CVE List - 2025 / July
Showing 2301 - 2400 of 3776 CVEs for July 2025 (Page 24 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-53945 | 2025-07-18 | apko has incorrect permission (0666) in /etc/ld.so.cache and other files |
| CVE-2025-54059 | 2025-07-18 | melange creates SBOM files in APKs with world-writable permissions |
| CVE-2025-7791 | 2025-07-18 | PHPGurukul Online Security Guards Hiring System search.php cross site scripting |
| CVE-2025-54073 | 2025-07-18 | mcp-package-docs vulnerable to command injection in several tools |
| CVE-2025-54075 | 2025-07-18 | mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4) |
| CVE-2025-54076 | 2025-07-18 | WeGIA Reflected Cross-Site Scripting (XSS) vulnerability in endpoint 'pre_cadastro_atendido.php' parameter 'msg_e' |
| CVE-2025-54077 | 2025-07-18 | WeGIA Reflected Cross-Site Scripting (XSS) vulnerability in endpoint 'personalizacao.php' parameter 'err' |
| CVE-2025-54078 | 2025-07-18 | WeGIA Reflected Cross-Site Scripting (XSS) vulnerability in endpoint 'personalizacao_imagem.php' parameter 'err' |
| CVE-2025-54079 | 2025-07-18 | WeGIA vulnerable to SQL Injection (Blind Time-Based) in endpoint 'Profile_Atendido.php' parameter 'idatendido' |
| CVE-2025-7792 | 2025-07-18 | Tenda FH451 SafeEmailFilter formSafeEmailFilter stack-based overflow |
| CVE-2025-7793 | 2025-07-18 | Tenda FH451 webtypelibrary formWebTypeLibrary stack-based overflow |
| CVE-2025-7783 | 2025-07-18 | Usage of unsafe random function in form-data for choosing boundary |
| CVE-2025-7794 | 2025-07-18 | Tenda FH451 NatStaticSetting fromNatStaticSetting stack-based overflow |
| CVE-2025-49747 | 2025-07-18 | Azure Machine Learning Elevation of Privilege Vulnerability |
| CVE-2025-49746 | 2025-07-18 | Azure Machine Learning Elevation of Privilege Vulnerability |
| CVE-2025-47995 | 2025-07-18 | Azure Machine Learning Elevation of Privilege Vulnerability |
| CVE-2025-47158 | 2025-07-18 | Azure DevOps Server Elevation of Privilege Vulnerability |
| CVE-2025-53762 | 2025-07-18 | Microsoft Purview Elevation of Privilege Vulnerability |
| CVE-2025-53901 | 2025-07-18 | Wasmtime has host panic with `fd_renumber` WASIp1 function |
| CVE-2025-7795 | 2025-07-18 | Tenda FH451 P2pListFilter fromP2pListFilter stack-based overflow |
| CVE-2025-7796 | 2025-07-18 | Tenda FH451 PPTPDClient fromPptpUserAdd stack-based overflow |
| CVE-2025-7797 | 2025-07-18 | GPAC dash_client.c gf_dash_download_init_segment null pointer dereference |
| CVE-2025-7798 | 2025-07-18 | Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System companyManage sql injection |
| CVE-2025-7800 | 2025-07-18 | cgpandey hotelmis HTTP GET Request admin.php cross site scripting |
| CVE-2025-7801 | 2025-07-18 | BossSoft CRM HNDCBas_customPrmSearchDtl.jsp sql injection |
| CVE-2025-33014 | 2025-07-18 | IBM Sterling B2B Integrator and IBM Sterling File Gateway link injection |
| CVE-2025-7802 | 2025-07-18 | PHPGurukul Complaint Management System complaint-search.php cross site scripting |
| CVE-2025-7803 | 2025-07-18 | descreekert wx-discuz wx.php validToken cross site scripting |
| CVE-2025-7805 | 2025-07-18 | Tenda FH451 PPTPUserSetting fromPptpUserSetting stack-based overflow |
| CVE-2025-7806 | 2025-07-18 | Tenda FH451 SafeClientFilter fromSafeClientFilter stack-based overflow |
| CVE-2025-7807 | 2025-07-18 | Tenda FH451 SafeUrlFilter fromSafeUrlFilter stack-based overflow |
| CVE-2025-7814 | 2025-07-18 | code-projects Food Ordering Review System signup_function.php sql injection |
| CVE-2025-7395 | 2025-07-18 | Domain Name Validation Bypass with Apple Native Certificate Validation |
| CVE-2025-7394 | 2025-07-18 | In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This... |
| CVE-2025-7396 | 2025-07-18 | Curve25519 Blinding |
| CVE-2025-27209 | 2025-07-18 | The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings... |
| CVE-2025-27210 | 2025-07-18 | An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of `path.join` API. |
| CVE-2025-52924 | 2025-07-19 | In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header. |
| CVE-2025-54313 | 2025-07-19 | eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows. |
| CVE-2025-7655 | 2025-07-19 | Live Stream Badger <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-7661 | 2025-07-19 | Partnerský systém Martinus <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-7658 | 2025-07-19 | Temporarily Hidden Content <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-7653 | 2025-07-19 | EPay.bg Payments <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-7669 | 2025-07-19 | Avishi WP PayPal Payment Button <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7696 | 2025-07-19 | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function |
| CVE-2025-7697 | 2025-07-19 | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function |
| CVE-2025-29757 | 2025-07-19 | An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account. |
| CVE-2025-6721 | 2025-07-19 | Vchasno Kasa <= 1.0.3 - Missing Authorization to Unauthenticated Invoice Generation |
| CVE-2025-6720 | 2025-07-19 | Vchasno Kasa <= 1.0.3 - Unauthenticated Log File Clearing |
| CVE-2025-38350 | 2025-07-19 | net/sched: Always pass notifications when child class becomes empty |
| CVE-2025-6997 | 2025-07-19 | ThemeREX Addons <= 2.35.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trx_addons_get_svg_from_file Function |
| CVE-2015-10134 | 2025-07-19 | Simple Backup <= 2.7.10 - Arbitrary File Download via Path Traversal |
| CVE-2015-10136 | 2025-07-19 | GI-Media Library < 3.0 - Directory Traversal |
| CVE-2015-10135 | 2025-07-19 | WPshop 2 – E-Commerce < 1.3.9.6 - Arbitrary File Upload |
| CVE-2016-15043 | 2025-07-19 | WP Mobile Detector <= 3.5 - Arbitrary File Upload |
| CVE-2012-10019 | 2025-07-19 | Front-end Editor < 2.3 - Arbitrary File Upload |
| CVE-2015-10133 | 2025-07-19 | Subscribe to Comments <= 2.1.2 - Local File Includion |
| CVE-2025-7815 | 2025-07-19 | PHPGurukul Apartment Visitors Management System HTTP POST Request manage-newvisitors.php cross site scripting |
| CVE-2025-7816 | 2025-07-19 | PHPGurukul Apartment Visitors Management System HTTP POST Request visitor-detail.php cross site scripting |
| CVE-2015-10139 | 2025-07-19 | WPLMS Learning Management System for WordPress, WordPress LMS <= 1.8.4.1 - Privilege Escalation |
| CVE-2015-10138 | 2025-07-19 | Work The Flow File Upload <= 2.5.2 - Arbitrary File Upload |
| CVE-2025-7817 | 2025-07-19 | PHPGurukul Apartment Visitors Management System HTTP POST Request bwdates-reports.php cross site scripting |
| CVE-2025-38351 | 2025-07-19 | KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush |
| CVE-2025-7818 | 2025-07-19 | PHPGurukul Apartment Visitors Management System HTTP POST Request category.php cross site scripting |
| CVE-2025-7819 | 2025-07-19 | PHPGurukul Apartment Visitors Management System HTTP POST Request create-pass.php cross site scripting |
| CVE-2025-7823 | 2025-07-19 | Jinher OA ProjectScheduleDelete.aspx xml external entity reference |
| CVE-2025-7824 | 2025-07-19 | Jinher OA XmlHttp.aspx xml external entity reference |
| CVE-2025-7829 | 2025-07-19 | code-projects Church Donation System login.php sql injection |
| CVE-2025-7830 | 2025-07-19 | code-projects Church Donation System reg.php sql injection |
| CVE-2025-7831 | 2025-07-19 | code-projects Church Donation System Tithes.php sql injection |
| CVE-2025-7832 | 2025-07-19 | code-projects Church Donation System offering.php sql injection |
| CVE-2025-7833 | 2025-07-19 | code-projects Church Donation System giving.php sql injection |
| CVE-2025-7834 | 2025-07-19 | PHPGurukul Complaint Management System cross-site request forgery |
| CVE-2025-7836 | 2025-07-19 | D-Link DIR-816L Environment Variable cgibin lxmldbc_system command injection |
| CVE-2025-7837 | 2025-07-19 | TOTOLINK T6 MQTT Service recvSlaveStaInfo buffer overflow |
| CVE-2025-7838 | 2025-07-19 | Campcodes Online Movie Theater Seat Reservation System manage_seat.php sql injection |
| CVE-2025-7840 | 2025-07-19 | Campcodes Online Movie Theater Seat Reservation System Reserve Your Seat Page index.php cross site scripting |
| CVE-2025-7853 | 2025-07-19 | Tenda FH451 SetIpBind fromSetIpBind stack-based overflow |
| CVE-2025-7854 | 2025-07-19 | Tenda FH451 VirtualSer fromVirtualSer stack-based overflow |
| CVE-2025-7855 | 2025-07-19 | Tenda FH451 qossetting fromqossetting stack-based overflow |
| CVE-2025-7856 | 2025-07-19 | PHPGurukul Apartment Visitors Management System HTTP POST Request pass-details.php cross site scripting |
| CVE-2025-7857 | 2025-07-19 | PHPGurukul Apartment Visitors Management System HTTP POST Request bwdates-passreports-details.php cross site scripting |
| CVE-2025-7858 | 2025-07-19 | PHPGurukul Apartment Visitors Management System HTTP POST Request admin-profile.php cross site scripting |
| CVE-2025-47917 | 2025-07-20 | Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented... |
| CVE-2025-48965 | 2025-07-20 | Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero. |
| CVE-2025-49087 | 2025-07-20 | In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used. |
| CVE-2025-54314 | 2025-07-20 | Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with... |
| CVE-2025-54316 | 2025-07-20 | An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be... |
| CVE-2025-54317 | 2025-07-20 | An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code... |
| CVE-2025-54319 | 2025-07-20 | An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging information (syslog verbose logging that... |
| CVE-2025-7859 | 2025-07-20 | code-projects Church Donation System update_password_admin.php sql injection |
| CVE-2025-7860 | 2025-07-20 | code-projects Church Donation System login_admin.php sql injection |
| CVE-2025-7861 | 2025-07-20 | code-projects Church Donation System search.php sql injection |
| CVE-2025-53770 | 2025-07-20 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2025-7862 | 2025-07-20 | TOTOLINK T6 Telnet Service cstecgi.cgi setTelnetCfg missing authentication |
| CVE-2025-7863 | 2025-07-20 | thinkgem JeeSite ServletUtils.java redirectUrl |
| CVE-2025-7864 | 2025-07-20 | thinkgem JeeSite FileUploadController.java upload unrestricted upload |
| CVE-2025-7865 | 2025-07-20 | thinkgem JeeSite XSS Filter EncodeUtils.java xssFilter cross site scripting |
| CVE-2025-7866 | 2025-07-20 | Portabilis i-Educar Disabilities Module educar_deficiencia_lst.php cross site scripting |
| CVE-2025-7867 | 2025-07-20 | Portabilis i-Educar Agenda agenda.php cross site scripting |