CVE List - 2025 / July
Showing 701 - 800 of 3776 CVEs for July 2025 (Page 8 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-53488 | 2025-07-07 | Stored XSS in WikiHiero |
| CVE-2025-6044 | 2025-07-07 | An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and... |
| CVE-2025-7141 | 2025-07-07 | SourceCodester Best Salon Management System Update Staff Page edit_plan.php cross site scripting |
| CVE-2025-53496 | 2025-07-07 | Stored XSS in MediaSearch |
| CVE-2025-53539 | 2025-07-07 | ReDoS in fastapi-guard's penetration attempts detector |
| CVE-2025-53540 | 2025-07-07 | CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution |
| CVE-2025-7142 | 2025-07-07 | SourceCodester Best Salon Management System search-appointment.php cross site scripting |
| CVE-2025-53543 | 2025-07-07 | Kestra allows Stored XSS before 0.22 |
| CVE-2025-7143 | 2025-07-07 | SourceCodester Best Salon Management System Update Tax Page edit-tax.php cross site scripting |
| CVE-2025-7144 | 2025-07-07 | SourceCodester Best Salon Management System Admin Profile Page admin-profile.php cross site scripting |
| CVE-2025-7147 | 2025-07-07 | CodeAstro Patient Record Management System login.php sql injection |
| CVE-2025-7148 | 2025-07-07 | CodeAstro Simple Hospital Management System POST Parameter patient.html cross site scripting |
| CVE-2025-7149 | 2025-07-07 | Campcodes Advanced Online Voting System candidates_delete.php sql injection |
| CVE-2025-7150 | 2025-07-07 | Campcodes Advanced Online Voting System voters_delete.php sql injection |
| CVE-2025-7151 | 2025-07-07 | Campcodes Advanced Online Voting System voters_add.php unrestricted upload |
| CVE-2025-7152 | 2025-07-07 | Campcodes Advanced Online Voting System candidates_add.php unrestricted upload |
| CVE-2025-29267 | 2025-07-08 | SQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP build v.PreBeta250F allows a remote attacker to obtain a sensitive information via the cid parameter in the GET request. |
| CVE-2025-47422 | 2025-07-08 | Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent... |
| CVE-2025-7153 | 2025-07-08 | CodeAstro Simple Hospital Management System POST Parameter doctor.html cross site scripting |
| CVE-2025-7154 | 2025-07-08 | TOTOLINK N200RE cstecgi.cgi sub_41A0F8 os command injection |
| CVE-2025-31326 | 2025-07-08 | HTML Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) |
| CVE-2025-42952 | 2025-07-08 | Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis |
| CVE-2025-42953 | 2025-07-08 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42954 | 2025-07-08 | Denial of service (DOS) in SAP NetWeaver Business Warehouse (CCAW application) |
| CVE-2025-42959 | 2025-07-08 | Missing Authentication check after implementation of SAP Security Note 3007182 and 3537476 |
| CVE-2025-42960 | 2025-07-08 | Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA BEx Tools |
| CVE-2025-42961 | 2025-07-08 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42962 | 2025-07-08 | Cross-Site Scripting (XSS) vulnerability in SAP Business Warehouse (Business Explorer Web 3.5 loading animation) |
| CVE-2025-42963 | 2025-07-08 | Insecure Deserialization in SAP NetWeaver Application Server for Java (Log Viewer ) |
| CVE-2025-42964 | 2025-07-08 | Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration |
| CVE-2025-42965 | 2025-07-08 | Server Side Request Forgery(SSRF) vulnerability in SAP BusinessObjects BI Platform Central Management Console Promotion Management Application |
| CVE-2025-42966 | 2025-07-08 | Insecure Deserialization vulnerability in SAP NetWeaver (XML Data Archiving Service) |
| CVE-2025-42967 | 2025-07-08 | Code Injection vulnerability in SAP S/4HANA and SAP SCM (Characteristic Propagation) |
| CVE-2025-42968 | 2025-07-08 | Missing Authorization check in SAP NetWeaver (RFC enabled function module) |
| CVE-2025-42969 | 2025-07-08 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2025-42970 | 2025-07-08 | Directory Traversal vulnerability in SAPCAR |
| CVE-2025-42971 | 2025-07-08 | Memory Corruption vulnerability in SAPCAR |
| CVE-2025-42973 | 2025-07-08 | Cross-Site Scripting (XSS) vulnerability in SAP Data Services (DQ Report) |
| CVE-2025-42974 | 2025-07-08 | Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN) |
| CVE-2025-42978 | 2025-07-08 | Insufficiently Secure Hostname Verification for Outbound TLS Connections in SAP NetWeaver Application Server Java |
| CVE-2025-42979 | 2025-07-08 | Insecure Key & Secret Management vulnerability in SAP GUI for Windows |
| CVE-2025-42980 | 2025-07-08 | Insecure Deserialization in SAP NetWeaver Enterprise Portal Federated Portal Network |
| CVE-2025-42981 | 2025-07-08 | Multiple vulnerabilities in SAP NetWeaver Application Server ABAP |
| CVE-2025-42985 | 2025-07-08 | Open Redirect vulnerability in SAP BusinessObjects Content Administrator workbench |
| CVE-2025-42986 | 2025-07-08 | Missing Authorization check in SAP NetWeaver and ABAP Platform |
| CVE-2025-42992 | 2025-07-08 | Multiple Privilege Escalation Vulnerabilities in SAPCAR |
| CVE-2025-43001 | 2025-07-08 | Multiple Privilege Escalation Vulnerabilities in SAPCAR |
| CVE-2025-7155 | 2025-07-08 | PHPGurukul Online Notes Sharing System Cookie Dashboard sql injection |
| CVE-2025-7146 | 2025-07-08 | Jhenggao iPublish System - Arbitrary File Reading through Path Traversal |
| CVE-2025-7156 | 2025-07-08 | hitsz-ids airda completions execute sql injection |
| CVE-2025-6244 | 2025-07-08 | Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Calendar` And `Business Reviews` Widgets |
| CVE-2025-5570 | 2025-07-08 | AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter |
| CVE-2025-20680 | 2025-07-08 | In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed.... |
| CVE-2025-20681 | 2025-07-08 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2025-20682 | 2025-07-08 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2025-20683 | 2025-07-08 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2025-20684 | 2025-07-08 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2025-20685 | 2025-07-08 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution... |
| CVE-2025-20686 | 2025-07-08 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution... |
| CVE-2025-20687 | 2025-07-08 | In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local denial of service with User execution privileges needed.... |
| CVE-2025-20688 | 2025-07-08 | In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed.... |
| CVE-2025-20689 | 2025-07-08 | In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed.... |
| CVE-2025-20690 | 2025-07-08 | In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed.... |
| CVE-2025-20691 | 2025-07-08 | In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed.... |
| CVE-2025-20692 | 2025-07-08 | In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed.... |
| CVE-2025-20693 | 2025-07-08 | In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution... |
| CVE-2025-20694 | 2025-07-08 | In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction... |
| CVE-2025-20695 | 2025-07-08 | In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction... |
| CVE-2025-7157 | 2025-07-08 | code-projects Online Note Sharing login.php sql injection |
| CVE-2025-7158 | 2025-07-08 | PHPGurukul Zoo Management System manage-normal-ticket.php sql injection |
| CVE-2025-7159 | 2025-07-08 | PHPGurukul Zoo Management System manage-animals.php sql injection |
| CVE-2025-7160 | 2025-07-08 | PHPGurukul Zoo Management System index.php sql injection |
| CVE-2025-7161 | 2025-07-08 | PHPGurukul Zoo Management System add-normal-ticket.php sql injection |
| CVE-2025-5537 | 2025-07-08 | Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.34 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2025-5957 | 2025-07-08 | Guest Support – Complete customer support ticket system for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Ticket Deletion |
| CVE-2025-7162 | 2025-07-08 | PHPGurukul Zoo Management System add-foreigners-ticket.php sql injection |
| CVE-2025-7163 | 2025-07-08 | PHPGurukul Zoo Management System add-animals.php sql injection |
| CVE-2025-7327 | 2025-07-08 | Widget for Google Reviews <= 1.0.15 - Authenticated (Subscriber+) Directory Traversal to Local File Inclusion |
| CVE-2025-7164 | 2025-07-08 | PHPGurukul/Campcodes Cyber Cafe Management System index.php sql injection |
| CVE-2025-7165 | 2025-07-08 | PHPGurukul/Campcodes Cyber Cafe Management System forgot-password.php sql injection |
| CVE-2025-7166 | 2025-07-08 | code-projects Responsive Blog Site single.php sql injection |
| CVE-2025-6743 | 2025-07-08 | WoodMart <= 8.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-6746 | 2025-07-08 | WoodMart <= 8.2.3 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2025-42956 | 2025-07-08 | Multiple vulnerabilities in SAP NetWeaver Application Server ABAP |
| CVE-2025-24002 | 2025-07-08 | MQTT DoS Vulnerability in German EV Charging Stations |
| CVE-2025-24003 | 2025-07-08 | MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations |
| CVE-2025-24004 | 2025-07-08 | USB-C Buffer Overflow via Display Interface in EV Charging Stations |
| CVE-2025-24005 | 2025-07-08 | Local Privilege Escalation via Vulnerable SSH Script |
| CVE-2025-24006 | 2025-07-08 | Privilege Escalation via Insecure SSH Permissions |
| CVE-2025-25268 | 2025-07-08 | Unauthenticated Configuration Access via Exposed API Endpoint |
| CVE-2025-25269 | 2025-07-08 | Local Privilege Escalation via Unauthenticated Command Injection |
| CVE-2025-25270 | 2025-07-08 | Remote Code Execution via Unauthenticated Configuration Manipulation |
| CVE-2025-25271 | 2025-07-08 | OCPP Backend Configuration via Insecure Defaults |
| CVE-2025-7167 | 2025-07-08 | code-projects Responsive Blog Site category.php sql injection |
| CVE-2025-41665 | 2025-07-08 | Phoenix Contact: DoS of the PLC due to incorrect default permissions possible |
| CVE-2025-41666 | 2025-07-08 | Phoenix Contact: File access due to the replacement of a critical file used by the watchdog |
| CVE-2025-41667 | 2025-07-08 | Phoenix Contact: File access due to the replacement of a critical file used by the arp-preinit script |
| CVE-2025-41668 | 2025-07-08 | Phoenix Contact: File access due to the replacement of a critical file used by the service security-profile |
| CVE-2025-7346 | 2025-07-08 | Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages |
| CVE-2025-7168 | 2025-07-08 | code-projects Crime Reporting System userlogin.php sql injection |