CVE List - 2025 / July

Showing 601 - 700 of 3776 CVEs for July 2025 (Page 7 of 38)

Back to List Previous Next

CVE ID	Date	Title
CVE-2025-3920	2025-07-07	Hard-coded Password in SUR-FBD CMMS
CVE-2025-7120	2025-07-07	Campcodes Complaint Management System check_availability.php sql injection
CVE-2025-7121	2025-07-07	Campcodes Complaint Management System complaint-details.php sql injection
CVE-2025-3626	2025-07-07	OS Command Injection via Config Upload in WebUI
CVE-2025-3705	2025-07-07	OS Command Injection via USB Config Load
CVE-2025-7122	2025-07-07	Campcodes Complaint Management System index.php sql injection
CVE-2025-4779	2025-07-07	Stored Cross-site Scripting (XSS) in lunary-ai/lunary
CVE-2024-43334	2025-07-07	WordPress Halpes theme <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-3225	2025-07-07	XML Entity Expansion vulnerability in run-llama/llama_index
CVE-2025-3044	2025-07-07	MD5 Hash Collision in run-llama/llama_index
CVE-2025-3262	2025-07-07	Regular Expression Denial of Service (ReDoS) in huggingface/transformers
CVE-2025-3046	2025-07-07	Path Traversal via Symbolic Links in run-llama/llama_index
CVE-2025-3263	2025-07-07	Regular Expression Denial of Service (ReDoS) in huggingface/transformers
CVE-2025-3264	2025-07-07	Regular Expression Denial of Service (ReDoS) in huggingface/transformers
CVE-2025-6386	2025-07-07	Timing Attack Vulnerability in parisneo/lollms
CVE-2025-3466	2025-07-07	Unsanitized Input in langgenius/dify
CVE-2025-3777	2025-07-07	Improper Input Validation in huggingface/transformers
CVE-2025-6210	2025-07-07	Hardlink-Based Path Traversal in run-llama/llama_index
CVE-2025-5472	2025-07-07	Denial of Service via Uncontrolled Recursive JSON Parsing in JSONReader in run-llama/llama_index
CVE-2025-3467	2025-07-07	XSS Vulnerability in langgenius/dify
CVE-2025-7123	2025-07-07	Campcodes Complaint Management System complaint-details.php sql injection
CVE-2025-7124	2025-07-07	code-projects Online Note Sharing Profile Image userprofile.php unrestricted upload
CVE-2025-7125	2025-07-07	itsourcecode Employee Management System editempeducation.php sql injection
CVE-2025-7126	2025-07-07	itsourcecode Employee Management System adminprofile.php sql injection
CVE-2025-7127	2025-07-07	itsourcecode Employee Management System changepassword.php sql injection
CVE-2025-6209	2025-07-07	Arbitrary File Read through Path Traversal in run-llama/llama_index
CVE-2025-7128	2025-07-07	Campcodes Payroll Management System ajax.php sql injection
CVE-2025-7129	2025-07-07	Campcodes Payroll Management System ajax.php sql injection
CVE-2025-7130	2025-07-07	Campcodes Payroll Management System ajax.php sql injection
CVE-2025-7056	2025-07-07	Stored XSS in UrlShortener
CVE-2025-7131	2025-07-07	Campcodes Payroll Management System ajax.php sql injection
CVE-2025-5987	2025-07-07	Libssh: invalid return code for chacha20 poly1305 with openssl backend
CVE-2025-7132	2025-07-07	Campcodes Payroll Management System ajax.php sql injection
CVE-2025-6711	2025-07-07	Incomplete Redaction of Sensitive Information in MongoDB Server Logs
CVE-2025-6712	2025-07-07	MongoDB Server may be susceptible to DoS due to Accumulated Memory Allocation
CVE-2025-6713	2025-07-07	MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage
CVE-2025-6714	2025-07-07	Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections
CVE-2025-6803	2025-07-07	Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability
CVE-2025-6804	2025-07-07	Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability
CVE-2025-6793	2025-07-07	Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability
CVE-2025-6796	2025-07-07	Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability
CVE-2025-6805	2025-07-07	Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability
CVE-2025-6797	2025-07-07	Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability
CVE-2025-6798	2025-07-07	Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability
CVE-2025-6799	2025-07-07	Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability
CVE-2025-6800	2025-07-07	Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability
CVE-2025-6801	2025-07-07	Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability
CVE-2025-6794	2025-07-07	Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability
CVE-2025-6795	2025-07-07	Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability
CVE-2025-6807	2025-07-07	Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability
CVE-2025-6806	2025-07-07	Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability
CVE-2025-6802	2025-07-07	Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability
CVE-2025-6810	2025-07-07	Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE-2025-6811	2025-07-07	Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE-2025-6663	2025-07-07	GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-7133	2025-07-07	CodeAstro Online Movie Ticket Booking System cross-site request forgery
CVE-2025-53486	2025-07-07	WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function
CVE-2025-7057	2025-07-07	Stored XSS in Quiz
CVE-2025-53487	2025-07-07	ApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages
CVE-2025-32023	2025-07-07	Redis allows out of bounds writes in hyperloglog commands leading to RCE
CVE-2025-48367	2025-07-07	Redis DoS Vulnerability due to bad connection error handling
CVE-2025-7134	2025-07-07	Campcodes Online Recruitment Management System ajax.php sql injection
CVE-2025-53373	2025-07-07	Natours has a 1 Click Account take over on reset password via Host Header injection
CVE-2025-53374	2025-07-07	Dokploy Improperly Discloses User Information via user.one Endpoint
CVE-2025-53376	2025-07-07	Dokploy allows attackers to run arbitrary OS commands on the Dokploy host.
CVE-2025-7259	2025-07-07	Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash
CVE-2025-53375	2025-07-07	Dokploy allows attackers to read any file that the Traefik process user can access
CVE-2025-7135	2025-07-07	Campcodes Online Recruitment Management System ajax.php sql injection
CVE-2025-36014	2025-07-07	IBM Integration Bus for z/OS code injection
CVE-2025-53491	2025-07-07	XSS in FlaggedRevs
CVE-2025-53377	2025-07-07	WebGia allows Cross-Site Scripting (XSS) in cadastro_dependente_pessoa_nova.php via the id_funcionario parameter
CVE-2025-53497	2025-07-07	Stored XSS in RelatedArticles
CVE-2025-53525	2025-07-07	WebGia allows Cross-Site Scripting (XSS) in profile_familiar.php via the id_dependente parameter
CVE-2025-7136	2025-07-07	Campcodes Online Recruitment Management System view_vacancy.php sql injection
CVE-2025-53526	2025-07-07	WeGIA allows Stored XSS attacks in novo_memorando.php
CVE-2025-1351	2025-07-07	IBM Storage Virtualize privilege escalation
CVE-2025-53527	2025-07-07	WeGIA allows Time-Based Blind SQL Injection in the relatorio_geracao.php endpoint
CVE-2025-53529	2025-07-07	WeGIA allows SQL Injection in html/funcionario/profile_funcionario.php (id_funcionario parameter)
CVE-2025-53530	2025-07-07	WeGIA allows Uncontrolled Resource Consumption via the errorstr parameter
CVE-2025-7137	2025-07-07	SourceCodester Best Salon Management System schedule-staff.php sql injection
CVE-2025-53531	2025-07-07	WeGIA allows Uncontrolled Resource Consumption via the fid parameter
CVE-2025-53532	2025-07-07	giscus allows unauthorized discussion creation
CVE-2025-53535	2025-07-07	Better Auth has an Open Redirect Vulnerability in originCheck Middleware Affecting Multiple Routes
CVE-2025-7138	2025-07-07	SourceCodester Best Salon Management System admin-profile.php sql injection
CVE-2024-43190	2025-07-07	IBM Engineering Requirements Management DOORS weak authentication
CVE-2025-20300	2025-07-07	Improper Access Control Lets Low-Privilege Users Suppress Read-Only Alerts in Splunk Enterprise
CVE-2025-20320	2025-07-07	Denial of Service (DoS) through “User Interface - Views“ configuration page in Splunk Enterprise
CVE-2025-20324	2025-07-07	Improper Access Control in System Source Types Configuration in Splunk Enterprise
CVE-2025-20319	2025-07-07	Remote Command Execution through Scripted Input Files in Splunk Enterprise
CVE-2025-20325	2025-07-07	Sensitive Information Disclosure in the SHCConfig logging channel in Clustered Deployments in Splunk Enterprise
CVE-2025-20321	2025-07-07	Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise
CVE-2025-20323	2025-07-07	Missing Access Control of Saved Searches in the Splunk Archiver app
CVE-2025-20322	2025-07-07	Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk Enterprise
CVE-2025-53536	2025-07-07	Roo Code allows Potential Remote Code Execution via .vscode/settings.json
CVE-2025-7139	2025-07-07	SourceCodester Best Salon Management System Update Customer Details Page edit-customer-detailed.php cross site scripting
CVE-2025-53478	2025-07-07	CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate via unsanitized i18n messages
CVE-2025-53495	2025-07-07	Unauthorized Disclosure of IP Reputation in AbuseFilter
CVE-2025-7140	2025-07-07	SourceCodester Best Salon Management System Update Staff Page edit-staff.php cross site scripting
CVE-2025-53499	2025-07-07	Unauthorized Inspection of Protected Variables in AbuseFilter
CVE-2025-53498	2025-07-07	Lack of Audit Logging in AbuseFilter