CVE List - 2025 / July
Showing 2101 - 2200 of 3776 CVEs for July 2025 (Page 22 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-53932 | 2025-07-16 | WeGIA vulnerable to Reflected Cross-Site Scripting via endpoint 'cadastro_adotante.php' parameter 'cpf' |
| CVE-2025-7357 | 2025-07-16 | Plaintext Storage of a Password in LITEON IC48A and IC80A EV Chargers |
| CVE-2025-53933 | 2025-07-16 | WeGIA vulnerable to Stored Cross-Site Scripting via endpoint 'adicionar_enfermidade.php' parameter 'nome' |
| CVE-2025-47053 | 2025-07-16 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-53934 | 2025-07-16 | WeGIA vulnerable to Stored Cross-Site Scripting via endpoint 'control.php' parameter 'descricao_emergencia' |
| CVE-2025-53935 | 2025-07-16 | WeGIA vulnerable to Reflected Cross-Site Scripting via endpoint `personalizacao_selecao.php` parameter `id` |
| CVE-2025-53936 | 2025-07-16 | WeGIA vulnerable to Reflected Cross-Site Scripting via endpoint `personalizacao_selecao.php` parameter `nome_car` |
| CVE-2025-53937 | 2025-07-16 | WeGIA has SQL Injection (Blind Time-Based) Vulnerability in `cargo` Parameter on `control.php` Endpoint |
| CVE-2025-53938 | 2025-07-16 | WeGIA vulnerable to Authentication Bypass due to Missing Session Validation in multiple endpoints |
| CVE-2025-53943 | 2025-07-16 | VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution |
| CVE-2025-20274 | 2025-07-16 | Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability |
| CVE-2025-20272 | 2025-07-16 | Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Blind SQL Injection Vulnerability |
| CVE-2025-20283 | 2025-07-16 | Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability |
| CVE-2025-20284 | 2025-07-16 | Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability |
| CVE-2025-20288 | 2025-07-16 | Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability |
| CVE-2025-20285 | 2025-07-16 | Cisco Identity Services Engine IP Filter Access Restriction for Admin Access Configuration Bypass Vulnerability |
| CVE-2025-20337 | 2025-07-16 | Cisco ISE API Unauthenticated Remote Code Execution Vulnerability |
| CVE-2025-53904 | 2025-07-16 | The Scratch Channel Has Potential Reflected Cross-Site Scripting (XSS) Vulnerability |
| CVE-2025-40777 | 2025-07-16 | A possible assertion failure when 'stale-answer-client-timeout' is set to '0' |
| CVE-2025-37105 | 2025-07-16 | An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. |
| CVE-2025-36097 | 2025-07-16 | IBM WebSphere Application Server denial of service |
| CVE-2025-37106 | 2025-07-16 | An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. |
| CVE-2025-37107 | 2025-07-16 | An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. |
| CVE-2025-53908 | 2025-07-16 | RomM vulnerable to Authenticated Path Traversal |
| CVE-2025-6982 | 2025-07-16 | Hardcoded DES Decryption Keys in TP-Link Archer C50 V3/V4/V5 |
| CVE-2025-6983 | 2025-07-16 | Clickjacking vulnerability on the management web application of TP-LINK Archer C1200 |
| CVE-2025-34117 | 2025-07-16 | Netcore / Netis Routers RCE via UDP Port 53413 Backdoor |
| CVE-2025-34118 | 2025-07-16 | Linknat VOS Manager Path Traversal File Disclosure |
| CVE-2025-34119 | 2025-07-16 | EasyCafe Server 2.2.14 Remote File Disclosure via Opcode 0x43 |
| CVE-2025-34120 | 2025-07-16 | LimeSurvey 2.0+ - 2.06+ Unauthenticated Arbitrary File Download via Serialized Backup Payload |
| CVE-2025-34121 | 2025-07-16 | Idera Up.Time ≤ 7.2 post2file.php Arbitrary File Upload RCE |
| CVE-2025-34123 | 2025-07-16 | VideoCharge Studio 2.12.3.685 SEH Buffer Overflow via .VSC File |
| CVE-2025-34124 | 2025-07-16 | Heroes of Might and Magic III .h3m Map File Buffer Overflow |
| CVE-2025-34125 | 2025-07-16 | D-Link DSP-W110A1 Cookie Command Injection |
| CVE-2025-34126 | 2025-07-16 | RIPS Scanner v0.54 Path Traversal |
| CVE-2025-34127 | 2025-07-16 | Achat v0.150 SEH Buffer Overflow via UDP |
| CVE-2025-34128 | 2025-07-16 | X360 VideoPlayer ActiveX Control Buffer Overflow via ConvertFile() |
| CVE-2025-34129 | 2025-07-16 | LILIN DVR RCE via Malicious FTP/NTP Configuration |
| CVE-2025-34130 | 2025-07-16 | LILIN DVR Arbitrary File Read via net_html.cgi |
| CVE-2025-34132 | 2025-07-16 | LILIN DVR Command Injection via NTPUpdate in dvr_box |
| CVE-2023-41566 | 2025-07-17 | OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain... |
| CVE-2023-47356 | 2025-07-17 | Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution (RCE) vulnerability via the log_type parameter at /log/fw_security.mds. |
| CVE-2024-32323 | 2025-07-17 | SQL Injection vulnerability in cnhcit.com Haichang OA v.1.0.0 allows a remote attacker to obtain sensitive information via the if parameter in hcit.project.rte.agents.UploadImages.class. |
| CVE-2025-46102 | 2025-07-17 | Cross Site Scripting vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version V.5.4.3 allows a remote attacker to obtain sensitive information via the URL... |
| CVE-2025-47189 | 2025-07-17 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data of certain user flows, a different vulnerability than CVE-2025-54392. |
| CVE-2025-50240 | 2025-07-17 | nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin. |
| CVE-2025-51497 | 2025-07-17 | An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into... |
| CVE-2025-51630 | 2025-07-17 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules. |
| CVE-2025-52046 | 2025-07-17 | Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands... |
| CVE-2025-53867 | 2025-07-17 | Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL. |
| CVE-2025-53964 | 2025-07-17 | GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in... |
| CVE-2025-7728 | 2025-07-17 | Scada-LTS users.shtm cross site scripting |
| CVE-2025-5396 | 2025-07-17 | Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution |
| CVE-2025-7729 | 2025-07-17 | Scada-LTS usersProfiles.shtm cross site scripting |
| CVE-2025-7712 | 2025-07-17 | Madara - Core <= 2.2.3 - Unauthenticated Arbitrary File Deletion |
| CVE-2025-7735 | 2025-07-17 | UNIMAX|Hospital Information System - SQL Injection |
| CVE-2025-4302 | 2025-07-17 | Stop User Enumeration < 1.7.3 - Protection Bypass |
| CVE-2025-3415 | 2025-07-17 | Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions... |
| CVE-2025-5345 | 2025-07-17 | Exposed AIDL service allowing to read and delete files with system-level privileges in Bluebird filemanager application |
| CVE-2025-5344 | 2025-07-17 | Exposed AIDL service allowing for tampering of system secure settings in Bluebird kiosk application |
| CVE-2025-5346 | 2025-07-17 | File removal via path traversal in unsecured broadcast receiver in Bluebird barcode scanner application |
| CVE-2025-40924 | 2025-07-17 | Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely |
| CVE-2025-53909 | 2025-07-17 | mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template |
| CVE-2025-53927 | 2025-07-17 | MaxKB sandbox bypass |
| CVE-2025-53928 | 2025-07-17 | MaxKB has RCE in MCP call |
| CVE-2025-1713 | 2025-07-17 | deadlock potential with VT-d and legacy PCI device pass-through |
| CVE-2025-53941 | 2025-07-17 | Hollo renders posts received with form elements and allows submission |
| CVE-2025-53946 | 2025-07-17 | WeGIA vulnerable to SQL Injection in endpoint profile_paciente.php parameter id_fichamedica |
| CVE-2025-54058 | 2025-07-17 | WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarEndereco.php Endpoint |
| CVE-2025-54060 | 2025-07-17 | WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarInfoPessoal.php Endpoint |
| CVE-2025-54061 | 2025-07-17 | WeGIASQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarDoc.php Endpoint |
| CVE-2025-54062 | 2025-07-17 | WeGIA SQL Injection (Blind Time-Based) Vulnerability in id_dependente Parameter on profile_dependente.php Endpoint |
| CVE-2025-54064 | 2025-07-17 | rucio-server, rucio-ui, and rucio-webui vulnerable to insertion of X-Rucio-Auth-Token in apache access logfiles |
| CVE-2025-54066 | 2025-07-17 | DiracX-Web login page has Open Redirect vulnerability |
| CVE-2025-25257 | 2025-07-17 | An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below... |
| CVE-2025-7338 | 2025-07-17 | Multer vulnerable to Denial of Service via unhandled exception from malformed request |
| CVE-2025-7339 | 2025-07-17 | on-headers vulnerable to http response header manipulation |
| CVE-2025-7747 | 2025-07-17 | Tenda FH451 POST Request WizardHandle fromWizardHandle buffer overflow |
| CVE-2025-23263 | 2025-07-17 | NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN. |
| CVE-2025-7748 | 2025-07-17 | ZCMS Create Article Page cross site scripting |
| CVE-2025-53638 | 2025-07-17 | Solady lacks extcodesize validation on implementation in ERC4337Factory |
| CVE-2025-53644 | 2025-07-17 | OpenCV contains a use after free buffer write due to an uninitialized pointer |
| CVE-2025-7749 | 2025-07-17 | code-projects Online Appointment Booking System getmanagerregion.php sql injection |
| CVE-2025-53816 | 2025-07-17 | GHSL-2025-058 - 7-Zip Multi-byte write heap buffer overflow in NCompress::NRar5::CDecoder |
| CVE-2025-53817 | 2025-07-17 | GHSL-2025-059 - 7-Zip - Null pointer array write attempt in NArchive::NCom::CHandler::GetStream |
| CVE-2025-54068 | 2025-07-17 | Livewire vulnerable to remote command execution during property update hydration |
| CVE-2025-54070 | 2025-07-17 | OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers |
| CVE-2025-7472 | 2025-07-17 | A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run... |
| CVE-2025-7750 | 2025-07-17 | code-projects Online Appointment Booking System adddoctorclinic.php sql injection |
| CVE-2024-13972 | 2025-07-17 | A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during... |
| CVE-2025-23266 | 2025-07-17 | NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit... |
| CVE-2025-7433 | 2025-07-17 | A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution. |
| CVE-2024-39289 | 2025-07-17 | Unsafe use of eval() method in rosparam tool |
| CVE-2024-39835 | 2025-07-17 | Unsafe use of eval() method in roslaunch tool |
| CVE-2024-41148 | 2025-07-17 | Unsafe use of eval() method in rostopic hz tool |
| CVE-2024-41921 | 2025-07-17 | Unsafe use of eval() method in rostopic echo tool |
| CVE-2025-7751 | 2025-07-17 | code-projects Online Appointment Booking System addclinic.php sql injection |
| CVE-2025-3753 | 2025-07-17 | Unsafe use of eval() method in rosbag tool |
| CVE-2025-0886 | 2025-07-17 | An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges. |
| CVE-2025-1700 | 2025-07-17 | A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software. |