CVE List - 2025 / July
Showing 3101 - 3200 of 3776 CVEs for July 2025 (Page 32 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-38422 | 2025-07-25 | net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices |
| CVE-2025-38423 | 2025-07-25 | ASoC: codecs: wcd9375: Fix double free of regulator supplies |
| CVE-2025-38424 | 2025-07-25 | perf: Fix sample vs do_exit() |
| CVE-2025-38425 | 2025-07-25 | i2c: tegra: check msg length in SMBUS block read |
| CVE-2025-38426 | 2025-07-25 | drm/amdgpu: Add basic validation for RAS header |
| CVE-2025-38427 | 2025-07-25 | video: screen_info: Relocate framebuffers behind PCI bridges |
| CVE-2025-38428 | 2025-07-25 | Input: ims-pcu - check record size in ims_pcu_flash_firmware() |
| CVE-2025-38429 | 2025-07-25 | bus: mhi: ep: Update read pointer only after buffer is written |
| CVE-2025-38430 | 2025-07-25 | nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request |
| CVE-2025-38431 | 2025-07-25 | smb: client: fix regression with native SMB symlinks |
| CVE-2025-38432 | 2025-07-25 | net: netpoll: Initialize UDP checksum field before checksumming |
| CVE-2025-8159 | 2025-07-25 | D-Link DIR-513 HTTP POST Request formLanguageChange stack-based overflow |
| CVE-2025-38433 | 2025-07-25 | riscv: fix runtime constant support for nommu kernels |
| CVE-2025-38434 | 2025-07-25 | Revert "riscv: Define TASK_SIZE_MAX for __access_ok()" |
| CVE-2025-38435 | 2025-07-25 | riscv: vector: Fix context save/restore with xtheadvector |
| CVE-2025-38436 | 2025-07-25 | drm/scheduler: signal scheduled fence when kill job |
| CVE-2025-8160 | 2025-07-25 | Tenda AC20 httpd SetSysTimeCfg buffer overflow |
| CVE-2025-38437 | 2025-07-25 | ksmbd: fix potential use-after-free in oplock/lease break ack |
| CVE-2025-38438 | 2025-07-25 | ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. |
| CVE-2025-38439 | 2025-07-25 | bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT |
| CVE-2025-38440 | 2025-07-25 | net/mlx5e: Fix race between DIM disable and net_dim() |
| CVE-2025-38441 | 2025-07-25 | netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() |
| CVE-2025-38442 | 2025-07-25 | block: reject bs > ps block devices when THP is disabled |
| CVE-2025-38443 | 2025-07-25 | nbd: fix uaf in nbd_genl_connect() error path |
| CVE-2025-38444 | 2025-07-25 | raid10: cleanup memleak at raid10_make_request |
| CVE-2025-38445 | 2025-07-25 | md/raid1: Fix stack memory use after return in raid1_reshape |
| CVE-2025-38446 | 2025-07-25 | clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data |
| CVE-2025-38447 | 2025-07-25 | mm/rmap: fix potential out-of-bounds page table access during batched unmap |
| CVE-2025-38448 | 2025-07-25 | usb: gadget: u_serial: Fix race condition in TTY wakeup |
| CVE-2025-38449 | 2025-07-25 | drm/gem: Acquire references on GEM handles for framebuffers |
| CVE-2025-38450 | 2025-07-25 | wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() |
| CVE-2025-38451 | 2025-07-25 | md/md-bitmap: fix GPF in bitmap_get_stats() |
| CVE-2025-38452 | 2025-07-25 | net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe() |
| CVE-2025-38453 | 2025-07-25 | io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU |
| CVE-2025-38454 | 2025-07-25 | ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp() |
| CVE-2025-38455 | 2025-07-25 | KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight |
| CVE-2025-38456 | 2025-07-25 | ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() |
| CVE-2025-38457 | 2025-07-25 | net/sched: Abort __tc_modify_qdisc if parent class does not exist |
| CVE-2025-38458 | 2025-07-25 | atm: clip: Fix NULL pointer dereference in vcc_sendmsg() |
| CVE-2025-38459 | 2025-07-25 | atm: clip: Fix infinite recursive call of clip_push(). |
| CVE-2025-38460 | 2025-07-25 | atm: clip: Fix potential null-ptr-deref in to_atmarpd(). |
| CVE-2025-38461 | 2025-07-25 | vsock: Fix transport_* TOCTOU |
| CVE-2025-38462 | 2025-07-25 | vsock: Fix transport_{g2h,h2g} TOCTOU |
| CVE-2025-38463 | 2025-07-25 | tcp: Correct signedness in skb remaining space calculation |
| CVE-2025-38464 | 2025-07-25 | tipc: Fix use-after-free in tipc_conn_close(). |
| CVE-2025-38465 | 2025-07-25 | netlink: Fix wraparounds of sk->sk_rmem_alloc. |
| CVE-2025-38466 | 2025-07-25 | perf: Revert to requiring CAP_SYS_ADMIN for uprobes |
| CVE-2025-38467 | 2025-07-25 | drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling |
| CVE-2025-3873 | 2025-07-25 | Buffer overflow in Si91x crypto APIs |
| CVE-2025-34136 | 2025-07-25 | Commvault CommServe Web Server Unauthenticated SQL Injection |
| CVE-2025-2329 | 2025-07-25 | High traffic causes corrupt SPI packets in OpenThread leading to denial of service |
| CVE-2024-13975 | 2025-07-25 | Commvault 11.20.0 - 11.36.0 Windows Access Nodes Compromise via Local File Server Agent Abuse |
| CVE-2024-13976 | 2025-07-25 | Commvault 11.20.0 - 11.36.0 Windows Maintenance Installer DLL Injection |
| CVE-2014-125117 | 2025-07-25 | D-Link info.cgi POST Request Stack-Based Buffer Overflow RCE |
| CVE-2014-125118 | 2025-07-25 | eScan 5.5-2 Web Management Console Command Injection |
| CVE-2013-10032 | 2025-07-25 | GetSimple CMS 3.2.1 Authenticated RCE via Arbitrary PHP File Upload |
| CVE-2014-125116 | 2025-07-25 | HybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration Injection |
| CVE-2014-125114 | 2025-07-25 | i-Ftp 2.20 Schedule.xml Stack-Based Buffer Overflow |
| CVE-2025-34114 | 2025-07-25 | OpenBlow Missing Critical Security Headers |
| CVE-2014-125115 | 2025-07-25 | Pandora FMS ≤ 5.0 SP2 Default Credential SQL Injection RCE |
| CVE-2016-15046 | 2025-07-25 | Hanwha Techwin SSM 1.32 & 1.4 ActiveMQ File Upload RCE |
| CVE-2020-36850 | 2025-07-25 | Sitecore JSS React Sample Application 11.0.0 - 14.0.1 Information Disclosure |
| CVE-2025-34139 | 2025-07-25 | Sitecore XM/XP/XC and Managed Cloud 8.0 - 10.4 Arbitrary File Read |
| CVE-2025-34138 | 2025-07-25 | Sitecore XM/XP/XC and Managed Cloud 9.2 - 10.4 RCE |
| CVE-2015-10142 | 2025-07-25 | Sitecore XP < 8.0 and CMS < 7.2 and < 7.5 File Read via Known Path |
| CVE-2022-4979 | 2025-07-25 | Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS |
| CVE-2025-3508 | 2025-07-25 | Certain HP DesignJet products – Information disclosure |
| CVE-2014-125119 | 2025-07-25 | WinRAR < 5.00 Filename Spoofing RCE |
| CVE-2025-8161 | 2025-07-25 | deerwms deer-wms-2 export sql injection |
| CVE-2025-36727 | 2025-07-25 | SimpleHelp Inclusion of functionality from untrusted control sphere |
| CVE-2025-36728 | 2025-07-25 | SimpleHelp Cross Site Request Forgery |
| CVE-2025-8162 | 2025-07-25 | deerwms deer-wms-2 list sql injection |
| CVE-2025-5449 | 2025-07-25 | Libssh: integer overflow in libssh sftp server packet length validation leading to denial of service |
| CVE-2025-8163 | 2025-07-25 | deerwms deer-wms-2 list sql injection |
| CVE-2025-8164 | 2025-07-25 | code-projects Public Chat Room send_message.php sql injection |
| CVE-2025-8165 | 2025-07-25 | code-projects Food Review System approve_reservation.php sql injection |
| CVE-2025-52446 | 2025-07-25 | Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulation (data access to the production database cluster).This issue affects Tableau Server:... |
| CVE-2025-52447 | 2025-07-25 | Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc command modules) allows Interface Manipulation (data access to the production database cluster). This issue affects... |
| CVE-2025-52448 | 2025-07-25 | Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (validate-initial-sql api modules) allows Interface Manipulation (data access to the production database cluster). This issue affects Tableau... |
| CVE-2025-52449 | 2025-07-25 | Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects... |
| CVE-2025-52452 | 2025-07-25 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - duplicate-data-source modules) allows Absolute Path Traversal. This issue... |
| CVE-2025-8166 | 2025-07-25 | code-projects Church Donation System HTTP POST Request index.php sql injection |
| CVE-2025-52453 | 2025-07-25 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before... |
| CVE-2025-52454 | 2025-07-25 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before... |
| CVE-2025-52455 | 2025-07-25 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS Server modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. |
| CVE-2025-8167 | 2025-07-25 | code-projects Church Donation System edit_members.php cross site scripting |
| CVE-2025-8168 | 2025-07-25 | D-Link DIR-513 formSetWanPPPoE websAspInit buffer overflow |
| CVE-2025-8169 | 2025-07-25 | D-Link DIR-513 HTTP POST Request formSetWanPPTPpath formSetWanPPTPcallback buffer overflow |
| CVE-2025-8170 | 2025-07-25 | TOTOLINK T6 MQTT Packet meshSlaveDlfw tcpcheck_net buffer overflow |
| CVE-2025-8171 | 2025-07-25 | code-projects Document Management System insert.php unrestricted upload |
| CVE-2025-8101 | 2025-07-25 | Linkify 4.3.1 - Prototype Pollution & HTML Attribute Injection (XSS) |
| CVE-2025-8172 | 2025-07-25 | itsourcecode Employee Management System index.php sql injection |
| CVE-2025-8173 | 2025-07-25 | 1000 Projects ABC Courier Management System Add_reciver.php sql injection |
| CVE-2025-8174 | 2025-07-26 | code-projects Voting System candidates_add.php unrestricted upload |
| CVE-2025-8175 | 2025-07-26 | D-Link DI-8400 jhttpd usb_paswd.asp null pointer dereference |
| CVE-2025-50184 | 2025-07-26 | DbGate allows for File Traversal via file parameter |
| CVE-2025-54378 | 2025-07-26 | HAX CMS Backend Lacks Comprehensive Authorization Checks |
| CVE-2025-54380 | 2025-07-26 | Opencast still publishes global system account credentials |
| CVE-2025-54385 | 2025-07-26 | XWiki Platform's searchDocuments API allows for SQL injection |
| CVE-2025-54412 | 2025-07-26 | skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution |