CVE List - 2025 / August
Showing 1301 - 1400 of 3631 CVEs for August 2025 (Page 14 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-50251 | 2025-08-13 | Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery. |
| CVE-2025-50594 | 2025-08-13 | An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password. |
| CVE-2025-50608 | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00471994 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set... |
| CVE-2025-50609 | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the Function_00465620 of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of specify_parame in... |
| CVE-2025-50610 | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00476598 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set_5g... |
| CVE-2025-50611 | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00473154 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set_5g... |
| CVE-2025-50612 | 2025-08-13 | A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of... |
| CVE-2025-50613 | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_key_wep... |
| CVE-2025-50614 | 2025-08-13 | A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of... |
| CVE-2025-50615 | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00470c50 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_mac_filter_set... |
| CVE-2025-50616 | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046f984 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_advanced_set... |
| CVE-2025-50617 | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046ed68 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wps_set... |
| CVE-2025-50635 | 2025-08-13 | A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the... |
| CVE-2025-50690 | 2025-08-13 | A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference.org (OSGeo/spatialreference.org) versions prior to 2025-05-17 (commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491). The vulnerability is caused by improper handling of user input in the search query parameter.... |
| CVE-2025-50946 | 2025-08-13 | OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go. |
| CVE-2025-51451 | 2025-08-13 | In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. |
| CVE-2025-51452 | 2025-08-13 | In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. |
| CVE-2025-51691 | 2025-08-13 | Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a crafted script input to the editor interface. The application... |
| CVE-2025-52385 | 2025-08-13 | An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module |
| CVE-2025-52386 | 2025-08-13 | CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file |
| CVE-2025-52392 | 2025-08-13 | Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized... |
| CVE-2025-4276 | 2025-08-13 | UsbCoreDxe: improper input validation may lead to arbitrary code execution |
| CVE-2025-4277 | 2025-08-13 | Tcg2Smm: improper input validation may lead to arbitrary code execution |
| CVE-2025-4410 | 2025-08-13 | SetupUtility: A buffer overflow vulnerability leads to arbitrary code execution. |
| CVE-2025-8879 | 2025-08-13 | Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High) |
| CVE-2025-8880 | 2025-08-13 | Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-8901 | 2025-08-13 | Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security... |
| CVE-2025-8881 | 2025-08-13 | Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via... |
| CVE-2025-8882 | 2025-08-13 | Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption... |
| CVE-2025-8891 | 2025-08-13 | OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation |
| CVE-2025-8491 | 2025-08-13 | Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload |
| CVE-2025-0818 | 2025-08-13 | Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion |
| CVE-2025-7384 | 2025-08-13 | Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion |
| CVE-2025-6715 | 2025-08-13 | Latepoint < 5.1.94 - Unauthenticated LFI |
| CVE-2025-8760 | 2025-08-13 | INSTAR 2K+/4K fcgi_server base64_decode buffer overflow |
| CVE-2025-8762 | 2025-08-13 | INSTAR 2K+/4K UART improper physical access control |
| CVE-2025-8761 | 2025-08-13 | INSTAR 2K+/4K Backend IPC Server denial of service |
| CVE-2025-6184 | 2025-08-13 | Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection |
| CVE-2025-55345 | 2025-08-13 | Unsafe symlink following in restricted workspace-write sandbox leads to RCE |
| CVE-2025-8909 | 2025-08-13 | WellChoose|Organization Portal System - Arbitrary File Reading through Path Traversal |
| CVE-2025-8910 | 2025-08-13 | WellChoose|Organization Portal System - Reflected Cross-site Scripting |
| CVE-2025-8911 | 2025-08-13 | WellChoose|Organization Portal System - Reflected Cross-site Scripting |
| CVE-2025-8912 | 2025-08-13 | WellChoose|Organization Portal System - Arbitrary File Reading through Path Traversal |
| CVE-2025-8913 | 2025-08-13 | WellChoose|Organization Portal System - Local File Inclusion |
| CVE-2025-8914 | 2025-08-13 | WellChoose|Organization Portal System - SQL Injection |
| CVE-2025-8916 | 2025-08-13 | Possible DOS in processing large name constraint structures in PKIXCertPathReveiwer |
| CVE-2025-54464 | 2025-08-13 | Cleartext Storage Vulnerability in ZKTeco WL20 |
| CVE-2025-54465 | 2025-08-13 | Hard-coded Credentials Vulnerability in ZKTeco WL20 |
| CVE-2025-55279 | 2025-08-13 | Hard-coded Private Key Vulnerability in ZKTeco WL20 |
| CVE-2025-55280 | 2025-08-13 | Information Disclosure Vulnerability in ZKTeco WL20 |
| CVE-2025-8671 | 2025-08-13 | CVE-2025-8671 |
| CVE-2025-48989 | 2025-08-13 | Apache Tomcat: h2 DoS - Made You Reset |
| CVE-2025-8907 | 2025-08-13 | H3C M2 NAS Webserver Configuration unnecessary privileges |
| CVE-2025-8908 | 2025-08-13 | Shanghai Lingdang Information Technology Lingdang CRM event.php sql injection |
| CVE-2025-55668 | 2025-08-13 | Apache Tomcat: session fixation via rewrite valve |
| CVE-2025-54074 | 2025-08-13 | Cherry Studio is Vulnerable to OS Command Injection during Connection with a Malicious MCP Server |
| CVE-2025-54382 | 2025-08-13 | Cherry Studio RCE Vulnerability Disclosure |
| CVE-2025-32451 | 2025-08-13 | A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this... |
| CVE-2025-55004 | 2025-08-13 | ImageMagick: heap-buffer overflow read in MNG magnification with alpha |
| CVE-2025-55005 | 2025-08-13 | ImageMagick: heap-buffer overflow in log colorspace handling |
| CVE-2025-55154 | 2025-08-13 | ImageMagick: integer overflows in MNG magnification |
| CVE-2025-55160 | 2025-08-13 | ImageMagick Undefined Behavior (function-type-mismatch) in CloneSplayTree |
| CVE-2025-54791 | 2025-08-13 | OMERO.web displays unecessary user information when requesting to reset the password |
| CVE-2025-55163 | 2025-08-13 | Netty MadeYouReset HTTP/2 DDoS Vulnerability |
| CVE-2025-8941 | 2025-08-13 | Linux-pam: incomplete fix for cve-2025-6020 |
| CVE-2025-54809 | 2025-08-13 | F5 Access for Android vulnerability |
| CVE-2025-52585 | 2025-08-13 | BIG-IP Client SSL profile vulnerability |
| CVE-2025-46405 | 2025-08-13 | BIG-IP APM vulnerability |
| CVE-2025-48500 | 2025-08-13 | BIG-IP APM VPN web client for macOS vulnerability |
| CVE-2025-54500 | 2025-08-13 | HTTP/2 Vulnerability |
| CVE-2025-53859 | 2025-08-13 | NGINX ngx_mail_smtp_module vulnerability |
| CVE-2025-8918 | 2025-08-13 | Portabilis i-Educar Editar educar_instituicao_cad.php cross site scripting |
| CVE-2025-34153 | 2025-08-13 | Hyland OnBase < 17.0.2.87 .NET Remoting TCP Channel Unauthenticated RCE |
| CVE-2025-2180 | 2025-08-13 | Checkov by Prisma Cloud: Unsafe Deserialization of Terraform Files Allows Code Execution |
| CVE-2025-2181 | 2025-08-13 | Checkov by Prisma Cloud: Cleartext Exposure of Credentials |
| CVE-2025-2182 | 2025-08-13 | PAN-OS: Firewall Clusters using the MACsec Protocol Expose the Connectivity Association Key (CAK) |
| CVE-2025-2183 | 2025-08-13 | GlobalProtect App: Improper Certificate Validation Leads to Privilege Escalation |
| CVE-2025-2184 | 2025-08-13 | Cortex XDR Broker VM: Secrets Shared Across Multiple Broker VM Images |
| CVE-2025-8904 | 2025-08-13 | Privilege escalation issue in Amazon EMR Secret Agent component |
| CVE-2025-23294 | 2025-08-13 | NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges,... |
| CVE-2025-23303 | 2025-08-13 | NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might... |
| CVE-2025-23304 | 2025-08-13 | NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A... |
| CVE-2025-23295 | 2025-08-13 | NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of... |
| CVE-2025-23296 | 2025-08-13 | NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to... |
| CVE-2025-8770 | 2025-08-13 | Authorization Bypass Through User-Controlled Key in GitLab |
| CVE-2025-7734 | 2025-08-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2025-7739 | 2025-08-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2025-6186 | 2025-08-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2025-5819 | 2025-08-13 | Incorrect Permission Assignment for Critical Resource in GitLab |
| CVE-2025-2937 | 2025-08-13 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2025-2614 | 2025-08-13 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-2498 | 2025-08-13 | Insufficient Granularity of Access Control in GitLab |
| CVE-2025-1477 | 2025-08-13 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2024-12303 | 2025-08-13 | Incorrect Privilege Assignment in GitLab |
| CVE-2024-10219 | 2025-08-13 | Incorrect Authorization in GitLab |
| CVE-2025-23298 | 2025-08-13 | NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead... |
| CVE-2025-8919 | 2025-08-13 | Portabilis i-Diario History objetivos-de-aprendizagem-e-habilidades cross site scripting |
| CVE-2025-23305 | 2025-08-13 | NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to... |
| CVE-2025-23306 | 2025-08-13 | NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit... |
| CVE-2025-8754 | 2025-08-13 | ABB AbilityTM zenon Remote Transport Vulnerability |