CVE List - 2025 / August
Showing 2001 - 2100 of 3631 CVEs for August 2025 (Page 21 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-7693 | 2025-08-18 | Rockwell Automation Micro800 Vulnerability |
| CVE-2025-43731 | 2025-08-18 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through... |
| CVE-2025-55213 | 2025-08-18 | OpenFGA Authorization Bypass (Check) |
| CVE-2025-4371 | 2025-08-18 | A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the... |
| CVE-2025-8098 | 2025-08-18 | An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. |
| CVE-2025-53192 | 2025-08-18 | Apache Commons OGNL: Expression Injection leading to RCE |
| CVE-2025-9119 | 2025-08-18 | Netis WF2419 Wireless Settings index.htm cross site scripting |
| CVE-2025-53705 | 2025-08-18 | Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share Out-of-bounds Write |
| CVE-2025-41392 | 2025-08-18 | Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share Out-of-bounds Read |
| CVE-2025-52584 | 2025-08-18 | Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share Heap-based Buffer Overflow |
| CVE-2025-46269 | 2025-08-18 | Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share Heap-based Buffer Overflow |
| CVE-2025-53948 | 2025-08-18 | Santesoft Sante PACS Server Double Free |
| CVE-2025-54156 | 2025-08-18 | Santesoft Sante PACS Server Cleartext Transmission of Sensitive Information |
| CVE-2025-54862 | 2025-08-18 | Santesoft Sante PACS Server Cross-site Scripting |
| CVE-2025-54759 | 2025-08-18 | Santesoft Sante PACS Server Cross-site Scripting |
| CVE-2024-44373 | 2025-08-19 | A Path Traversal vulnerability in AllSky v2023.05.01_04 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/save_file.php. |
| CVE-2025-50434 | 2025-08-19 | A security issue has been identified in Appian Enterprise Business Process Management version 25.3. The vulnerability is related to incorrect access control, which under certain conditions could allow unauthorized access... |
| CVE-2025-50461 | 2025-08-19 | A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/model_merger.py script when using the "fsdp" backend. The script calls torch.load() with weights_only=False on user-supplied .pt files, allowing attackers... |
| CVE-2025-50567 | 2025-08-19 | Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to... |
| CVE-2025-50579 | 2025-08-19 | A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers... |
| CVE-2025-50891 | 2025-08-19 | The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does not need to take any... |
| CVE-2025-50897 | 2025-08-19 | A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translations configured with write permissions (PTE_W) in SV39 mode may incorrectly trigger a Store/AMO access fault... |
| CVE-2025-50926 | 2025-08-19 | Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the List All Email Addresses function. |
| CVE-2025-50938 | 2025-08-19 | Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php. |
| CVE-2025-51487 | 2025-08-19 | A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode... |
| CVE-2025-51488 | 2025-08-19 | A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name... |
| CVE-2025-51489 | 2025-08-19 | A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript... |
| CVE-2025-51506 | 2025-08-19 | In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries,... |
| CVE-2025-51510 | 2025-08-19 | MoonShine was discovered to contain a SQL injection vulnerability under the Blog -> Categories page when using the moonshine-tree-resource (version < 2.0.2) component. |
| CVE-2025-51529 | 2025-08-19 | Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service (database server... |
| CVE-2025-51539 | 2025-08-19 | EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can... |
| CVE-2025-51540 | 2025-08-19 | EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5(md5(password)). This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force attacks if password hashes are... |
| CVE-2025-51543 | 2025-08-19 | An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint. |
| CVE-2025-52337 | 2025-08-19 | An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2025-52338 | 2025-08-19 | An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack. |
| CVE-2025-54336 | 2025-08-19 | In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string... |
| CVE-2025-7496 | 2025-08-19 | WPC Smart Compare for WooCommerce <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2025-8357 | 2025-08-19 | Media Library Assistant <= 3.27 - Authenticated (Author+) Limited File Deletion |
| CVE-2025-5417 | 2025-08-19 | Rhdh: red hat developer hub user permissions |
| CVE-2025-38553 | 2025-08-19 | net/sched: Restrict conditions for adding duplicating netems to qdisc tree |
| CVE-2025-8218 | 2025-08-19 | Real Spaces - WordPress Properties Directory Theme <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member' |
| CVE-2025-6758 | 2025-08-19 | Real Spaces - WordPress Properties Directory Theme <= 3.6 - Unauthenticated Privilege Escalation to Administrator via 'imic_agent_register' |
| CVE-2025-8723 | 2025-08-19 | Cloudflare Image Resizing <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch Hook |
| CVE-2025-7670 | 2025-08-19 | JS Archive List <= 6.1.5 - Unauthenticated SQL Injection via build_sql_where Function |
| CVE-2025-7654 | 2025-08-19 | Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library |
| CVE-2025-8622 | 2025-08-19 | Flexible Maps <= 1.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flexible Maps Shortcode |
| CVE-2025-41689 | 2025-08-19 | Wiesemann & Theis: Motherbox 3 allows unauthenticated read-only DB access |
| CVE-2025-41685 | 2025-08-19 | SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user |
| CVE-2025-8567 | 2025-08-19 | Nexter Blocks <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2025-9134 | 2025-08-19 | AfterShip Package Tracker App com.aftership.AfterShip AndroidManifest.xml improper export of android application components |
| CVE-2025-8783 | 2025-08-19 | Contact Manager <= 8.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'title' |
| CVE-2025-9135 | 2025-08-19 | Verkehrsauskunft Österreich SmartRide/cleVVVer/BusBahnBim/Salzburg Verkehr AndroidManifest.xml improper export of android application components |
| CVE-2025-9136 | 2025-08-19 | libretro RetroArch file_stream.c filestream_vscanf out-of-bounds |
| CVE-2025-9137 | 2025-08-19 | Scada-LTS scheduled_events.shtm cross site scripting |
| CVE-2025-9138 | 2025-08-19 | Scada-LTS new cross site scripting |
| CVE-2025-9139 | 2025-08-19 | Scada-LTS WatchListDwr.init.dwr information disclosure |
| CVE-2025-43740 | 2025-08-19 | A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13... |
| CVE-2025-4044 | 2025-08-19 | XML External Entity Injection vulnerability in various Lexmark Universal Drivers |
| CVE-2025-4046 | 2025-08-19 | Missing Authorization in Lexmark Cloud Services badge management |
| CVE-2025-4690 | 2025-08-19 | AngularJS 'linky' filter ReDoS |
| CVE-2025-9140 | 2025-08-19 | Shanghai Lingdang Information Technology Lingdang CRM tabdetail_moduleSave.php sql injection |
| CVE-2024-45062 | 2025-08-19 | A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary... |
| CVE-2025-43739 | 2025-08-19 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allow... |
| CVE-2025-9143 | 2025-08-19 | Scada-LTS mailing_lists.shtm cross site scripting |
| CVE-2025-9144 | 2025-08-19 | Scada-LTS publisher_edit.shtm cross site scripting |
| CVE-2025-9145 | 2025-08-19 | Scada-LTS SVG File view_edit.shtm cross site scripting |
| CVE-2025-43738 | 2025-08-19 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through... |
| CVE-2025-9146 | 2025-08-19 | Linksys E5600 Firmware checkFw.sh verify_gemtek_header risky encryption |
| CVE-2025-9147 | 2025-08-19 | jasonclark getsemantic index.php cross site scripting |
| CVE-2025-52478 | 2025-08-19 | Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source |
| CVE-2025-54411 | 2025-08-19 | Discourse welcome banner user name XSS |
| CVE-2025-54880 | 2025-08-19 | Mermaid does not properly sanitize architecture diagram iconText leading to XSS |
| CVE-2025-9148 | 2025-08-19 | CodePhiliaX Chat2DB JDBC Connection DataSourceController.java sql injection |
| CVE-2025-38554 | 2025-08-19 | mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped |
| CVE-2025-38555 | 2025-08-19 | usb: gadget : fix use-after-free in composite_dev_cleanup() |
| CVE-2025-38556 | 2025-08-19 | HID: core: Harden s32ton() against conversion to 0 bits |
| CVE-2025-38557 | 2025-08-19 | HID: apple: validate feature-report field count to prevent NULL pointer dereference |
| CVE-2025-38558 | 2025-08-19 | usb: gadget: uvc: Initialize frame-based format color matching descriptor |
| CVE-2025-38559 | 2025-08-19 | platform/x86/intel/pmt: fix a crashlog NULL pointer access |
| CVE-2025-38560 | 2025-08-19 | x86/sev: Evict cache lines during SNP memory validation |
| CVE-2025-38561 | 2025-08-19 | ksmbd: fix Preauh_HashValue race condition |
| CVE-2025-38562 | 2025-08-19 | ksmbd: fix null pointer dereference error in generate_encryptionkey |
| CVE-2025-38563 | 2025-08-19 | perf/core: Prevent VMA split of buffer mappings |
| CVE-2025-38564 | 2025-08-19 | perf/core: Handle buffer mapping fail correctly in perf_mmap() |
| CVE-2025-38565 | 2025-08-19 | perf/core: Exit early on perf_mmap() fail |
| CVE-2025-38566 | 2025-08-19 | sunrpc: fix handling of server side tls alerts |
| CVE-2025-38567 | 2025-08-19 | nfsd: avoid ref leak in nfsd_open_local_fh() |
| CVE-2025-38568 | 2025-08-19 | net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing |
| CVE-2025-38569 | 2025-08-19 | benet: fix BUG when creating VFs |
| CVE-2025-38570 | 2025-08-19 | eth: fbnic: unlink NAPIs from queues on error to open |
| CVE-2025-38571 | 2025-08-19 | sunrpc: fix client side handling of tls alerts |
| CVE-2025-38572 | 2025-08-19 | ipv6: reject malicious packets in ipv6_gso_segment() |
| CVE-2025-38573 | 2025-08-19 | spi: cs42l43: Property entry should be a null-terminated array |
| CVE-2025-38574 | 2025-08-19 | pptp: ensure minimal skb length in pptp_xmit() |
| CVE-2025-38576 | 2025-08-19 | powerpc/eeh: Make EEH driver device hotplug safe |
| CVE-2025-38577 | 2025-08-19 | f2fs: fix to avoid panic in f2fs_evict_inode |
| CVE-2025-38578 | 2025-08-19 | f2fs: fix to avoid UAF in f2fs_sync_inode_meta() |
| CVE-2025-38579 | 2025-08-19 | f2fs: fix KMSAN uninit-value in extent_info usage |
| CVE-2025-38580 | 2025-08-19 | ext4: fix inode use after free in ext4_end_io_rsv_work() |
| CVE-2025-38581 | 2025-08-19 | crypto: ccp - Fix crash when rebind ccp device for ccp.ko |