CVE List - 2025 / July

Showing 401 - 500 of 3776 CVEs for July 2025 (Page 5 of 38)

Back to List Previous Next

CVE ID	Date	Title
CVE-2025-52798	2025-07-04	WordPress JobSearch <= 2.9.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-52796	2025-07-04	WordPress WP-Recall <= 16.26.14 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-52776	2025-07-04	WordPress Video List Manager <= 1.7 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-52718	2025-07-04	WordPress Alone <= 7.8.2 - Arbitrary Code Execution Vulnerability
CVE-2025-50039	2025-07-04	WordPress VG WORT METIS <= 2.0.0 - Broken Access Control Vulnerability
CVE-2025-50032	2025-07-04	WordPress Paytiko for WooCommerce <= 1.3.14 - Broken Access Control Vulnerability
CVE-2025-49870	2025-07-04	WordPress Paid Member Subscriptions <= 2.15.1 - SQL Injection Vulnerability
CVE-2025-49867	2025-07-04	WordPress RealHomes <= 4.4.0 - Privilege Escalation Vulnerability
CVE-2025-49866	2025-07-04	WordPress Beautiful Cookie Consent Banner <= 4.6.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-49303	2025-07-04	WordPress Frontend Admin by DynamiApps <= 3.28.7 - Arbitrary File Download Vulnerability
CVE-2025-49302	2025-07-04	WordPress Easy Stripe <= 1.1 - Remote Code Execution (RCE) Vulnerability
CVE-2025-49274	2025-07-04	WordPress Neom Blog theme <= 0.0.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-49247	2025-07-04	WordPress Team Showcase plugin < 25.05.13 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-49245	2025-07-04	WordPress Testimonials Showcase plugin <= 1.9.16 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-48231	2025-07-04	WordPress Booking Calendar Contact Form <= 1.2.58 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47634	2025-07-04	WordPress WC Pickup Store <= 1.8.9 - Settings Change Vulnerability
CVE-2025-47627	2025-07-04	WordPress PrivateContent - Mail Actions plugin <= 2.3.2 - Local File Inclusion vulnerability
CVE-2025-47565	2025-07-04	WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability
CVE-2025-47479	2025-07-04	WordPress WP Compress <= 6.30.30 - Broken Authentication Vulnerability
CVE-2025-39487	2025-07-04	WordPress Rankie plugin <= 1.8.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32311	2025-07-04	WordPress Pressroom - News Magazine WordPress Theme theme <= 6.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32297	2025-07-04	WordPress Simple Link Directory Pro plugin <= 14.7.3 - SQL Injection Vulnerability
CVE-2025-31037	2025-07-04	WordPress Homey theme <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30933	2025-07-04	WordPress LogisticsHub <= 1.1.6 - Arbitrary File Upload Vulnerability
CVE-2025-28983	2025-07-04	WordPress Click & Pledge Connect plugin <= 25.04010101-WP6.8 - Privilege Escalation via SQL Injection vulnerability
CVE-2025-28980	2025-07-04	WordPress Aviation Weather from NOAA <= 0.7.2 - Arbitrary File Deletion Vulnerability
CVE-2025-28978	2025-07-04	WordPress SB Breadcrumbs plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-28976	2025-07-04	WordPress Email Address Security by WebEmailProtector <= 3.3.6 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-28968	2025-07-04	WordPress WP Wall plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24780	2025-07-04	WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.4.0 - SQL Injection Vulnerability
CVE-2025-24771	2025-07-04	WordPress Content Manager Light plugin <= 3.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23970	2025-07-04	WordPress Service Finder Booking <= 6.0 - Privilege Escalation Vulnerability
CVE-2025-6740	2025-07-04	Contact Form 7 Database Addon <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Parameter
CVE-2025-6056	2025-07-04	Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.
CVE-2025-7066	2025-07-04	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau
CVE-2025-7061	2025-07-04	Intelbras InControl operador csv injection
CVE-2025-38177	2025-07-04	sch_hfsc: make hfsc_qlen_notify() idempotent
CVE-2025-46733	2025-07-04	REE userspace code can panic TAs, leading to fTPM PCR reset and data disclosure
CVE-2025-38179	2025-07-04	smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma()
CVE-2025-38180	2025-07-04	net: atm: fix /proc/net/atm/lec handling
CVE-2025-38181	2025-07-04	calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
CVE-2025-38182	2025-07-04	ublk: santizize the arguments from userspace when adding a device
CVE-2025-38183	2025-07-04	net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()
CVE-2025-38184	2025-07-04	tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
CVE-2025-38185	2025-07-04	atm: atmtcp: Free invalid length skb in atmtcp_c_send().
CVE-2025-38186	2025-07-04	bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()
CVE-2025-38187	2025-07-04	drm/nouveau: fix a use-after-free in r535_gsp_rpc_push()
CVE-2025-38188	2025-07-04	drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE
CVE-2025-38189	2025-07-04	drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`
CVE-2025-38190	2025-07-04	atm: Revert atm_account_tx() if copy_from_iter_full() fails.
CVE-2025-38191	2025-07-04	ksmbd: fix null pointer dereference in destroy_previous_session
CVE-2025-38192	2025-07-04	net: clear the dst when changing skb protocol
CVE-2025-38193	2025-07-04	net_sched: sch_sfq: reject invalid perturb period
CVE-2025-38194	2025-07-04	jffs2: check that raw node were preallocated before writing summary
CVE-2025-38195	2025-07-04	LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset()
CVE-2025-38196	2025-07-04	io_uring/rsrc: validate buffer count with offset for cloning
CVE-2025-38197	2025-07-04	platform/x86: dell_rbu: Fix list usage
CVE-2025-38198	2025-07-04	fbcon: Make sure modelist not set on unregistered console
CVE-2025-38199	2025-07-04	wifi: ath12k: Fix memory leak due to multiple rx_stats allocation
CVE-2025-38200	2025-07-04	i40e: fix MMIO write access to an invalid page in i40e_clear_hw
CVE-2025-38201	2025-07-04	netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
CVE-2025-38202	2025-07-04	bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
CVE-2025-38203	2025-07-04	jfs: Fix null-ptr-deref in jfs_ioc_trim
CVE-2025-38204	2025-07-04	jfs: fix array-index-out-of-bounds read in add_missing_indices
CVE-2025-38205	2025-07-04	drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1
CVE-2025-38206	2025-07-04	exfat: fix double free in delayed_free
CVE-2025-38207	2025-07-04	mm: fix uprobe pte be overwritten when expanding vma
CVE-2025-38208	2025-07-04	smb: client: add NULL check in automount_fullpath
CVE-2025-38209	2025-07-04	nvme-tcp: remove tag set when second admin queue config fails
CVE-2025-38210	2025-07-04	configfs-tsm-report: Fix NULL dereference of tsm_ops
CVE-2025-38211	2025-07-04	RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
CVE-2025-38212	2025-07-04	ipc: fix to protect IPCS lookups using RCU
CVE-2025-38214	2025-07-04	fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
CVE-2025-38215	2025-07-04	fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var
CVE-2025-38216	2025-07-04	iommu/vt-d: Restore context entry setup order for aliased devices
CVE-2025-38217	2025-07-04	hwmon: (ftsteutates) Fix TOCTOU race in fts_read()
CVE-2025-38218	2025-07-04	f2fs: fix to do sanity check on sit_bitmap_size
CVE-2025-38219	2025-07-04	f2fs: prevent kernel warning due to negative i_nlink from corrupted image
CVE-2025-38220	2025-07-04	ext4: only dirty folios when data journaling regular files
CVE-2025-38221	2025-07-04	ext4: fix out of bounds punch offset
CVE-2025-38222	2025-07-04	ext4: inline: fix len overflow in ext4_prepare_inline_data
CVE-2025-38223	2025-07-04	ceph: avoid kernel BUG for encrypted inode with unaligned file size
CVE-2025-38224	2025-07-04	can: kvaser_pciefd: refine error prone echo_skb_max handling logic
CVE-2025-38225	2025-07-04	media: imx-jpeg: Cleanup after an allocation error
CVE-2025-38226	2025-07-04	media: vivid: Change the siize of the composing
CVE-2025-38227	2025-07-04	media: vidtv: Terminating the subsequent process of initialization failure
CVE-2025-38228	2025-07-04	media: imagination: fix a potential memory leak in e5010_probe()
CVE-2025-38229	2025-07-04	media: cxusb: no longer judge rbuf when the write fails
CVE-2025-38230	2025-07-04	jfs: validate AG parameters in dbMount() to prevent crashes
CVE-2025-38231	2025-07-04	nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
CVE-2025-38232	2025-07-04	NFSD: fix race between nfsd registration and exports_proc
CVE-2025-38233	2025-07-04	powerpc64/ftrace: fix clobbered r15 during livepatching
CVE-2025-38234	2025-07-04	sched/rt: Fix race in push_rt_task
CVE-2025-53481	2025-07-04	Denial of service vector on ipinfo/v0/norevision
CVE-2025-53482	2025-07-04	IPInfo: Message key XSS through several IPInfo messages in infobox and popup
CVE-2025-53483	2025-07-04	SecurePoll: Multiple admin actions vulnerable to Cross-Site Request Forgery
CVE-2025-53484	2025-07-04	SecurePoll: Multiple locations vulnerable to Cross-Site Scripting (XSS) via unescaped input
CVE-2025-53485	2025-07-04	SecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changes
CVE-2025-7067	2025-07-04	HDF5 H5FScache.c H5FS__sinfo_serialize_node_cb heap-based overflow
CVE-2025-7068	2025-07-04	HDF5 H5FL.c H5FL__malloc memory leak