CVE List - 2025 / August
Showing 1801 - 1900 of 3631 CVEs for August 2025 (Page 19 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-9050 | 2025-08-15 | projectworlds Travel Management System addcategory.php sql injection |
| CVE-2025-54473 | 2025-08-15 | Extension - phoca.cz - Authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla |
| CVE-2025-54474 | 2025-08-15 | Extension - dj-extensions.com - SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla |
| CVE-2025-54475 | 2025-08-15 | Extension - joomsky.com - SQL injection in JS jobs component version 1.3.2 - 1.4.4 for Joomla |
| CVE-2025-9051 | 2025-08-15 | projectworlds Travel Management System updatecategory.php sql injection |
| CVE-2023-5342 | 2025-08-15 | Shim: expired secure boot certificate |
| CVE-2025-1929 | 2025-08-15 | SQLi in RiskTurk's Treasury Management Software |
| CVE-2025-9052 | 2025-08-15 | projectworlds Travel Management System updatepackage.php sql injection |
| CVE-2025-9053 | 2025-08-15 | projectworlds Travel Management System updatesubcategory.php sql injection |
| CVE-2025-54466 | 2025-08-15 | Apache OFBiz: RCE Vulnerability in scrum plugin |
| CVE-2025-5046 | 2025-08-15 | DGN File Parsing Out-of-Bounds Read Vulnerability |
| CVE-2025-5047 | 2025-08-15 | DGN File Parsing Uninitialized Variable Vulnerability |
| CVE-2025-5048 | 2025-08-15 | DGN File Parsing Memory Corruption Vulnerability |
| CVE-2025-54989 | 2025-08-15 | Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability |
| CVE-2025-55203 | 2025-08-15 | Plane Stored XSS in Add Work Item Functionality |
| CVE-2025-24975 | 2025-08-15 | Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External |
| CVE-2025-55207 | 2025-08-15 | @astrojs/node's trailing slash handling causes open redirect issue |
| CVE-2025-49897 | 2025-08-15 | WordPress Vertical scroll slideshow gallery v2 plugin <= 9.1 - SQL Injection vulnerability |
| CVE-2025-49432 | 2025-08-15 | WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability |
| CVE-2025-49898 | 2025-08-15 | WordPress Dropshix plugin <= 4.0.14 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-8066 | 2025-08-15 | Bunker Web 1.6.2 - Uncontrolled external site redirect |
| CVE-2025-9060 | 2025-08-15 | MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role |
| CVE-2025-8092 | 2025-08-15 | COOKiES Consent Management - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-092 |
| CVE-2025-8361 | 2025-08-15 | Config Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-093 |
| CVE-2025-8362 | 2025-08-15 | GoogleTag Manager - Moderately critical - Cross-site scripting - SA-CONTRIB-2025-094 |
| CVE-2025-8675 | 2025-08-15 | AI SEO Link Advisor - Less critical - Server-side Request Forgery - SA-CONTRIB-2025-095 |
| CVE-2025-8995 | 2025-08-15 | Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096 |
| CVE-2025-8996 | 2025-08-15 | Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097 |
| CVE-2025-7961 | 2025-08-15 | KAP 3.6.0 - TCC Bypass |
| CVE-2025-55285 | 2025-08-15 | @backstage/plugin-scaffolder-backend Template Secret Leakage in Logs in Scaffolder When Using `fetch:template` |
| CVE-2025-43490 | 2025-08-15 | HP Hotkey Support – Escalation of Privilege |
| CVE-2025-36088 | 2025-08-15 | IBM TS4500 cross-site scripting |
| CVE-2025-8959 | 2025-08-15 | HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack |
| CVE-2025-43201 | 2025-08-15 | This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials. |
| CVE-2025-52621 | 2025-08-15 | HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning |
| CVE-2025-52620 | 2025-08-15 | HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability |
| CVE-2025-52619 | 2025-08-15 | HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure |
| CVE-2025-52618 | 2025-08-15 | HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability |
| CVE-2017-20199 | 2025-08-15 | Buttercup buttercup-browser-extension Vault access control |
| CVE-2025-55286 | 2025-08-16 | z2d OOB drawing with new multi-sample anti-aliasing could lead to invalid memory access and corruption |
| CVE-2025-55284 | 2025-08-16 | Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code |
| CVE-2024-12575 | 2025-08-16 | Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.8.9 - Unauthenticated Basic Information Exposure |
| CVE-2025-49895 | 2025-08-16 | WordPress ServerBuddy by PluginBuddy.com plugin <= 1.0.5 - CSRF to PHP Object Injection vulnerability |
| CVE-2024-12612 | 2025-08-16 | School Management System for Wordpress <= 93.2.0 - Unauthenticated SQL Injection |
| CVE-2025-6221 | 2025-08-16 | Embed Bokun <= 0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter |
| CVE-2025-7684 | 2025-08-16 | Last.fm Recent Album Artwork <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7651 | 2025-08-16 | Earnware Connect <= 1.0.73 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-7649 | 2025-08-16 | Surbma | Recent Comments Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-3671 | 2025-08-16 | WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update |
| CVE-2025-7440 | 2025-08-16 | Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Carousel button link |
| CVE-2025-6080 | 2025-08-16 | WPGYM <= 67.7.0 - Missing Authorization to Admin Account Creation |
| CVE-2025-7664 | 2025-08-16 | Al Pack <= 1.0.2 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission Function |
| CVE-2025-7668 | 2025-08-16 | Linux Promotional Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7441 | 2025-08-16 | StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload |
| CVE-2025-7683 | 2025-08-16 | LatestCheckins <= 1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7439 | 2025-08-16 | Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner button link |
| CVE-2024-8393 | 2025-08-16 | Woocommerce Blocks – Woolook <= 1.7.0 - Authenticated (Admin+) Local File Inclusion |
| CVE-2025-6079 | 2025-08-16 | School Management System <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload |
| CVE-2025-8293 | 2025-08-16 | Intl DateTime Calendar <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via date Parameter |
| CVE-2025-7686 | 2025-08-16 | weichuncai(WP伪春菜) <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-38501 | 2025-08-16 | ksmbd: limit repeated connections from clients with the same IP |
| CVE-2025-8113 | 2025-08-16 | Ebook Store < 5.8015 - Reflected XSS via $_SERVER['REQUEST_URI'] |
| CVE-2025-8896 | 2025-08-16 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2025-8089 | 2025-08-16 | Advanced iFrame <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-8898 | 2025-08-16 | Taxi Booking Manager for Woocommerce | E-cab <= 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation via Account Takeover |
| CVE-2025-8464 | 2025-08-16 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie |
| CVE-2025-7499 | 2025-08-16 | BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure |
| CVE-2025-8719 | 2025-08-16 | Translate This - Google Translate Web Element Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via base_lang Parameter |
| CVE-2025-38502 | 2025-08-16 | bpf: Fix oob access in cgroup local storage |
| CVE-2025-9092 | 2025-08-16 | Hybrid Module Deployment in Multi-JVM Environments Leading to Resource Exhaustion |
| CVE-2025-38503 | 2025-08-16 | btrfs: fix assertion when building free space tree |
| CVE-2025-38504 | 2025-08-16 | io_uring/zcrx: fix pp destruction warnings |
| CVE-2025-38505 | 2025-08-16 | wifi: mwifiex: discard erroneous disassoc frames on STA interface |
| CVE-2025-38506 | 2025-08-16 | KVM: Allow CPU to reschedule while setting per-page memory attributes |
| CVE-2025-38507 | 2025-08-16 | HID: nintendo: avoid bluetooth suspend/resume stalls |
| CVE-2025-38508 | 2025-08-16 | x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation |
| CVE-2025-38509 | 2025-08-16 | wifi: mac80211: reject VHT opmode for unsupported channel widths |
| CVE-2025-38510 | 2025-08-16 | kasan: remove kasan_find_vm_area() to prevent possible deadlock |
| CVE-2025-38511 | 2025-08-16 | drm/xe/pf: Clear all LMTT pages on alloc |
| CVE-2025-38512 | 2025-08-16 | wifi: prevent A-MSDU attacks in mesh networks |
| CVE-2025-38513 | 2025-08-16 | wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() |
| CVE-2025-38514 | 2025-08-16 | rxrpc: Fix oops due to non-existence of prealloc backlog struct |
| CVE-2025-38515 | 2025-08-16 | drm/sched: Increment job count before swapping tail spsc queue |
| CVE-2025-38516 | 2025-08-16 | pinctrl: qcom: msm: mark certain pins as invalid for interrupts |
| CVE-2025-38517 | 2025-08-16 | lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() |
| CVE-2025-38518 | 2025-08-16 | x86/CPU/AMD: Disable INVLPGB on Zen2 |
| CVE-2025-38519 | 2025-08-16 | mm/damon: fix divide by zero in damon_get_intervals_score() |
| CVE-2025-38520 | 2025-08-16 | drm/amdkfd: Don't call mmput from MMU notifier callback |
| CVE-2025-38521 | 2025-08-16 | drm/imagination: Fix kernel crash when hard resetting the GPU |
| CVE-2025-8142 | 2025-08-16 | Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout' |
| CVE-2025-8878 | 2025-08-16 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2025-8105 | 2025-08-16 | Soledad <= 8.6.7 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2025-8143 | 2025-08-16 | Soledad <= 8.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'pcsml_smartlists_h' |
| CVE-2025-38522 | 2025-08-16 | sched/ext: Prevent update_locked_rq() calls with NULL rq |
| CVE-2025-38523 | 2025-08-16 | cifs: Fix the smbd_response slab to allow usercopy |
| CVE-2025-38524 | 2025-08-16 | rxrpc: Fix recv-recv race of completed call |
| CVE-2025-38525 | 2025-08-16 | rxrpc: Fix irq-disabled in local_bh_enable() |
| CVE-2025-38526 | 2025-08-16 | ice: add NULL check in eswitch lag check |
| CVE-2025-38527 | 2025-08-16 | smb: client: fix use-after-free in cifs_oplock_break |
| CVE-2025-38528 | 2025-08-16 | bpf: Reject %p% format string in bprintf-like helpers |