CVE List - 2025 / August
Showing 1201 - 1300 of 3631 CVEs for August 2025 (Page 13 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-49707 | 2025-08-12 | Azure Virtual Machines Spoofing Vulnerability |
| CVE-2025-49712 | 2025-08-12 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2025-49736 | 2025-08-12 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability |
| CVE-2025-20044 | 2025-08-12 | Improper locking for some Intel(R) TDX Module firmware before version 1.5.13 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2025-49555 | 2025-08-12 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2025-49559 | 2025-08-12 | Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
| CVE-2025-49554 | 2025-08-12 | Adobe Commerce | Improper Input Validation (CWE-20) |
| CVE-2025-49558 | 2025-08-12 | Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) |
| CVE-2025-49557 | 2025-08-12 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-49556 | 2025-08-12 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2025-36124 | 2025-08-12 | IBM WebSphere Application Server Liberty bypass security |
| CVE-2025-43734 | 2025-08-12 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through... |
| CVE-2025-55168 | 2025-08-12 | WeGIA SQL Injection via id_fichamedica at endpoint `GET /html/saude/aplicar_medicamento.php` |
| CVE-2024-40588 | 2025-08-12 | Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and... |
| CVE-2025-25256 | 2025-08-12 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0... |
| CVE-2025-32766 | 2025-08-12 | A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI... |
| CVE-2025-49813 | 2025-08-12 | An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker... |
| CVE-2025-53744 | 2025-08-12 | An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote... |
| CVE-2025-52970 | 2025-08-12 | A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker... |
| CVE-2023-45584 | 2025-08-12 | A double free vulnerability [CWE-415] in Fortinet FortiOS version 7.4.0, version 7.2.0 through 7.2.5 and before 7.0.12, FortiProxy version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 and... |
| CVE-2025-25248 | 2025-08-12 | An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2... |
| CVE-2024-52964 | 2025-08-12 | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13... |
| CVE-2024-26009 | 2025-08-12 | An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and... |
| CVE-2025-27759 | 2025-08-12 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and... |
| CVE-2025-32932 | 2025-08-12 | An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2... |
| CVE-2025-47857 | 2025-08-12 | A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged... |
| CVE-2024-48892 | 2025-08-12 | A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a... |
| CVE-2025-55169 | 2025-08-12 | WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file' |
| CVE-2025-36000 | 2025-08-12 | IBM WebSphere Application Server Liberty cross-site scripting |
| CVE-2025-49560 | 2025-08-12 | Substance3D - Viewer | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-49569 | 2025-08-12 | Substance3D - Viewer | Out-of-bounds Write (CWE-787) |
| CVE-2025-55170 | 2025-08-12 | WeGIA reflected XSS via `verificacao` and `redir_config` param at endpoint `/html/alterar_senha.php` |
| CVE-2025-55171 | 2025-08-12 | WeGIA Anonymous Attacker can Delete Arbitrary Image file at endpoint `/html/personalizacao_remover.php` |
| CVE-2025-49561 | 2025-08-12 | Animate | Use After Free (CWE-416) |
| CVE-2025-49562 | 2025-08-12 | Animate | Use After Free (CWE-416) |
| CVE-2025-49570 | 2025-08-12 | Photoshop Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2025-54198 | 2025-08-12 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) |
| CVE-2025-54201 | 2025-08-12 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) |
| CVE-2025-54199 | 2025-08-12 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) |
| CVE-2025-54202 | 2025-08-12 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) |
| CVE-2025-49571 | 2025-08-12 | Substance3D - Modeler | Uncontrolled Search Path Element (CWE-427) |
| CVE-2025-54204 | 2025-08-12 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) |
| CVE-2025-54200 | 2025-08-12 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) |
| CVE-2025-54203 | 2025-08-12 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) |
| CVE-2025-54235 | 2025-08-12 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) |
| CVE-2025-54186 | 2025-08-12 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) |
| CVE-2025-54197 | 2025-08-12 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) |
| CVE-2025-49572 | 2025-08-12 | Substance3D - Modeler | Out-of-bounds Write (CWE-787) |
| CVE-2025-49573 | 2025-08-12 | Substance3D - Modeler | Out-of-bounds Write (CWE-787) |
| CVE-2025-54192 | 2025-08-12 | Substance3D - Painter | Out-of-bounds Read (CWE-125) |
| CVE-2025-54189 | 2025-08-12 | Substance3D - Painter | Out-of-bounds Read (CWE-125) |
| CVE-2025-54195 | 2025-08-12 | Substance3D - Painter | Out-of-bounds Read (CWE-125) |
| CVE-2025-54191 | 2025-08-12 | Substance3D - Painter | Out-of-bounds Read (CWE-125) |
| CVE-2025-54190 | 2025-08-12 | Substance3D - Painter | Out-of-bounds Read (CWE-125) |
| CVE-2025-54187 | 2025-08-12 | Substance3D - Painter | Out-of-bounds Write (CWE-787) |
| CVE-2025-54194 | 2025-08-12 | Substance3D - Painter | Out-of-bounds Read (CWE-125) |
| CVE-2025-54193 | 2025-08-12 | Substance3D - Painter | Out-of-bounds Read (CWE-125) |
| CVE-2025-54188 | 2025-08-12 | Substance3D - Painter | Out-of-bounds Read (CWE-125) |
| CVE-2025-54205 | 2025-08-12 | Substance3D - Sampler | Out-of-bounds Read (CWE-125) |
| CVE-2025-55165 | 2025-08-12 | Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py` |
| CVE-2025-54206 | 2025-08-12 | InDesign Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2025-54212 | 2025-08-12 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-54226 | 2025-08-12 | InDesign Desktop | Use After Free (CWE-416) |
| CVE-2025-54228 | 2025-08-12 | InDesign Desktop | Out-of-bounds Read (CWE-125) |
| CVE-2025-54227 | 2025-08-12 | InDesign Desktop | Out-of-bounds Read (CWE-125) |
| CVE-2025-54208 | 2025-08-12 | InDesign Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2025-54209 | 2025-08-12 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-54225 | 2025-08-12 | InDesign Desktop | Use After Free (CWE-416) |
| CVE-2025-54210 | 2025-08-12 | InDesign Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2025-54213 | 2025-08-12 | InDesign Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2025-54224 | 2025-08-12 | InDesign Desktop | Use After Free (CWE-416) |
| CVE-2025-54214 | 2025-08-12 | InDesign Desktop | Out-of-bounds Read (CWE-125) |
| CVE-2025-54207 | 2025-08-12 | InDesign Desktop | Access of Uninitialized Pointer (CWE-824) |
| CVE-2025-54211 | 2025-08-12 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-54220 | 2025-08-12 | InCopy | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-54221 | 2025-08-12 | InCopy | Out-of-bounds Write (CWE-787) |
| CVE-2025-54219 | 2025-08-12 | InCopy | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-54223 | 2025-08-12 | InCopy | Use After Free (CWE-416) |
| CVE-2025-54218 | 2025-08-12 | InCopy | Out-of-bounds Write (CWE-787) |
| CVE-2025-54215 | 2025-08-12 | InCopy | Out-of-bounds Write (CWE-787) |
| CVE-2025-54217 | 2025-08-12 | InCopy | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-54216 | 2025-08-12 | InCopy | Out-of-bounds Write (CWE-787) |
| CVE-2025-54222 | 2025-08-12 | Substance3D - Stager | Out-of-bounds Write (CWE-787) |
| CVE-2025-54229 | 2025-08-12 | Adobe Framemaker | Use After Free (CWE-416) |
| CVE-2025-54231 | 2025-08-12 | Adobe Framemaker | Use After Free (CWE-416) |
| CVE-2025-54232 | 2025-08-12 | Adobe Framemaker | Use After Free (CWE-416) |
| CVE-2025-54230 | 2025-08-12 | Adobe Framemaker | Use After Free (CWE-416) |
| CVE-2025-54233 | 2025-08-12 | Adobe Framemaker | Out-of-bounds Read (CWE-125) |
| CVE-2025-54238 | 2025-08-12 | Dimension | Out-of-bounds Read (CWE-125) |
| CVE-2025-49456 | 2025-08-12 | Zoom Clients for Windows- Race Condition |
| CVE-2025-49457 | 2025-08-12 | Zoom Clients for Windows - Untrusted Search Path |
| CVE-2025-43982 | 2025-08-13 | Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI. |
| CVE-2025-43986 | 2025-08-13 | An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication. |
| CVE-2025-43988 | 2025-08-13 | KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials. |
| CVE-2025-43989 | 2025-08-13 | The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the set_timesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie... |
| CVE-2025-45313 | 2025-08-13 | A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected... |
| CVE-2025-45314 | 2025-08-13 | A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected... |
| CVE-2025-45315 | 2025-08-13 | A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected... |
| CVE-2025-45316 | 2025-08-13 | A cross-site scripting (XSS) vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter. |
| CVE-2025-45317 | 2025-08-13 | A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive. |