CVE List - 2025 / July
Showing 2501 - 2600 of 3776 CVEs for July 2025 (Page 26 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-0664 | 2025-07-21 | A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the... |
| CVE-2025-4685 | 2025-07-21 | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2025-7369 | 2025-07-21 | Shortcodes Ultimate <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode Execution |
| CVE-2025-7354 | 2025-07-21 | WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes |
| CVE-2025-4049 | 2025-07-21 | Hardcoded SQLite password in FARA |
| CVE-2025-4569 | 2025-07-21 | An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the... |
| CVE-2025-4570 | 2025-07-21 | An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the... |
| CVE-2025-1469 | 2025-07-21 | IDOR in Turtek Software's Eyotek |
| CVE-2024-6107 | 2025-07-21 | Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated... |
| CVE-2025-41673 | 2025-07-21 | Remote Command Injection in send_sms Action Due to Improper Input Neutralization |
| CVE-2025-41674 | 2025-07-21 | Remote Command Injection in diagnostic Action Due to Improper Input Neutralization |
| CVE-2025-41675 | 2025-07-21 | Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization |
| CVE-2025-41676 | 2025-07-21 | Resource Exhaustion via POST Requests to send-sms Action |
| CVE-2025-41677 | 2025-07-21 | Resource Exhaustion via POST Requests to send-mail Action |
| CVE-2025-49656 | 2025-07-21 | Apache Jena: Administrative users can create files outside the server directory space via the admin UI |
| CVE-2025-41678 | 2025-07-21 | SQL Injection via POST Requests Allowing Configuration Database Manipulation |
| CVE-2025-41679 | 2025-07-21 | Unauthenticated Buffer Overflow in Conftool Service Leading to Denial of Service |
| CVE-2025-41681 | 2025-07-21 | Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input |
| CVE-2025-50151 | 2025-07-21 | Apache Jena: Configuration files uploaded by administrative users are not check properly |
| CVE-2025-41458 | 2025-07-21 | Insecure data storage vulnerability in Two App Studio Journey v5.5.9 for iOS |
| CVE-2025-41459 | 2025-07-21 | Insecure authentication due to missing bruteforce protection and runtime manipulation in Two App Studio Journey 5.5.6 for iOS |
| CVE-2025-7924 | 2025-07-21 | PHPGurukul Online Banquet Booking System admin-profile.php cross site scripting |
| CVE-2025-5681 | 2025-07-21 | IDOR in Turtek Software's Eyotek |
| CVE-2025-2301 | 2025-07-21 | IDOR in Akbim Software's Online Exam Registration |
| CVE-2025-4040 | 2025-07-21 | IDOR in Turpak's Automatic Station Monitoring System |
| CVE-2025-7925 | 2025-07-21 | PHPGurukul Online Banquet Booking System login.php cross site scripting |
| CVE-2025-41100 | 2025-07-21 | Incorrect authentication in ParkingDoor |
| CVE-2025-30192 | 2025-07-21 | A Recursor configured to send out ECS enabled queries can be sensitive to spoofing attempts |
| CVE-2025-6704 | 2025-07-21 | An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a... |
| CVE-2025-7624 | 2025-07-21 | An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is... |
| CVE-2025-7382 | 2025-07-21 | A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices,... |
| CVE-2025-7926 | 2025-07-21 | PHPGurukul Online Banquet Booking System booking-search.php cross site scripting |
| CVE-2024-13974 | 2025-07-21 | A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code... |
| CVE-2024-13973 | 2025-07-21 | A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution. |
| CVE-2025-4129 | 2025-07-21 | IDOR in PAVO Inc.'s PAVO Pay |
| CVE-2025-4130 | 2025-07-21 | Hardcoded Credentials in PAVO Inc.'s PAVO Pay |
| CVE-2025-6235 | 2025-07-21 | ExtremeControl (NAC) 'onmouseover' XSS |
| CVE-2025-7927 | 2025-07-21 | PHPGurukul Online Banquet Booking System view-user-queries.php sql injection |
| CVE-2025-7928 | 2025-07-21 | code-projects Church Donation System edit_user.php sql injection |
| CVE-2025-7929 | 2025-07-21 | code-projects Church Donation System edit_Members.php sql injection |
| CVE-2025-7930 | 2025-07-21 | code-projects Church Donation System add_members.php sql injection |
| CVE-2025-36603 | 2025-07-21 | Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure... |
| CVE-2025-54082 | 2025-07-21 | nova-tiptap has an Unauthenticated Arbitrary File Upload Vulnerability |
| CVE-2025-32744 | 2025-07-21 | Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. |
| CVE-2025-7931 | 2025-07-21 | code-projects Church Donation System admin_pic.php unrestricted upload |
| CVE-2025-30477 | 2025-07-21 | Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability,... |
| CVE-2025-7393 | 2025-07-21 | Mail Login - Critical - Access bypass - SA-CONTRIB-2025-088 |
| CVE-2025-7392 | 2025-07-21 | Cookies Addons - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-087 |
| CVE-2025-7715 | 2025-07-21 | Block Attributes - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-090 |
| CVE-2025-7716 | 2025-07-21 | Real-time SEO for Drupal - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-091 |
| CVE-2025-7717 | 2025-07-21 | File Download - Moderately critical - Access bypass - SA-CONTRIB-2025-089 |
| CVE-2025-7932 | 2025-07-21 | D-Link DIR‑817L ssdpcgi lxmldbc_system command injection |
| CVE-2025-7962 | 2025-07-21 | In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages. |
| CVE-2025-52575 | 2025-07-21 | EspoCRM vulnerable to LDAP Injection through Improper Neutralization of Special Elements |
| CVE-2025-7933 | 2025-07-21 | Campcodes Sales and Inventory System Setting settings_update.php sql injection |
| CVE-2025-36107 | 2025-07-21 | IBM Cognos Analytics Mobile (iOS) information disclosure |
| CVE-2025-36106 | 2025-07-21 | IBM Cognos Analytics Mobile (iOS) information disclosure |
| CVE-2025-36062 | 2025-07-21 | IBM Cognos Analytics Mobile (iOS) information disclosure |
| CVE-2025-36057 | 2025-07-21 | IBM Cognos Analytics Mobile (iOS) authentication bypass |
| CVE-2025-7934 | 2025-07-21 | fuyang_lipengjun platform ScheduleJobController.java queryPage sql injection |
| CVE-2025-7935 | 2025-07-21 | fuyang_lipengjun platform SysLogController.java SysLogController sql injection |
| CVE-2025-7936 | 2025-07-21 | fuyang_lipengjun platform ScheduleJobLogController.java queryPage sql injection |
| CVE-2025-7222 | 2025-07-21 | Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-7223 | 2025-07-21 | INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-7224 | 2025-07-21 | INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-7225 | 2025-07-21 | INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-7226 | 2025-07-21 | INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-7227 | 2025-07-21 | INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-7228 | 2025-07-21 | INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-7229 | 2025-07-21 | INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-7230 | 2025-07-21 | INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability |
| CVE-2025-7231 | 2025-07-21 | INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-7251 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7252 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7235 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-7250 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7236 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7240 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7241 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7242 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7243 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7249 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7253 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7233 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2025-7234 | 2025-07-21 | IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-7254 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7244 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7246 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7247 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7255 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7248 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7256 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7257 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7237 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7238 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-7239 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7258 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-7260 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-7261 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7262 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |