CVE List - 2025 / July
Showing 2601 - 2700 of 3776 CVEs for July 2025 (Page 27 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-7263 | 2025-07-21 | IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7264 | 2025-07-21 | IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7265 | 2025-07-21 | IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7266 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7267 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7268 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7269 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7270 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7273 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7271 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7272 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7275 | 2025-07-21 | IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7276 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7277 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7274 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7278 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7279 | 2025-07-21 | IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7280 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7281 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7282 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7283 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7286 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7287 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7288 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7289 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7284 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7285 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7290 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7291 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7292 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7293 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7298 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7294 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7295 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7297 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7296 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7300 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7301 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7302 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7303 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7304 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7305 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7306 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7307 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7308 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7310 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7309 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7311 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7312 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7938 | 2025-07-21 | jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java updateGoods authorization |
| CVE-2025-7313 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7314 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7315 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7316 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7317 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7318 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7319 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7320 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7321 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7322 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7323 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7324 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-7325 | 2025-07-21 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-7299 | 2025-07-21 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-54121 | 2025-07-21 | Starlette has possible denial-of-service vector when parsing large files in multipart forms |
| CVE-2025-54071 | 2025-07-21 | RomM's authenticated arbitrary file write vulnerability can lead to Remote Code Execution |
| CVE-2025-53528 | 2025-07-21 | Cadwyn is vulnerable to an XSS attack through its docs page |
| CVE-2025-53832 | 2025-07-21 | @translated/lara-mcp vulnerable to command injection in import_tmx tool |
| CVE-2025-54122 | 2025-07-21 | Manager-io/Manager allows unauthenticated full read server-side request forgery in "proxy" endpoint |
| CVE-2025-7939 | 2025-07-21 | jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java addGoods unrestricted upload |
| CVE-2025-54127 | 2025-07-21 | HAXcms's Insecure Default Configuration Leads to Unauthenticated Access |
| CVE-2025-54128 | 2025-07-21 | HAX CMS NodeJs's Disabled Content Security Policy Enables Cross-Site Scripting |
| CVE-2025-54129 | 2025-07-21 | HAXiam allows for User Enumeration |
| CVE-2025-54134 | 2025-07-21 | HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service |
| CVE-2025-7940 | 2025-07-21 | Genshin Albedo Cat House App com.house.auscat AndroidManifest.xml improper export of android application components |
| CVE-2025-7941 | 2025-07-21 | PHPGurukul Time Table Generator System profile.php cross site scripting |
| CVE-2025-7942 | 2025-07-21 | PHPGurukul Taxi Stand Management System admin-profile.php cross site scripting |
| CVE-2025-7486 | 2025-07-21 | Ebook Store <= 5.8012 - Authenticated (Administrator+) Stored Cross-Site Scripting via Order Details |
| CVE-2025-7943 | 2025-07-21 | PHPGurukul Taxi Stand Management System search-autoortaxi.php cross site scripting |
| CVE-2025-7944 | 2025-07-21 | PHPGurukul Taxi Stand Management System search.php cross site scripting |
| CVE-2025-7945 | 2025-07-21 | D-Link DIR-513 formSetWanDhcpplus buffer overflow |
| CVE-2025-31511 | 2025-07-22 | An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the... |
| CVE-2025-31512 | 2025-07-22 | An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval via isAddedByApprover in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected... |
| CVE-2025-31513 | 2025-07-22 | An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can elevate to administrator privileges via the IsAdminApprover parameter in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the... |
| CVE-2025-48964 | 2025-07-22 | ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero... |
| CVE-2025-51458 | 2025-07-22 | SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted input passed to the /v1/editor/sql/run or /v1/editor/chart/run endpoints, interacting with... |
| CVE-2025-51459 | 2025-07-22 | File Upload vulnerability in agent.hub.controller.refresh_plugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary code via a malicious plugin ZIP file uploaded to the /v1/personal/agent/upload endpoint, interacting with plugin_hub._sanitize_filename... |
| CVE-2025-51462 | 2025-07-22 | Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and... |
| CVE-2025-51463 | 2025-07-22 | Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the run_instruction API, which... |
| CVE-2025-51464 | 2025-07-22 | Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and... |
| CVE-2025-51471 | 2025-07-22 | Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by... |
| CVE-2025-51472 | 2025-07-22 | Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction... |
| CVE-2025-51475 | 2025-07-22 | Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling... |
| CVE-2025-51479 | 2025-07-22 | Authorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended curator-group... |
| CVE-2025-51480 | 2025-07-22 | Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions. |
| CVE-2025-51481 | 2025-07-22 | Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebook_path field of... |
| CVE-2025-51482 | 2025-07-22 | Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox... |
| CVE-2025-51858 | 2025-07-22 | Self Cross-Site Scripting (XSS) vulnerability in ChatPlayground.ai through 2025-05-24, allows attackers to execute arbitrary code and gain sensitive information via a crafted SVG file contents sent through the chat component. |
| CVE-2025-51859 | 2025-07-22 | Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker can achieve arbitrary client-side script execution by crafting an AI agent whose system prompt... |
| CVE-2025-51860 | 2025-07-22 | Stored Cross-Site Scripting (XSS) in TelegAI (telegai.com) 2025-05-26 in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with... |