CVE List - 2025 / July
Showing 3201 - 3300 of 3776 CVEs for July 2025 (Page 33 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-54413 | 2025-07-26 | skops' MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time |
| CVE-2025-54414 | 2025-07-26 | Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons |
| CVE-2025-8176 | 2025-07-26 | LibTIFF tiffmedian.c get_histogram use after free |
| CVE-2025-54415 | 2025-07-26 | dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration |
| CVE-2025-54416 | 2025-07-26 | tj-actions/branch-names Contains Command Injection Vulnerability |
| CVE-2025-50185 | 2025-07-26 | DbGate allows Unauthorized File Access via CSV Plugin |
| CVE-2025-54366 | 2025-07-26 | FreeScout's deserialization of untrusted data leads to Remote Code Execution |
| CVE-2024-13507 | 2025-07-26 | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.97 - Unauthenticated SQL Injection |
| CVE-2025-8103 | 2025-07-26 | WPeMatico RSS Feed Fetcher <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function |
| CVE-2025-8177 | 2025-07-26 | LibTIFF thumbnail.c setrow buffer overflow |
| CVE-2025-6895 | 2025-07-26 | MelaPress Login Security 2.1.0 - 2.1.1 - Authentication Bypass to Privilege Escalation via get_valid_user_based_on_token Function |
| CVE-2025-8178 | 2025-07-26 | Tenda AC10 RequestsProcessLaid heap-based overflow |
| CVE-2025-8179 | 2025-07-26 | PHPGurukul Local Services Search Engine Management System changeimage.php sql injection |
| CVE-2025-8198 | 2025-07-26 | MinimogWP – The High Converting eCommerce WordPress Theme <= 3.9.0 - Unauthenticated Price Manipulation |
| CVE-2025-8180 | 2025-07-26 | Tenda CH22 deleteUserName formdeleteUserName buffer overflow |
| CVE-2025-7501 | 2025-07-26 | Wonder Slider Lite & Wonder Slider <= 14.4 - Authenticated (Contributor+) Dom-based Stored Cross-Site Scripting |
| CVE-2025-6987 | 2025-07-26 | Advanced iFrame <= 2025.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-8097 | 2025-07-26 | WoodMart - Multipurpose WooCommerce Theme <= 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation |
| CVE-2025-8181 | 2025-07-26 | TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation |
| CVE-2025-5529 | 2025-07-26 | Educenter <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-6989 | 2025-07-26 | Kallyas <= 4.21.0 - Authenticated (Contributor+) Arbitrary Folder Deletion |
| CVE-2025-6991 | 2025-07-26 | Kallyas <= 4.21.0 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2025-8182 | 2025-07-26 | Tenda AC18 Samba smb.conf weak password |
| CVE-2025-8184 | 2025-07-26 | D-Link DIR-513 HTTP POST Request formSetWanL2TPtriggers formSetWanL2TPcallback stack-based overflow |
| CVE-2025-8185 | 2025-07-26 | 1000 Projects ABC Courier Management System getbyid.php sql injection |
| CVE-2025-8186 | 2025-07-26 | Campcodes Courier Management System edit_branch.php sql injection |
| CVE-2025-8187 | 2025-07-26 | Campcodes Courier Management System edit_parcel.php sql injection |
| CVE-2025-8188 | 2025-07-26 | Campcodes Courier Management System edit_staff.php sql injection |
| CVE-2025-8189 | 2025-07-26 | Campcodes Courier Management System edit_user.php sql injection |
| CVE-2025-8190 | 2025-07-26 | Campcodes Courier Management System print_pdets.php sql injection |
| CVE-2025-8191 | 2025-07-26 | macrozheng mall Swagger UI index.html cross site scripting |
| CVE-2025-8203 | 2025-07-26 | Jingmen Zeyou Large File Upload Control index.jsp sql injection |
| CVE-2025-8204 | 2025-07-26 | Comodo Dragon HSTS security check |
| CVE-2025-8205 | 2025-07-26 | Comodo Dragon IP DNS Leakage Detector cleartext transmission |
| CVE-2025-8206 | 2025-07-26 | Comodo Dragon IP DNS Leakage Detector cross site scripting |
| CVE-2025-8207 | 2025-07-26 | Canara ai1 Mobile Banking App com.canarabank.mobility AndroidManifest.xml improper export of android application components |
| CVE-2025-8210 | 2025-07-26 | Yeelink Yeelight App com.yeelight.cherry AndroidManifest.xml improper export of android application components |
| CVE-2025-8211 | 2025-07-26 | Roothub SystemConfigAdminController.java edit cross site scripting |
| CVE-2023-53156 | 2025-07-27 | The transpose crate before 0.2.3 for Rust allows an integer overflow via input_width and input_height arguments. |
| CVE-2023-53157 | 2025-07-27 | The rosenpass crate before 0.2.1 for Rust allows remote attackers to cause a denial of service (panic) via a one-byte UDP packet. |
| CVE-2024-58261 | 2025-07-27 | The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported... |
| CVE-2024-58262 | 2025-07-27 | The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM. |
| CVE-2024-58263 | 2025-07-27 | The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows that cause incorrect contract calculations. |
| CVE-2024-58264 | 2025-07-27 | The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data. |
| CVE-2024-58265 | 2025-07-27 | The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery. |
| CVE-2024-58266 | 2025-07-27 | The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection. |
| CVE-2025-54597 | 2025-07-27 | LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter. |
| CVE-2025-6241 | 2025-07-27 | CVE-2025-6241 |
| CVE-2025-8219 | 2025-07-27 | Shanghai Lingdang Information Technology Lingdang CRM HTTP POST Request tabdetail_moduleSave_dxkp.php sql injection |
| CVE-2025-8220 | 2025-07-27 | Engeman Web Password Recovery RecoveryPass sql injection |
| CVE-2025-8221 | 2025-07-27 | jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsCustController.java goodsSearch cross site scripting |
| CVE-2025-8104 | 2025-07-27 | Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function |
| CVE-2025-8222 | 2025-07-27 | jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java cross site scripting |
| CVE-2025-8223 | 2025-07-27 | jerryshensjf JPACookieShop 蛋糕商城JPA版 AdminTypeCustController.java cross-site request forgery |
| CVE-2025-8224 | 2025-07-27 | GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference |
| CVE-2025-5120 | 2025-07-27 | Sandbox Escape Vulnerability in huggingface/smolagents |
| CVE-2025-8225 | 2025-07-27 | GNU Binutils DWARF Section dwarf.c process_debug_info memory leak |
| CVE-2025-8226 | 2025-07-27 | yanyutao0402 ChanCMS find information disclosure |
| CVE-2025-8227 | 2025-07-27 | yanyutao0402 ChanCMS getArticle deserialization |
| CVE-2025-8228 | 2025-07-27 | yanyutao0402 ChanCMS getPages server-side request forgery |
| CVE-2025-8229 | 2025-07-27 | Campcodes Courier Management System parcel_list.php sql injection |
| CVE-2025-8230 | 2025-07-27 | Campcodes Courier Management System manage_user.php sql injection |
| CVE-2025-8231 | 2025-07-27 | D-Link DIR-890L UART Port rgbin hard-coded credentials |
| CVE-2025-8232 | 2025-07-27 | code-projects Online Ordering System delete_user.php sql injection |
| CVE-2025-8233 | 2025-07-27 | code-projects Online Ordering System user.php sql injection |
| CVE-2025-8234 | 2025-07-27 | code-projects Online Ordering System delete_member.php sql injection |
| CVE-2025-8235 | 2025-07-27 | code-projects Online Ordering System product.php sql injection |
| CVE-2025-8236 | 2025-07-27 | code-projects Online Ordering System edit_product.php sql injection |
| CVE-2025-8237 | 2025-07-27 | code-projects Exam Form Submission update_s1.php sql injection |
| CVE-2025-8238 | 2025-07-27 | code-projects Exam Form Submission update_s2.php sql injection |
| CVE-2025-8239 | 2025-07-27 | code-projects Exam Form Submission admin sql injection |
| CVE-2025-8240 | 2025-07-27 | code-projects Exam Form Submission dashboard.php sql injection |
| CVE-2025-8241 | 2025-07-27 | 1000 Projects ABC Courier Management System report.php sql injection |
| CVE-2025-8242 | 2025-07-27 | TOTOLINK X15 HTTP POST Request formFilter buffer overflow |
| CVE-2025-8243 | 2025-07-27 | TOTOLINK X15 HTTP POST Request formMapDel buffer overflow |
| CVE-2025-8244 | 2025-07-27 | TOTOLINK X15 HTTP POST Request formMapDelDevice buffer overflow |
| CVE-2025-8245 | 2025-07-27 | TOTOLINK X15 HTTP POST Request formMultiAPVLAN buffer overflow |
| CVE-2025-8246 | 2025-07-27 | TOTOLINK X15 HTTP POST Request formRoute buffer overflow |
| CVE-2025-8247 | 2025-07-27 | Projectworlds Online Admission System admin.php sql injection |
| CVE-2022-50237 | 2025-07-28 | The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key. |
| CVE-2023-53158 | 2025-07-28 | The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability (involving a username field) that... |
| CVE-2023-53159 | 2025-07-28 | The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host. |
| CVE-2023-53160 | 2025-07-28 | The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic. |
| CVE-2023-53161 | 2025-07-28 | The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic. |
| CVE-2025-29534 | 2025-07-28 | An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentials to execute arbitrary commands with root privileges. The issue stems from... |
| CVE-2025-30124 | 2025-07-28 | An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card... |
| CVE-2025-30125 | 2025-07-28 | An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an insecure-by-default condition. For users who... |
| CVE-2025-30126 | 2025-07-28 | An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need to pair or press a physical button, a remote attacker can disable recording,... |
| CVE-2025-30133 | 2025-07-28 | An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device Pairing/Registration can occur. It requires device registration via the "IROAD X View" app for authentication, but its HTTP... |
| CVE-2025-50484 | 2025-07-28 | Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack. |
| CVE-2025-50485 | 2025-07-28 | Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack. |
| CVE-2025-50486 | 2025-07-28 | Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack. |
| CVE-2025-50487 | 2025-07-28 | Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack. |
| CVE-2025-50488 | 2025-07-28 | Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack. |
| CVE-2025-50489 | 2025-07-28 | Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack. |
| CVE-2025-50490 | 2025-07-28 | Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack. |
| CVE-2025-50491 | 2025-07-28 | Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack. |
| CVE-2025-50492 | 2025-07-28 | Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack. |
| CVE-2025-50493 | 2025-07-28 | Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack. |
| CVE-2025-50494 | 2025-07-28 | Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack. |