080 | 2025-07-15 | In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the share_name parameter. |
| CVE-2025-52081 | 2025-07-15 | In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the usb_folder parameter. |
| CVE-2025-52082 | 2025-07-15 | In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the read_access parameter. |
| CVE-2025-52376 | 2025-07-15 | An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet service without authentication, bypassing... |
| CVE-2025-52377 | 2025-07-15 | Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands on the device. The vulnerability is present in the web... |
| CVE-2025-52378 | 2025-07-15 | Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is executed in the context of administrator sessions when... |
| CVE-2025-52379 | 2025-07-15 | Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/um_fileName_set.cgi and /web/um_web_upgrade.cgi endpoints fail to properly sanitize the... |
| CVE-2025-53891 | 2025-07-15 | TIME LINE has Improper File Validation in Upload Section |
| CVE-2025-6265 | 2025-07-15 | A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow an authenticated attacker with administrator privileges to access specific directories... |
| CVE-2025-5393 | 2025-07-15 | Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Deletion |
| CVE-2025-5394 | 2025-07-15 | Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation |
| CVE-2025-7341 | 2025-07-15 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Deletion |
| CVE-2025-7367 | 2025-07-15 | Strong Testimonials <= 3.2.11 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Fields |
| CVE-2025-7360 | 2025-07-15 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Directory Traversal to Arbitrary File Move |
| CVE-2025-7340 | 2025-07-15 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload |
| CVE-2025-3621 | 2025-07-15 | Remote Code Execution in ProTNS ActADUR |
| CVE-2025-7672 | 2025-07-15 | Stored-XSS possibility in Namo CrossEditor4 |
| CVE-2025-24477 | 2025-07-15 | A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12 allows an attacker to escalate its privileges via a specially crafted CLI... |
| CVE-2025-4369 | 2025-07-15 | Companion Auto Update <= 3.9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via update_delay_days parameter |
| CVE-2025-7667 | 2025-07-15 | Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion |
| CVE-2025-34110 | 2025-07-15 | ColoradoFTP Server <= 1.3 Build 8 Path Traversal Information Disclosure |
| CVE-2025-34108 | 2025-07-15 | Disk Pulse Enterprise 9.0.34 Login Stack Buffer Overflow |
| CVE-2025-34105 | 2025-07-15 | DiskBoss Enterprise Stack-Based Buffer Overflow RCE |
| CVE-2025-34116 | 2025-07-15 | IPFire < 2.19 Core Update 101 proxy.cgi RCE |
| CVE-2025-34115 | 2025-07-15 | OP5 Monitor <= 7.1.9 Authenticated Command Execution via command_test.php |
| CVE-2025-34109 | 2025-07-15 | Panda Security PSEvents.exe Insecure DLL Loading Privilege Escalation |
| CVE-2025-34106 | 2025-07-15 | PDF Shaper v3.5/3.6 Buffer Overflow via Convert to Image Feature |
| CVE-2025-34104 | 2025-07-15 | Piwik Authenticated RCE via Custom Plugin Upload |
| CVE-2025-34112 | 2025-07-15 | Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 RCE |
| CVE-2025-34068 | 2025-07-15 | Samsung WLAN AP WEA453e < 5.2.4.T1 Unauthenticated RCE via command1 and command2 Parameters |
| CVE-2025-34113 | 2025-07-15 | Tiki Wiki CMS Authenticated Command Injection in Calendar Module |
| CVE-2025-34111 | 2025-07-15 | Tiki Wiki <= 15.1 ELFinder Unauthenticated File Upload RCE |
| CVE-2025-34103 | 2025-07-15 | WePresent WiPG-1000 Unauthenticated Command Injection in via rdfs.cgi |
| CVE-2025-34107 | 2025-07-15 | WinaXe 7.7 FTP Client Remote Buffer Overflow |
| CVE-2025-6965 | 2025-07-15 | Integer Truncation on SQLite |
| CVE-2025-48795 | 2025-07-15 | Apache CXF: Denial of Service and sensitive data exposure in logs |
| CVE-2025-33097 | 2025-07-15 | IBM QRadar SIEM cross-site scripting |
| CVE-2025-30483 | 2025-07-15 | Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this... |
| CVE-2025-53621 | 2025-07-15 | DSpace vulnerable to XML External Entity (XXE) injection in import via Simple Archive Format (SAF) or import from external sources |
| CVE-2025-53622 | 2025-07-15 | DSpace has path traversal vulnerability in Simple Archive Format (SAF) package import via contents file |
| CVE-2025-0831 | 2025-07-15 | Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 |
| CVE-2025-6971 | 2025-07-15 | Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 |
| CVE-2025-6972 | 2025-07-15 | Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 |
| CVE-2025-6973 | 2025-07-15 | Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 |
| CVE-2025-6974 | 2025-07-15 | Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 |
| CVE-2025-7042 | 2025-07-15 | Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 |
| CVE-2025-53959 | 2025-07-15 | In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible |
| CVE-2025-53895 | 2025-07-15 | ZITADEL has broken authN and authZ in session API and resulting session tokens |
| CVE-2025-53893 | 2025-07-15 | File Browser Vulnerable to Uncontrolled Memory Consumption Due to Oversized File Processing |
| CVE-2025-53826 | 2025-07-15 | FileBrowser Has Insecure JWT Handling Which Allows Session Replay Attacks after Logout |
| CVE-2025-7656 | 2025-07-15 | Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-6558 | 2025-07-15 | Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... |
| CVE-2025-7657 | 2025-07-15 | Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-53903 | 2025-07-15 | The Scratch Channel Has Potential Cross-Site Scripting (XSS) Vulnerability |
| CVE-2025-41236 | 2025-07-15 | VMXNET3 integer-overflow vulnerability |
| CVE-2025-41237 | 2025-07-15 | VMCI integer-underflow vulnerability |
| CVE-2025-41238 | 2025-07-15 | PVSCSI heap-overflow vulnerability |
| CVE-2025-41239 | 2025-07-15 | vSockets information-disclosure vulnerability |
| CVE-2025-30739 | 2025-07-15 | Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2025-49827 | 2025-07-15 | Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator |
| CVE-2025-30743 | 2025-07-15 | Vulnerability in the Oracle Lease and Finance Management product of Oracle E-Business Suite (component: Internal Operations). The supported version that is affected is 12.2.13. Easily exploitable vulnerability allows low privileged... |
| CVE-2025-30744 | 2025-07-15 | Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Multiplatform Sync Errors). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2025-30745 | 2025-07-15 | Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Supported versions that are affected are 12.2.12-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2025-30746 | 2025-07-15 | Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via... |
| CVE-2025-30747 | 2025-07-15 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2025-30748 | 2025-07-15 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2025-30749 | 2025-07-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE:... |
| CVE-2025-30750 | 2025-07-15 | Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Create User... |
| CVE-2025-30751 | 2025-07-15 | Vulnerability in the Oracle Database component of Oracle Database Server. Supported versions that are affected are 19.27 and 23.4-23.8. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create... |
| CVE-2025-30752 | 2025-07-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version that is affected is Oracle Java SE: 24.0.1; Oracle GraalVM... |
| CVE-2025-30753 | 2025-07-15 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2025-30754 | 2025-07-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:... |
| CVE-2025-30756 | 2025-07-15 | Vulnerability in Oracle REST Data Services (component: General). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle... |
| CVE-2025-30758 | 2025-07-15 | Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM (component: User Interface). Supported versions that are affected are 25.0-25.5. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2025-30759 | 2025-07-15 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security). Supported versions that are affected are 7.6.0.0.0, 8.2.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2025-30760 | 2025-07-15 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.3. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2025-30762 | 2025-07-15 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2025-50059 | 2025-07-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE:... |
| CVE-2025-50060 | 2025-07-15 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.6.0.0.0, 8.2.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2025-50061 | 2025-07-15 | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.0-20.12.21, 21.12.0-21.12.21, 22.12.0-22.12.19, 23.12.0-23.12.13 and 24.12.0-24.12.4.... |
| CVE-2025-50062 | 2025-07-15 | Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.51 and 9.2.52. Easily exploitable vulnerability... |
| CVE-2025-50063 | 2025-07-15 | Vulnerability in Oracle Java SE (component: Install). The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure... |
| CVE-2025-50064 | 2025-07-15 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2025-50065 | 2025-07-15 | Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Native Image). The supported version that is affected is Oracle GraalVM for JDK: 24.0.1. Difficult to exploit... |
| CVE-2025-50066 | 2025-07-15 | Vulnerability in the Oracle Database Materialized View component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having... |
| CVE-2025-50067 | 2025-07-15 | Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). Supported versions that are affected are 24.2.4 and 24.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via... |
| CVE-2025-50068 | 2025-07-15 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2025-50069 | 2025-07-15 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create... |
| CVE-2025-50070 | 2025-07-15 | Vulnerability in the JDBC component of Oracle Database Server. Supported versions that are affected are 23.4-23.8. Difficult to exploit vulnerability allows low privileged attacker having Authenticated OS User privilege with... |
| CVE-2025-50071 | 2025-07-15 | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Web Utilities). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2025-50072 | 2025-07-15 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2025-50073 | 2025-07-15 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2025-50076 | 2025-07-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.25. Easily exploitable vulnerability allows low privileged attacker with network access via... |
| CVE-2025-50077 | 2025-07-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2025-50078 | 2025-07-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2025-50079 | 2025-07-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2025-50080 | 2025-07-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2025-50081 | 2025-07-15 | Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker... |
| CVE-2025-50082 | 2025-07-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2025-50083 | 2025-07-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with... |