CVE List - 2025 / August
Showing 701 - 800 of 3631 CVEs for August 2025 (Page 8 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-52913 | 2025-08-08 | A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient... |
| CVE-2025-52914 | 2025-08-08 | A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient... |
| CVE-2025-55188 | 2025-08-08 | 7-Zip before 25.01 does not always properly handle symbolic links during extraction. |
| CVE-2025-54368 | 2025-08-08 | uv is vulnerable to ZIP payload obfuscation through parsing differentials |
| CVE-2025-8703 | 2025-08-08 | Wanzhou WOES Intelligent Optimization Energy Saving System Environmental Real-Time Data Module GetAreaTrendChartData sql injection |
| CVE-2025-54793 | 2025-08-08 | Astro: Duplicate trailing slash feature can lead to Open Redirects |
| CVE-2025-54886 | 2025-08-08 | skops: Card.get_model does not block arbitrary code execution |
| CVE-2025-54887 | 2025-08-08 | jwe: Missing AES-GCM authentication tag validation in encrypted JWEs |
| CVE-2025-8704 | 2025-08-08 | Wanzhou WOES Intelligent Optimization Energy Saving System Analysis Conclusion Query Module GetAlarmResultProcessList sql injection |
| CVE-2025-8705 | 2025-08-08 | Wanzhou WOES Intelligent Optimization Energy Saving System Energy Overview Module GetTargetConfig sql injection |
| CVE-2025-8706 | 2025-08-08 | Wanzhou WOES Intelligent Optimization Energy Saving System Energy Overview Module CreateFunctionLog sql injection |
| CVE-2025-8707 | 2025-08-08 | Huuge Box App com.huuge.game.zjbox AndroidManifest.xml improper export of android application components |
| CVE-2025-8708 | 2025-08-08 | Antabot White-Jotter com.gm.wj.config.ShiroConfiguration ShiroConfiguration.java CookieRememberMeManager deserialization |
| CVE-2024-58256 | 2025-08-08 | EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. |
| CVE-2024-58257 | 2025-08-08 | EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. |
| CVE-2024-58255 | 2025-08-08 | EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. |
| CVE-2025-54940 | 2025-08-08 | An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be... |
| CVE-2025-54959 | 2025-08-08 | Powered BLUE Server versions 0.20130927 and prior contain a path traversal vulnerability. If this vulnerability is exploited, an arbitrary file in the affected product may be disclosed. |
| CVE-2025-54958 | 2025-08-08 | Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. If this vulnerability is exploited, arbitrary OS commands may be executed on the affected product. |
| CVE-2025-6572 | 2025-08-08 | OpenStreetMap for Gutenberg and WPBakery Page Builder <= 1.2.0 - Contributor+ Stored XSS |
| CVE-2025-48913 | 2025-08-08 | Apache CXF: Untrusted JMS configuration can lead to RCE |
| CVE-2025-53606 | 2025-08-08 | Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server |
| CVE-2025-8748 | 2025-08-08 | OS command injection in MiR robots and MiR fleet via crafted HTTP requests |
| CVE-2025-8088 | 2025-08-08 | Path traversal vulnerability in WinRAR |
| CVE-2025-8749 | 2025-08-08 | Path traversal vulnerability in MiR robot software via API requests |
| CVE-2025-8729 | 2025-08-08 | MigoXLab LMeterX upload_service.py process_cert_files path traversal |
| CVE-2025-36119 | 2025-08-08 | IBM i authentication bypass |
| CVE-2025-8730 | 2025-08-08 | Belkin F9K1009/F9K1010 Web Interface hard-coded credentials |
| CVE-2025-36023 | 2025-08-08 | IBM Cloud Pak for Business Automation security bypass |
| CVE-2025-8355 | 2025-08-08 | XXE leading to SSRF |
| CVE-2025-8731 | 2025-08-08 | TRENDnet TI-G160i/TI-PG102i/TPL-430AP SSH Service default credentials |
| CVE-2025-8356 | 2025-08-08 | Path Traversal leading to RCE |
| CVE-2025-4576 | 2025-08-08 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through... |
| CVE-2025-52586 | 2025-08-08 | EG4 Electronics EG4 Inverters Cleartext Transmission of Sensitive Information |
| CVE-2025-53520 | 2025-08-08 | EG4 Electronics EG4 Inverters Download of Code Without Integrity Check |
| CVE-2025-47872 | 2025-08-08 | EG4 Electronics EG4 Inverters Observable Discrepancy |
| CVE-2025-46414 | 2025-08-08 | EG4 Electronics EG4 Inverters Improper Restriction of Excessive Authentication Attempts |
| CVE-2025-8393 | 2025-08-08 | Dreame Technology iOS and Android Mobile Applications Improper Certificate Validation |
| CVE-2025-8284 | 2025-08-08 | Packet Power EMX and EG Missing Authentication for Critical Function |
| CVE-2025-8732 | 2025-08-08 | libxml2 xmlcatalog xmlParseSGMLCatalog recursion |
| CVE-2025-5095 | 2025-08-08 | Burk Technology ARC Solo Missing Authentication for Critical Function |
| CVE-2012-10043 | 2025-08-08 | ActFax 4.32 Client Importer Buffer Overflow |
| CVE-2010-10013 | 2025-08-08 | AjaXplorer < 2.6 checkInstall.php Unauthenticated RCE |
| CVE-2012-10050 | 2025-08-08 | CuteFlow <= 2.11.2 Arbitrary File Upload RCE |
| CVE-2012-10047 | 2025-08-08 | Cyclope Employee Surveillance Solution v6.x SQL Injection |
| CVE-2012-10052 | 2025-08-08 | EGallery 1.2 Arbitrary PHP File Upload |
| CVE-2012-10046 | 2025-08-08 | E-Mail Security Virtual Appliance learn-msg.cgi Command Injection |
| CVE-2012-10044 | 2025-08-08 | MobileCartly 1.0 savepage.php Arbitrary File Creation |
| CVE-2012-10051 | 2025-08-08 | Photodex ProShow Producer 5.0.3256 load File Handling Buffer Overflow |
| CVE-2012-10036 | 2025-08-08 | Project Pier <= 0.8.8 Arbitrary File Upload RCE |
| CVE-2012-10042 | 2025-08-08 | Sflog! CMS 1.0 Arbitrary File Upload RCE |
| CVE-2012-10053 | 2025-08-08 | Simple Web Server Connection Header Buffer Overflow |
| CVE-2012-10041 | 2025-08-08 | WAN Emulator v2.3 Command Execution |
| CVE-2012-10049 | 2025-08-08 | WebPageTest Arbitrary PHP File Upload RCE |
| CVE-2012-10045 | 2025-08-08 | XODA 0.4.5 Arbitrary PHP File Upload |
| CVE-2012-10048 | 2025-08-08 | Zenoss 3.x showDaemonXMLConfig Command Execution |
| CVE-2025-4796 | 2025-08-08 | Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover |
| CVE-2025-8735 | 2025-08-08 | GNU cflow Lexer c.c yylex null pointer dereference |
| CVE-2025-8736 | 2025-08-08 | GNU cflow Lexer c.c yylex buffer overflow |
| CVE-2025-8737 | 2025-08-08 | zlt2000 microservices-platform OauthLogoutSuccessHandler.java onLogoutSuccess redirect |
| CVE-2025-8738 | 2025-08-08 | zlt2000 microservices-platform Spring Actuator Interface actuator information disclosure |
| CVE-2025-8739 | 2025-08-08 | zhenfeng13 My-Blog save cross-site request forgery |
| CVE-2025-8740 | 2025-08-08 | zhenfeng13 My-Blog Category save cross site scripting |
| CVE-2025-8741 | 2025-08-08 | macrozheng mall login cleartext transmission |
| CVE-2025-8742 | 2025-08-08 | macrozheng mall Admin Login excessive authentication |
| CVE-2025-8743 | 2025-08-08 | Scada-LTS Virtual Data Source Property data_source_edit.shtm cross site scripting |
| CVE-2025-6573 | 2025-08-08 | GPU DDK - RGXFW_CTL.pui8FWScratchBuf Leak/Overwrite |
| CVE-2025-46709 | 2025-08-08 | GPU DDK - Security fix for PP-171570 can lead to an uninitialised pointer dereference and memory leak |
| CVE-2025-8744 | 2025-08-08 | CesiumLab Web lodmodels sql injection |
| CVE-2025-55152 | 2025-08-09 | oak: ReDoS in x-forwarded-proto and x-forwarded-for headers |
| CVE-2025-54417 | 2025-08-09 | Craft contains a theoretical bypass for CVE-2025-23209 |
| CVE-2025-54888 | 2025-08-09 | @fedify/fedify: Improper Authentication and Incorrect Authorization |
| CVE-2025-54996 | 2025-08-09 | OpenBao Root Namespace Operator May Elevate Token Privileges |
| CVE-2025-54997 | 2025-08-09 | OpenBao: Privileged Operator May Execute Code on the Underlying Host |
| CVE-2025-54998 | 2025-08-09 | OpenBao Userpass and LDAP User Lockout Bypass |
| CVE-2025-54999 | 2025-08-09 | OpenBao: Timing Side-Channel in Userpass Auth Method |
| CVE-2025-55000 | 2025-08-09 | OpenBao TOTP Secrets Engine Enables Code Reuse |
| CVE-2025-55001 | 2025-08-09 | OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias |
| CVE-2025-55003 | 2025-08-09 | OpenBao Login MFA Bypasses Rate Limiting and TOTP Token Reuse |
| CVE-2025-55006 | 2025-08-09 | Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature |
| CVE-2025-55009 | 2025-08-09 | AuthKit: Sensitive auth data rendered in HTML |
| CVE-2025-55008 | 2025-08-09 | AuthKit React Router: Sensitive auth data rendered in HTML |
| CVE-2025-55013 | 2025-08-09 | Assemblyline 4 Service Client: Arbitrary Write through path traversal in Client code |
| CVE-2025-55149 | 2025-08-09 | Path Traversal Vulnerability in PDF Review Function (CWE-22) |
| CVE-2025-4581 | 2025-08-09 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a... |
| CVE-2025-4655 | 2025-08-09 | SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4... |
| CVE-2025-8745 | 2025-08-09 | Weee RICEPO App com.ricepo.app AndroidManifest.xml improper export of android application components |
| CVE-2025-8746 | 2025-08-09 | GNU libopts __strstr_sse2 memory corruption |
| CVE-2025-8750 | 2025-08-09 | macrozheng mall Add Product Page upload cross site scripting |
| CVE-2025-8751 | 2025-08-09 | Protected Total WebShield Extension Block Page cross site scripting |
| CVE-2025-8752 | 2025-08-09 | wangzhixuan spring-shiro-training add command injection |
| CVE-2025-7020 | 2025-08-09 | BYD DiLink OS Incorrect encryption Implementation of system log dumps |
| CVE-2025-8753 | 2025-08-09 | linlinjava litemall File delete path traversal |
| CVE-2025-7726 | 2025-08-09 | The7 <= 12.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title and data-dt-img-description Attributes |
| CVE-2025-8755 | 2025-08-09 | macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization |
| CVE-2022-50233 | 2025-08-09 | Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} |
| CVE-2024-58238 | 2025-08-09 | Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test |
| CVE-2025-8756 | 2025-08-09 | TDuckCloud tduck-platform manage preHandle improper authorization |
| CVE-2025-8757 | 2025-08-09 | TRENDnet TV-IP110WN Embedded Boa Web Server boa.conf least privilege violation |
| CVE-2025-8758 | 2025-08-09 | TRENDnet TEW-822DRE vsftpd least privilege violation |