CVE List - 2025 / August
Showing 1901 - 2000 of 3631 CVEs for August 2025 (Page 20 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-38529 | 2025-08-16 | comedi: aio_iiro_16: Fix bit shift out of bounds |
| CVE-2025-38530 | 2025-08-16 | comedi: pcl812: Fix bit shift out of bounds |
| CVE-2025-38531 | 2025-08-16 | iio: common: st_sensors: Fix use of uninitialize device structs |
| CVE-2025-38532 | 2025-08-16 | net: libwx: properly reset Rx ring descriptor |
| CVE-2025-38533 | 2025-08-16 | net: libwx: fix the using of Rx buffer DMA |
| CVE-2025-38534 | 2025-08-16 | netfs: Fix copy-to-cache so that it performs collection with ceph+fscache |
| CVE-2025-38535 | 2025-08-16 | phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode |
| CVE-2025-38536 | 2025-08-16 | net: airoha: fix potential use-after-free in airoha_npu_get() |
| CVE-2025-38537 | 2025-08-16 | net: phy: Don't register LEDs for genphy |
| CVE-2025-38538 | 2025-08-16 | dmaengine: nbpfaxi: Fix memory corruption in probe() |
| CVE-2025-38539 | 2025-08-16 | tracing: Add down_write(trace_event_sem) when adding trace event |
| CVE-2025-38540 | 2025-08-16 | HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras |
| CVE-2025-38541 | 2025-08-16 | wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() |
| CVE-2025-38542 | 2025-08-16 | net: appletalk: Fix device refcount leak in atrtr_create() |
| CVE-2025-38543 | 2025-08-16 | drm/tegra: nvdec: Fix dma_alloc_coherent error check |
| CVE-2025-38544 | 2025-08-16 | rxrpc: Fix bug due to prealloc collision |
| CVE-2025-38545 | 2025-08-16 | net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info |
| CVE-2025-38546 | 2025-08-16 | atm: clip: Fix memory leak of struct clip_vcc. |
| CVE-2025-38547 | 2025-08-16 | iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps |
| CVE-2025-38548 | 2025-08-16 | hwmon: (corsair-cpro) Validate the size of the received input buffer |
| CVE-2025-38549 | 2025-08-16 | efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths |
| CVE-2025-38550 | 2025-08-16 | ipv6: mcast: Delay put pmc->idev in mld_del_delrec() |
| CVE-2025-38551 | 2025-08-16 | virtio-net: fix recursived rtnl_lock() during probe() |
| CVE-2025-38552 | 2025-08-16 | mptcp: plug races between subflow fail and subflow creation |
| CVE-2023-32246 | 2025-08-16 | ksmbd: call rcu_barrier() in ksmbd_server_exit() |
| CVE-2023-32249 | 2025-08-16 | ksmbd: not allow guest user on multichannel |
| CVE-2023-4515 | 2025-08-16 | ksmbd: validate command request size |
| CVE-2023-3865 | 2025-08-16 | ksmbd: fix out-of-bound read in smb2_write |
| CVE-2023-3866 | 2025-08-16 | ksmbd: validate session id and tree id in the compound request |
| CVE-2023-4130 | 2025-08-16 | ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() |
| CVE-2023-3867 | 2025-08-16 | ksmbd: fix out of bounds read in smb2_sess_setup |
| CVE-2025-9087 | 2025-08-16 | Tenda AC20 SetNetControlList Endpoint set_qosMib_list stack-based overflow |
| CVE-2025-9088 | 2025-08-16 | Tenda AC20 formSetVirtualSer save_virtualser_data stack-based overflow |
| CVE-2025-9089 | 2025-08-16 | Tenda AC20 SetIpMacBind sub_48E628 stack-based overflow |
| CVE-2025-9090 | 2025-08-17 | Tenda AC20 Telnet Service telnet websFormDefine command injection |
| CVE-2025-9091 | 2025-08-17 | Tenda AC20 shadow hard-coded credentials |
| CVE-2025-9093 | 2025-08-17 | BuzzFeed App com.buzzfeed.android AndroidManifest.xml improper export of android application components |
| CVE-2025-9094 | 2025-08-17 | ThingsBoard Add Gateway special elements used in a template engine |
| CVE-2025-9095 | 2025-08-17 | ExpressGateway express-gateway REST Endpoint users.js cross site scripting |
| CVE-2025-7342 | 2025-08-17 | VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override |
| CVE-2025-9096 | 2025-08-17 | ExpressGateway express-gateway REST Endpoint apps.js cross site scripting |
| CVE-2025-32992 | 2025-08-18 | Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Control. |
| CVE-2025-55584 | 2025-08-18 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. |
| CVE-2025-55585 | 2025-08-18 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function. |
| CVE-2025-55586 | 2025-08-18 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2025-55587 | 2025-08-18 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2025-55588 | 2025-08-18 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2025-55589 | 2025-08-18 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice. |
| CVE-2025-55590 | 2025-08-18 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html. |
| CVE-2025-55591 | 2025-08-18 | TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. |
| CVE-2025-9097 | 2025-08-18 | Euro Information CIC banque et compte en ligne App com.cic_prod.bad AndroidManifest.xml improper export of android application components |
| CVE-2025-9098 | 2025-08-18 | Elseplus File Recovery App AndroidManifest.xml improper export of android application components |
| CVE-2025-31713 | 2025-08-18 | In engineer mode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. |
| CVE-2025-31714 | 2025-08-18 | In Developer Tools, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed. |
| CVE-2025-31715 | 2025-08-18 | In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. |
| CVE-2025-9099 | 2025-08-18 | Acrel Environmental Monitoring Cloud Platform UploadNewsImg unrestricted upload |
| CVE-2025-9100 | 2025-08-18 | zhenfeng13 My-Blog Frontend Blog Article Comment comment authentication replay |
| CVE-2025-9101 | 2025-08-18 | zhenfeng13 My-Blog Tag save cross site scripting |
| CVE-2025-9102 | 2025-08-18 | 1&1 Mail & Media mail.com App com.mail.mobile.android.mail AndroidManifest.xml improper export of android application components |
| CVE-2025-9103 | 2025-08-18 | ZenCart CKEditor cross site scripting |
| CVE-2025-9104 | 2025-08-18 | Portabilis i-Diario Informações Adicionais /planos-de-aulas-por-disciplina cross site scripting |
| CVE-2025-9105 | 2025-08-18 | Portabilis i-Diario Informações Adicionais /planos-de-ensino-por-areas-de-conhecimento cross site scripting |
| CVE-2025-9106 | 2025-08-18 | Portabilis i-Diario Informações Adicionais /planos-de-ensino-por-disciplina cross site scripting |
| CVE-2025-9107 | 2025-08-18 | Portabilis i-Diario search_autocomplete cross site scripting |
| CVE-2025-9108 | 2025-08-18 | Portabilis i-Diario Login Page ui layer |
| CVE-2025-9109 | 2025-08-18 | Portabilis i-Diario Password Recovery Endpoint email observable response discrepancy |
| CVE-2025-57700 | 2025-08-18 | Stored Cross-site Scripting in DIAEnergie |
| CVE-2025-57701 | 2025-08-18 | Reflected Cross-site Scripting in DIAEnergie |
| CVE-2025-57702 | 2025-08-18 | Reflected Cross-site Scripting in DIAEnergie |
| CVE-2025-57703 | 2025-08-18 | Reflected Cross-site Scripting in DIAEnergie |
| CVE-2025-6625 | 2025-08-18 | CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device. |
| CVE-2025-5296 | 2025-08-18 | CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file... |
| CVE-2025-47206 | 2025-08-18 | File Station 5 |
| CVE-2025-41242 | 2025-08-18 | CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers |
| CVE-2025-43733 | 2025-08-18 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's... |
| CVE-2025-43732 | 2025-08-18 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is... |
| CVE-2025-4962 | 2025-08-18 | IDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunary |
| CVE-2025-36120 | 2025-08-18 | IBM Storage Virtualize privilege escalation |
| CVE-2024-49827 | 2025-08-18 | IBM Concert Software information disclosure |
| CVE-2025-1759 | 2025-08-18 | IBM Concert Software information disclosure |
| CVE-2025-27909 | 2025-08-18 | IBM Concert Software cross-origin resource sharing |
| CVE-2025-33090 | 2025-08-18 | IBM Concert Software denial of service |
| CVE-2025-33100 | 2025-08-18 | IBM Concert Software information disclosure |
| CVE-2025-54118 | 2025-08-18 | NamelessMC allows sensitive information disclosure in member list component |
| CVE-2025-54421 | 2025-08-18 | NamelessMC allows Stored Cross Site Scripting (XSS) in SEO component |
| CVE-2025-54117 | 2025-08-18 | NamelessMC allows Stored Cross-Site Scripting (XSS) in dashboard text editor |
| CVE-2025-55201 | 2025-08-18 | Copier safe template has arbitrary filesystem read/write access |
| CVE-2025-55205 | 2025-08-18 | Capsule tenant owners with "patch namespace" permission can hijack system namespaces label |
| CVE-2025-55214 | 2025-08-18 | Copier safe template has filesystem write access outside destination path |
| CVE-2025-54234 | 2025-08-18 | ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918) |
| CVE-2025-55282 | 2025-08-18 | aiven-db-migrate allows Privilege Escalation via unrestricted search_path during migration |
| CVE-2025-55283 | 2025-08-18 | aiven-db-migrate allows Privilege Escalation through use of psql during migration |
| CVE-2025-3639 | 2025-08-18 | Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3... |
| CVE-2025-55287 | 2025-08-18 | Genealogy has a stored XSS vulnerability |
| CVE-2025-55288 | 2025-08-18 | Genealogy has a Reflected XSS Vulnerability |
| CVE-2025-55291 | 2025-08-18 | Shaarli allows reflected XSS via searchtags parameter |
| CVE-2025-55293 | 2025-08-18 | Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB |
| CVE-2025-55296 | 2025-08-18 | LibreNMS allows stored XSS in Alert Template name field |
| CVE-2025-55299 | 2025-08-18 | VaulTLS has a password-based login exploit in additional user accounts |
| CVE-2025-55300 | 2025-08-18 | Komari Allows Cross-site WebSocket Hijacking |