CVE List - 2025 / July
Showing 3001 - 3100 of 3776 CVEs for July 2025 (Page 31 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-0251 | 2025-07-25 | HCL IEM is affected by a concurrent login vulnerability |
| CVE-2025-0252 | 2025-07-25 | HCL IEM is affected by a password in cleartext vulnerability |
| CVE-2025-0253 | 2025-07-25 | HCL IEM is affected by a cookie attribute not set vulnerability |
| CVE-2025-8125 | 2025-07-25 | deerwms deer-wms-2 allocatedList sql injection |
| CVE-2025-8126 | 2025-07-25 | deerwms deer-wms-2 export sql injection |
| CVE-2015-10144 | 2025-07-25 | Responsive Thumbnail Slider < 1.0.1 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2015-10143 | 2025-07-25 | Platform < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update |
| CVE-2019-25224 | 2025-07-25 | WP Database Backup < 5.2 - Unauthenticated OS Command Injection |
| CVE-2025-8127 | 2025-07-25 | deerwms deer-wms-2 list sql injection |
| CVE-2025-8128 | 2025-07-25 | zhousg letao product.js unrestricted upload |
| CVE-2025-8129 | 2025-07-25 | KoaJS Koa HTTP Header response.js back redirect |
| CVE-2025-8131 | 2025-07-25 | Tenda AC20 SetStaticRouteCfg stack-based overflow |
| CVE-2025-8132 | 2025-07-25 | yanyutao0402 ChanCMS utils.js delfile path traversal |
| CVE-2025-8133 | 2025-07-25 | yanyutao0402 ChanCMS gather.js getArticle server-side request forgery |
| CVE-2025-7022 | 2025-07-25 | My Reservation System <= 2.3 - Reflected XSS |
| CVE-2025-8134 | 2025-07-25 | PHPGurukul BP Monitoring Management System bwdates-report-result.php sql injection |
| CVE-2025-8135 | 2025-07-25 | itsourcecode Insurance Management System updateAgent.php sql injection |
| CVE-2025-5831 | 2025-07-25 | Droip <= 2.2.0 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-5835 | 2025-07-25 | Droip <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Many Actions |
| CVE-2025-8136 | 2025-07-25 | TOTOLINK A702R HTTP POST Request formFilter buffer overflow |
| CVE-2025-8137 | 2025-07-25 | TOTOLINK A702R HTTP POST Request formIpQoS buffer overflow |
| CVE-2025-8138 | 2025-07-25 | TOTOLINK A702R HTTP POST Request formOneKeyAccessButton buffer overflow |
| CVE-2023-7306 | 2025-07-25 | Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2025-8139 | 2025-07-25 | TOTOLINK A702R HTTP POST Request formPortFw buffer overflow |
| CVE-2025-8140 | 2025-07-25 | TOTOLINK A702R HTTP POST Request formWlanMultipleAP buffer overflow |
| CVE-2025-8183 | 2025-07-25 | NULL Pointer Dereference in µD3TN |
| CVE-2025-5253 | 2025-07-25 | DoS in Kron Technologies' Kron PAM |
| CVE-2025-5254 | 2025-07-25 | Stored XSS in Kron Technologies' Kron PAM |
| CVE-2025-8155 | 2025-07-25 | D-Link DCS-6010L Management Application vb.htm cross site scripting |
| CVE-2025-8156 | 2025-07-25 | PHPGurukul User Registration & Login and User Management lastsevendays-reg-users.php sql injection |
| CVE-2025-38353 | 2025-07-25 | drm/xe: Fix taking invalid lock on wedge |
| CVE-2025-38354 | 2025-07-25 | drm/msm/gpu: Fix crash when throttling GPU immediately during boot |
| CVE-2025-38355 | 2025-07-25 | drm/xe: Process deferred GGTT node removals on device unwind |
| CVE-2025-38356 | 2025-07-25 | drm/xe/guc: Explicitly exit CT safe mode on unwind |
| CVE-2025-38357 | 2025-07-25 | fuse: fix runtime warning on truncate_folio_batch_exceptionals() |
| CVE-2025-38358 | 2025-07-25 | btrfs: fix race between async reclaim worker and close_ctree() |
| CVE-2025-38359 | 2025-07-25 | s390/mm: Fix in_atomic() handling in do_secure_storage_access() |
| CVE-2025-38360 | 2025-07-25 | drm/amd/display: Add more checks for DSC / HUBP ONO guarantees |
| CVE-2025-38361 | 2025-07-25 | drm/amd/display: Check dce_hwseq before dereferencing it |
| CVE-2025-38362 | 2025-07-25 | drm/amd/display: Add null pointer check for get_first_active_display() |
| CVE-2025-38363 | 2025-07-25 | drm/tegra: Fix a possible null pointer dereference |
| CVE-2025-38364 | 2025-07-25 | maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() |
| CVE-2025-38365 | 2025-07-25 | btrfs: fix a race between renames and directory logging |
| CVE-2025-38366 | 2025-07-25 | LoongArch: KVM: Check validity of "num_cpu" from user space |
| CVE-2025-38367 | 2025-07-25 | LoongArch: KVM: Avoid overflow with array index |
| CVE-2025-38368 | 2025-07-25 | misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe() |
| CVE-2025-38369 | 2025-07-25 | dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using |
| CVE-2025-38370 | 2025-07-25 | btrfs: fix failure to rebuild free space tree using multiple transactions |
| CVE-2025-38371 | 2025-07-25 | drm/v3d: Disable interrupts before resetting the GPU |
| CVE-2025-38372 | 2025-07-25 | RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling |
| CVE-2025-38373 | 2025-07-25 | IB/mlx5: Fix potential deadlock in MR deregistration |
| CVE-2025-38374 | 2025-07-25 | optee: ffa: fix sleep in atomic context |
| CVE-2025-38375 | 2025-07-25 | virtio-net: ensure the received length does not exceed allocated size |
| CVE-2025-38376 | 2025-07-25 | usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume |
| CVE-2025-38377 | 2025-07-25 | rose: fix dangling neighbour pointers in rose_rt_device_down() |
| CVE-2025-38378 | 2025-07-25 | HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe |
| CVE-2025-38379 | 2025-07-25 | smb: client: fix warning when reconnecting channel |
| CVE-2025-38381 | 2025-07-25 | Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() |
| CVE-2025-38382 | 2025-07-25 | btrfs: fix iteration of extrefs during log replay |
| CVE-2025-38383 | 2025-07-25 | mm/vmalloc: fix data race in show_numa_info() |
| CVE-2025-38384 | 2025-07-25 | mtd: spinand: fix memory leak of ECC engine conf |
| CVE-2025-38385 | 2025-07-25 | net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect |
| CVE-2025-38386 | 2025-07-25 | ACPICA: Refuse to evaluate a method if arguments are missing |
| CVE-2025-38387 | 2025-07-25 | RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert |
| CVE-2025-38388 | 2025-07-25 | firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context |
| CVE-2025-38389 | 2025-07-25 | drm/i915/gt: Fix timeline left held on VMA alloc error |
| CVE-2025-38390 | 2025-07-25 | firmware: arm_ffa: Fix memory leak by freeing notifier callback node |
| CVE-2025-38391 | 2025-07-25 | usb: typec: altmodes/displayport: do not index invalid pin_assignments |
| CVE-2025-38392 | 2025-07-25 | idpf: convert control queue mutex to a spinlock |
| CVE-2025-38393 | 2025-07-25 | NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN |
| CVE-2025-38394 | 2025-07-25 | HID: appletb-kbd: fix memory corruption of input_handler_list |
| CVE-2025-38395 | 2025-07-25 | regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods |
| CVE-2025-38396 | 2025-07-25 | fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass |
| CVE-2025-38397 | 2025-07-25 | nvme-multipath: fix suspicious RCU usage warning |
| CVE-2025-38398 | 2025-07-25 | spi: spi-qpic-snand: reallocate BAM transactions |
| CVE-2025-38399 | 2025-07-25 | scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() |
| CVE-2025-38400 | 2025-07-25 | nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. |
| CVE-2025-38401 | 2025-07-25 | mtk-sd: Prevent memory corruption from DMA map failure |
| CVE-2025-38402 | 2025-07-25 | idpf: return 0 size for RSS key if not supported |
| CVE-2025-8157 | 2025-07-25 | PHPGurukul User Registration & Login and User Management lastthirtyays-reg-users.php sql injection |
| CVE-2025-38403 | 2025-07-25 | vsock/vmci: Clear the vmci transport packet properly when initializing it |
| CVE-2025-38404 | 2025-07-25 | usb: typec: displayport: Fix potential deadlock |
| CVE-2025-38405 | 2025-07-25 | nvmet: fix memory leak of bio integrity |
| CVE-2025-38406 | 2025-07-25 | wifi: ath6kl: remove WARN on bad firmware input |
| CVE-2025-38407 | 2025-07-25 | riscv: cpu_ops_sbi: Use static array for boot_data |
| CVE-2025-38408 | 2025-07-25 | genirq/irq_sim: Initialize work context pointers properly |
| CVE-2025-38409 | 2025-07-25 | drm/msm: Fix another leak in the submit error path |
| CVE-2025-38410 | 2025-07-25 | drm/msm: Fix a fence leak in submit error path |
| CVE-2025-38411 | 2025-07-25 | netfs: Fix double put of request |
| CVE-2025-38412 | 2025-07-25 | platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks |
| CVE-2025-38413 | 2025-07-25 | virtio-net: xsk: rx: fix the frame's length check |
| CVE-2025-8158 | 2025-07-25 | PHPGurukul Login and User Management System yesterday-reg-users.php sql injection |
| CVE-2025-38414 | 2025-07-25 | wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 |
| CVE-2025-38415 | 2025-07-25 | Squashfs: check return result of sb_min_blocksize |
| CVE-2025-38416 | 2025-07-25 | NFC: nci: uart: Set tty->disc_data only in success path |
| CVE-2025-38417 | 2025-07-25 | ice: fix eswitch code memory leak in reset scenario |
| CVE-2025-38418 | 2025-07-25 | remoteproc: core: Release rproc->clean_table after rproc_attach() fails |
| CVE-2025-38419 | 2025-07-25 | remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() |
| CVE-2025-38420 | 2025-07-25 | wifi: carl9170: do not ping device which has failed to load firmware |
| CVE-2025-38421 | 2025-07-25 | platform/x86/amd: pmf: Use device managed allocations |