CVE List - 2025 / August
Showing 901 - 1000 of 3631 CVEs for August 2025 (Page 10 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2012-10037 | 2025-08-11 | PhpTax pfilez Parameter Exec Remote Code Injection |
| CVE-2012-10038 | 2025-08-11 | Auxilium RateMyPet Arbitrary File Upload RCE |
| CVE-2012-10039 | 2025-08-11 | ZEN Load Balancer Filelog Command Execution |
| CVE-2012-10040 | 2025-08-11 | Openfiler v2.x NetworkCard Command Execution |
| CVE-2025-38499 | 2025-08-11 | clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns |
| CVE-2025-8866 | 2025-08-11 | YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and... |
| CVE-2025-53187 | 2025-08-11 | Unauthenticated RCE |
| CVE-2025-54063 | 2025-08-11 | Cherry Studio One-click Remote Code Execution Vulnerability through Custom URL Handling |
| CVE-2025-25231 | 2025-08-11 | Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to... |
| CVE-2025-25229 | 2025-08-11 | Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of... |
| CVE-2025-7677 | 2025-08-11 | DOS attack possible |
| CVE-2025-7679 | 2025-08-11 | Session ID Basic Auth Bypass |
| CVE-2025-44001 | 2025-08-11 | Unauthorized Channel Subscription Read in Mattermost Confluence Plugin |
| CVE-2025-44004 | 2025-08-11 | Unauthenticated Channel Subscription Creation in Mattermost Confluence Plugin |
| CVE-2025-48731 | 2025-08-11 | Unauthorized Subscription Edit to Confluence Space in Mattermost Confluence Plugin |
| CVE-2025-49221 | 2025-08-11 | Unauthenticated Access to Channel Subscription in Mattermost Confluence Plugin |
| CVE-2025-52931 | 2025-08-11 | Unexpected input to Update Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin |
| CVE-2025-53514 | 2025-08-11 | Unexpected Input to Server Webhook endpoint Causes DoS in Mattermost Confluence Plugin |
| CVE-2025-53857 | 2025-08-11 | Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin |
| CVE-2025-53910 | 2025-08-11 | Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin |
| CVE-2025-54458 | 2025-08-11 | Unauthorized Subscription Creation to Confluence Space in Mattermost Confluence Plugin |
| CVE-2025-54463 | 2025-08-11 | Unexpected Input to Cloud Webhook endpoint Causes DoS in Mattermost Confluence Plugin |
| CVE-2025-54478 | 2025-08-11 | Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin |
| CVE-2025-54525 | 2025-08-11 | Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin |
| CVE-2025-8285 | 2025-08-11 | Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin |
| CVE-2025-40920 | 2025-08-11 | Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces |
| CVE-2024-32640 | 2025-08-11 | MasaCMS SQL Injection vulnerability |
| CVE-2025-54878 | 2025-08-11 | Heap Buffer Overflow in NASA CryptoLib 1.4.0 `Crypto_TC_Check_IV_Setup` |
| CVE-2025-55012 | 2025-08-11 | Zed AI Agent Remote Code Execution |
| CVE-2025-54992 | 2025-08-11 | OpenKilda XXE in SAML configuration |
| CVE-2025-25235 | 2025-08-11 | Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability |
| CVE-2025-55151 | 2025-08-11 | Stirling-PDF SSRF vulnerability on /api/v1/convert/file/pdf |
| CVE-2025-55150 | 2025-08-11 | Stirling-PDF SSRF vulnerability on /api/v1/convert/html/pdf |
| CVE-2025-55156 | 2025-08-11 | PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter |
| CVE-2025-55161 | 2025-08-11 | Stirling-PDF SSRF vulnerability on /api/v1/convert/markdown/pdf |
| CVE-2025-55158 | 2025-08-11 | Vim double-free vulnerability during Vim9 script import operations |
| CVE-2025-55157 | 2025-08-11 | Vim heap use-after-free vulnerability when processing recursive tuple data types |
| CVE-2025-55159 | 2025-08-11 | slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check |
| CVE-2025-42934 | 2025-08-12 | CRLF Injection vulnerability in SAP S/4HANA (Supplier invoice) |
| CVE-2025-42935 | 2025-08-12 | Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) |
| CVE-2025-42936 | 2025-08-12 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42941 | 2025-08-12 | Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad) |
| CVE-2025-42942 | 2025-08-12 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42943 | 2025-08-12 | Information Disclosure in SAP GUI for Windows |
| CVE-2025-42945 | 2025-08-12 | HTML Injection vulnerability in SAP NetWeaver Application Server ABAP |
| CVE-2025-42946 | 2025-08-12 | Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management) |
| CVE-2025-42948 | 2025-08-12 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform |
| CVE-2025-42949 | 2025-08-12 | Missing Authorization check in ABAP Platform |
| CVE-2025-42950 | 2025-08-12 | Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform) |
| CVE-2025-42951 | 2025-08-12 | Broken Authorization in SAP Business One (SLD) |
| CVE-2025-42955 | 2025-08-12 | Missing authorization check in SAP Cloud Connector |
| CVE-2025-42957 | 2025-08-12 | Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise) |
| CVE-2025-42975 | 2025-08-12 | Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document) |
| CVE-2025-42976 | 2025-08-12 | Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document) |
| CVE-2025-5391 | 2025-08-12 | WooCommerce Purchase Orders <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2025-8462 | 2025-08-12 | RT Easy Builder <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-8685 | 2025-08-12 | Wp chart generator <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpchart Shortcode |
| CVE-2025-4390 | 2025-08-12 | WP Private Content Plus <= 3.6.2 - Unauthenticated Sensitive Information Exposure |
| CVE-2025-8690 | 2025-08-12 | Simple Responsive Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-8621 | 2025-08-12 | Mosaic Generator <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'c' Parameter |
| CVE-2025-8688 | 2025-08-12 | Inline Stock Quotes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock Shortcode |
| CVE-2025-8568 | 2025-08-12 | GMap - Venturit <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'h' Parameter |
| CVE-2025-8059 | 2025-08-12 | B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function |
| CVE-2025-8314 | 2025-08-12 | Software Issue Manager <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter |
| CVE-2025-7622 | 2025-08-12 | During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered. |
| CVE-2025-3892 | 2025-08-12 | ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of... |
| CVE-2025-30027 | 2025-08-12 | An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the... |
| CVE-2025-8081 | 2025-08-12 | Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import |
| CVE-2025-6253 | 2025-08-12 | UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read |
| CVE-2025-47444 | 2025-08-12 | WordPress GiveWP Plugin < 4.6.1 is vulnerable to Sensitive Data (PII) Exposure |
| CVE-2025-8767 | 2025-08-12 | AnWP Football Leagues <= 0.16.17 - Authenticated (Administrator+) CSV Injection |
| CVE-2025-8874 | 2025-08-12 | Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBox |
| CVE-2025-8482 | 2025-08-12 | Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration |
| CVE-2025-8418 | 2025-08-12 | B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation |
| CVE-2025-41686 | 2025-08-12 | Improper File Permissions Allow Local Privilege Escalation |
| CVE-2025-26398 | 2025-08-12 | SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability |
| CVE-2025-8885 | 2025-08-12 | Possible DOS in processing specially formed ASN.1 Object Identifiers |
| CVE-2025-43736 | 2025-08-12 | A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through... |
| CVE-2024-41979 | 2025-08-12 | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions... |
| CVE-2024-41980 | 2025-08-12 | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions... |
| CVE-2024-41982 | 2025-08-12 | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions... |
| CVE-2024-41983 | 2025-08-12 | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions... |
| CVE-2024-41984 | 2025-08-12 | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions... |
| CVE-2024-41985 | 2025-08-12 | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions... |
| CVE-2024-41986 | 2025-08-12 | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions... |
| CVE-2024-52504 | 2025-08-12 | A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All... |
| CVE-2024-54678 | 2025-08-12 | A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC... |
| CVE-2025-30033 | 2025-08-12 | The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup... |
| CVE-2025-30034 | 2025-08-12 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected devices do not properly validate input sent to its listening port on the local loopback... |
| CVE-2025-33023 | 2025-08-12 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All... |
| CVE-2025-40570 | 2025-08-12 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions... |
| CVE-2025-40584 | 2025-08-12 | A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT... |
| CVE-2025-40743 | 2025-08-12 | A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5),... |
| CVE-2025-40746 | 2025-08-12 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated... |
| CVE-2025-40751 | 2025-08-12 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to... |
| CVE-2025-40752 | 2025-08-12 | A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER... |
| CVE-2025-40753 | 2025-08-12 | A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER... |
| CVE-2025-40759 | 2025-08-12 | A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions <... |
| CVE-2025-40761 | 2025-08-12 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All... |
| CVE-2025-40762 | 2025-08-12 | A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contain an out of bounds write vulnerability... |