CVE List - 2025 / July
Showing 2201 - 2300 of 3776 CVEs for July 2025 (Page 23 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-1729 | 2025-07-17 | A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges. |
| CVE-2025-2818 | 2025-07-17 | A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction... |
| CVE-2025-6230 | 2025-07-17 | A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands. |
| CVE-2025-6231 | 2025-07-17 | An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file. |
| CVE-2025-6232 | 2025-07-17 | An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations. |
| CVE-2025-6248 | 2025-07-17 | A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page with specially crafted... |
| CVE-2025-6249 | 2025-07-17 | An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data. |
| CVE-2025-4657 | 2025-07-17 | A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local... |
| CVE-2024-42209 | 2025-07-17 | HCL Connections is vulnerable to an information disclosure vulnerability |
| CVE-2025-7752 | 2025-07-17 | code-projects Online Appointment Booking System deletedoctor.php sql injection |
| CVE-2025-23267 | 2025-07-17 | NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful... |
| CVE-2025-7753 | 2025-07-17 | code-projects Online Appointment Booking System adddoctor.php sql injection |
| CVE-2025-23270 | 2025-07-17 | NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of... |
| CVE-2025-7754 | 2025-07-17 | code-projects Patient Record Management System xray_form.php sql injection |
| CVE-2025-23269 | 2025-07-17 | NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predictor state that influences transient execution.... |
| CVE-2025-7755 | 2025-07-17 | code-projects Online Ordering System edit_product.php unrestricted upload |
| CVE-2025-7756 | 2025-07-17 | code-projects E-Commerce Site cross-site request forgery |
| CVE-2025-7757 | 2025-07-17 | PHPGurukul Land Record System edit-property.php sql injection |
| CVE-2025-7758 | 2025-07-17 | TOTOLINK T6 HTTP POST Request cstecgi.cgi setDiagnosisCfg buffer overflow |
| CVE-2025-7398 | 2025-07-17 | Medium Strength Cipher Suites detected on port on ports 9000 and 8036 |
| CVE-2025-7759 | 2025-07-17 | thinkgem JeeSite UEditor Image Grabber ActionEnter.java server-side request forgery |
| CVE-2025-7762 | 2025-07-17 | D-Link DI-8100 HTTP Request menu_nat_more.asp stack-based overflow |
| CVE-2025-6391 | 2025-07-17 | JSON Web Token (JWT) Exposure in Log Files |
| CVE-2025-7397 | 2025-07-17 | CLI history displays inline passwords |
| CVE-2025-7763 | 2025-07-17 | thinkgem JeeSite Site Controller SiteController.java select redirect |
| CVE-2025-7764 | 2025-07-17 | code-projects Online Appointment Booking System deletedoctorclinic.php sql injection |
| CVE-2025-7765 | 2025-07-17 | code-projects Online Appointment Booking System addmanagerclinic.php sql injection |
| CVE-2025-6185 | 2025-07-17 | Leviton AcquiSuite and Energy Monitoring Hub Cross-site Scripting |
| CVE-2025-45156 | 2025-07-18 | Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users. |
| CVE-2025-45157 | 2025-07-18 | Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users. |
| CVE-2025-46000 | 2025-07-18 | An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. |
| CVE-2025-46001 | 2025-07-18 | An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2025-46002 | 2025-07-18 | An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint. |
| CVE-2025-50581 | 2025-07-18 | MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do. |
| CVE-2025-50582 | 2025-07-18 | StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Course module. |
| CVE-2025-50583 | 2025-07-18 | StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module. |
| CVE-2025-50584 | 2025-07-18 | StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Teacher module. |
| CVE-2025-50585 | 2025-07-18 | StudentManage v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/adminStudentUrl. |
| CVE-2025-50586 | 2025-07-18 | StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF). |
| CVE-2025-50708 | 2025-07-18 | An issue in Perplexity AI GPT-4 v.2.51.0 allows a remote attacker to obtain sensitive information via the token component in the shared chat URL |
| CVE-2025-52162 | 2025-07-18 | agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data... |
| CVE-2025-52163 | 2025-07-18 | A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external... |
| CVE-2025-52164 | 2025-07-18 | Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext. |
| CVE-2025-52166 | 2025-07-18 | Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensitive components and information. |
| CVE-2025-52168 | 2025-07-18 | Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system. |
| CVE-2025-52169 | 2025-07-18 | agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. |
| CVE-2025-54309 | 2025-07-18 | CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS,... |
| CVE-2025-54310 | 2025-07-18 | qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp. |
| CVE-2025-7767 | 2025-07-18 | PHPGurukul Art Gallery Management System edit-art-medium-detail.php cross site scripting |
| CVE-2025-7431 | 2025-07-18 | Knowledge Base <= 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug |
| CVE-2025-7648 | 2025-07-18 | Ruven Themes: Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-3740 | 2025-07-18 | School Management System for Wordpress <= 93.1.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update |
| CVE-2025-6813 | 2025-07-18 | aapanel WP Toolkit 1.0 - 1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via auto_login() Function |
| CVE-2025-5816 | 2025-07-18 | Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship <= 3.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) View Order Tracking Details |
| CVE-2025-7638 | 2025-07-18 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter |
| CVE-2025-7660 | 2025-07-18 | Map My Locations <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-6053 | 2025-07-18 | Zuppler Online Ordering <= 2.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-6781 | 2025-07-18 | Copymatic – AI Content Writer & Generator <= 2.1 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-6222 | 2025-07-18 | WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File Upload |
| CVE-2025-6718 | 2025-07-18 | B1.lt for WooCommerce <= 2.2.56 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Injection |
| CVE-2025-5754 | 2025-07-18 | Useful Tab Block – Responsive & AMP-Compatible <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter |
| CVE-2025-7643 | 2025-07-18 | Attachment Manager <= 2.1.2 - Unauthenticated Arbitrary File Deletion |
| CVE-2025-6726 | 2025-07-18 | Block Editor Gallery Slider <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Limited Post Meta Update |
| CVE-2025-6719 | 2025-07-18 | Terms descriptions <= 3.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-5767 | 2025-07-18 | Crowdfunding for WooCommerce <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter |
| CVE-2025-6717 | 2025-07-18 | B1.lt for WooCommerce <= 2.2.56 - Authenticated (Subscriber+) SQL Injection |
| CVE-2025-5752 | 2025-07-18 | Vertical scroll image slideshow gallery <= 11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter |
| CVE-2025-5800 | 2025-07-18 | Testimonial Post type <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play Parameter |
| CVE-2025-5811 | 2025-07-18 | Listly: Listicles For WordPress <= 2.7 - Unauthenticated Arbitrary Transient Deletion |
| CVE-2025-7772 | 2025-07-18 | Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read |
| CVE-2025-7438 | 2025-07-18 | MasterStudy LMS – Online Courses, eLearning PRO Plus <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-26854 | 2025-07-18 | Extension - joomcar.net - SQL injection in Articles Good Search 1.0.0 - 1.2.4.0011 for Joomla |
| CVE-2025-26855 | 2025-07-18 | Extension - joomcar.net - SQL injection in Articles Calendar 1.0.0 - 1.0.1.0007 for Joomla |
| CVE-2025-6023 | 2025-07-18 | An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be... |
| CVE-2025-6197 | 2025-07-18 | An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on... |
| CVE-2025-38349 | 2025-07-18 | eventpoll: don't decrement ep refcount while still holding the ep mutex |
| CVE-2024-27779 | 2025-07-18 | An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3... |
| CVE-2024-32124 | 2025-07-18 | An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted... |
| CVE-2025-7444 | 2025-07-18 | LoginPress Pro <= 5.0.1 - Authentication Bypass via WordPress.com OAuth provider |
| CVE-2025-6226 | 2025-07-18 | IDOR in CreatePost API allows for timeboxed message disclosure |
| CVE-2025-6233 | 2025-07-18 | Arbitrary file read by system admin via path traversal |
| CVE-2025-2425 | 2025-07-18 | TOCTOU race condition vulnerability in ESET products on Windows |
| CVE-2025-49486 | 2025-07-18 | Extension - balbooa.com - Stored XSS in Balbooa Gallery component version 1.0.0 - 2.4.0 for Joomla |
| CVE-2025-49485 | 2025-07-18 | Extension - balbooa.com - SQL injection in Balbooa Forms component version 1.0.0 - 2.3.1.1 for Joomla |
| CVE-2025-50056 | 2025-07-18 | Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.28 for Joomla |
| CVE-2025-50057 | 2025-07-18 | Extension - rsjoomla.com - DOS vulnerability RSFiles! component 1.16.3-1.17.7 for Joomla |
| CVE-2025-50058 | 2025-07-18 | Extension - rsjoomla.com - Stored XSS vulnerability in RSDirectory! component 1.16.3-1.17.7 for Joomla |
| CVE-2025-50126 | 2025-07-18 | Extension - rsjoomla.com - Stored XSS vulnerability RSBlog! component 1.11.6-1.14.5 for Joomla |
| CVE-2025-49484 | 2025-07-18 | Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.1 for Joomla |
| CVE-2025-6227 | 2025-07-18 | Invite token is used as part of the secure communication |
| CVE-2025-7785 | 2025-07-18 | thinkgem JeeSite SsoController.java sso redirect |
| CVE-2025-7786 | 2025-07-18 | Gnuboard g6 Post Reply qa cross site scripting |
| CVE-2025-7784 | 2025-07-18 | Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled) |
| CVE-2024-13175 | 2025-07-18 | IDOR in Vidco Software's VOC TESTER |
| CVE-2025-7787 | 2025-07-18 | Xuxueli xxl-job SampleXxlJob.java httpJobHandler server-side request forgery |
| CVE-2025-7788 | 2025-07-18 | Xuxueli xxl-job SampleXxlJob.java commandJobHandler os command injection |
| CVE-2025-46732 | 2025-07-18 | OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users |
| CVE-2025-7789 | 2025-07-18 | Xuxueli xxl-job Token Generation IndexController.java makeToken weak password hash |
| CVE-2025-7790 | 2025-07-18 | D-Link DI-8100 HTTP Request menu_nat.asp stack-based overflow |
| CVE-2025-53888 | 2025-07-18 | RIOT-OS has an ineffective size check that can lead to buffer overflow in link layer address filter /sys/net/link_layer/l2filter/l2filter.c |