CVE List - 2025 / August
Showing 2101 - 2200 of 3631 CVEs for August 2025 (Page 22 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-38582 | 2025-08-19 | RDMA/hns: Fix double destruction of rsv_qp |
| CVE-2025-38583 | 2025-08-19 | clk: xilinx: vcu: unregister pll_post only if registered correctly |
| CVE-2025-38584 | 2025-08-19 | padata: Fix pd UAF once and for all |
| CVE-2025-38585 | 2025-08-19 | staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() |
| CVE-2025-38586 | 2025-08-19 | bpf, arm64: Fix fp initialization for exception boundary |
| CVE-2025-38587 | 2025-08-19 | ipv6: fix possible infinite loop in fib6_info_uses_dev() |
| CVE-2025-38588 | 2025-08-19 | ipv6: prevent infinite loop in rt6_nlmsg_size() |
| CVE-2025-38589 | 2025-08-19 | neighbour: Fix null-ptr-deref in neigh_flush_dev(). |
| CVE-2025-38590 | 2025-08-19 | net/mlx5e: Remove skb secpath if xfrm state is not found |
| CVE-2025-38591 | 2025-08-19 | bpf: Reject narrower access to pointer ctx fields |
| CVE-2025-38592 | 2025-08-19 | Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv |
| CVE-2025-38593 | 2025-08-19 | Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' |
| CVE-2025-38594 | 2025-08-19 | iommu/vt-d: Fix UAF on sva unbind with pending IOPFs |
| CVE-2025-38595 | 2025-08-19 | xen: fix UAF in dmabuf_exp_from_pages() |
| CVE-2025-38596 | 2025-08-19 | drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code |
| CVE-2025-38597 | 2025-08-19 | drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port |
| CVE-2025-38598 | 2025-08-19 | drm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 |
| CVE-2025-38599 | 2025-08-19 | wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx() |
| CVE-2025-38600 | 2025-08-19 | wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() |
| CVE-2025-38601 | 2025-08-19 | wifi: ath11k: clear initialized flag for deinit-ed srng lists |
| CVE-2025-38602 | 2025-08-19 | iwlwifi: Add missing check for alloc_ordered_workqueue |
| CVE-2025-38604 | 2025-08-19 | wifi: rtl818x: Kill URBs before clearing tx status queue |
| CVE-2025-38605 | 2025-08-19 | wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() |
| CVE-2025-38606 | 2025-08-19 | wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss |
| CVE-2025-38607 | 2025-08-19 | bpf: handle jset (if a & b ...) as a jump in CFG computation |
| CVE-2025-38608 | 2025-08-19 | bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls |
| CVE-2025-38609 | 2025-08-19 | PM / devfreq: Check governor before using governor->name |
| CVE-2025-38610 | 2025-08-19 | powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() |
| CVE-2025-38612 | 2025-08-19 | staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() |
| CVE-2025-38613 | 2025-08-19 | staging: gpib: fix unset padding field copy back to userspace |
| CVE-2025-38614 | 2025-08-19 | eventpoll: Fix semi-unbounded recursion |
| CVE-2025-38615 | 2025-08-19 | fs/ntfs3: cancle set bad inode after removing name fails |
| CVE-2025-54881 | 2025-08-19 | Mermaid improperly sanitizes of sequence diagram labels leading to XSS |
| CVE-2025-9149 | 2025-08-19 | Wavlink WL-NU516U1 wireless.cgi sub_4032E4 command injection |
| CVE-2025-9150 | 2025-08-19 | Surbowl dormitory-management-php violation_add.php sql injection |
| CVE-2025-55294 | 2025-08-19 | Command Injection via `format` option in screenshot-desktop |
| CVE-2025-55295 | 2025-08-19 | qBit Manage Path Traversal Vulnerability |
| CVE-2025-8450 | 2025-08-19 | Unrestricted File Upload in FileCatalyst |
| CVE-2025-9151 | 2025-08-19 | LiuYuYang01 ThriveX-Blog web updateJsonValueByName improper authorization |
| CVE-2025-55303 | 2025-08-19 | Unauthorized third-party images in Astro’s _image endpoint |
| CVE-2025-31988 | 2025-08-19 | HCL Digital Experience is susceptible to cross site scripting (XSS) |
| CVE-2025-43737 | 2025-08-19 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code... |
| CVE-2025-55306 | 2025-08-19 | GenX_FX authentication bypass in JWT validation |
| CVE-2025-55733 | 2025-08-19 | DeepChat One-click Remote Code Execution through Custom URL Handling |
| CVE-2025-9153 | 2025-08-19 | itsourcecode Online Tour and Travel Management System travellers.php unrestricted upload |
| CVE-2025-55734 | 2025-08-19 | flaskBlo Authorization Bypass |
| CVE-2025-43745 | 2025-08-19 | A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19... |
| CVE-2025-55735 | 2025-08-19 | flaskBlog Stored XSS Vulnerability |
| CVE-2025-9154 | 2025-08-19 | itsourcecode Online Tour and Travel Management System page-login.php sql injection |
| CVE-2025-33008 | 2025-08-19 | IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting |
| CVE-2025-55736 | 2025-08-19 | flaskBlog allows arbitrary privilege escalation |
| CVE-2025-55737 | 2025-08-19 | flaskBlog arbitrary comment delete |
| CVE-2025-43743 | 2025-08-19 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows... |
| CVE-2025-2988 | 2025-08-19 | IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure |
| CVE-2025-9155 | 2025-08-19 | itsourcecode Online Tour and Travel Management System forget_password.php sql injection |
| CVE-2025-9156 | 2025-08-19 | itsourcecode Sports Management System sports.php sql injection |
| CVE-2025-43744 | 2025-08-19 | A stored DOM-based Cross-Site Scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through... |
| CVE-2025-55740 | 2025-08-19 | Default Credentials in nginx-defender Configuration Files |
| CVE-2025-9157 | 2025-08-19 | appneta tcpreplay tcprewrite edit_packet.c untrunc_packet use after free |
| CVE-2025-9165 | 2025-08-19 | LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak |
| CVE-2025-9167 | 2025-08-19 | SolidInvoice Recurring Invoice recurring cross site scripting |
| CVE-2025-9179 | 2025-08-19 | Sandbox escape due to invalid pointer in the Audio/Video: GMP component |
| CVE-2025-9180 | 2025-08-19 | Same-origin policy bypass in the Graphics: Canvas2D component |
| CVE-2025-9181 | 2025-08-19 | Uninitialized memory in the JavaScript Engine component |
| CVE-2025-9185 | 2025-08-19 | Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 |
| CVE-2025-9186 | 2025-08-19 | Spoofing issue in the Address Bar component of Firefox Focus for Android |
| CVE-2025-9182 | 2025-08-19 | Denial-of-service due to out-of-memory in the Graphics: WebRender component |
| CVE-2025-9183 | 2025-08-19 | Spoofing issue in the Address Bar component |
| CVE-2025-9187 | 2025-08-19 | Memory safety bugs fixed in Firefox 142 and Thunderbird 142 |
| CVE-2025-9184 | 2025-08-19 | Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 |
| CVE-2025-8041 | 2025-08-19 | In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141. |
| CVE-2025-8042 | 2025-08-19 | Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability affects Firefox < 141. |
| CVE-2025-8364 | 2025-08-19 | A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: This issue only affected Android operating systems.... |
| CVE-2025-54143 | 2025-08-19 | Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS < 141. |
| CVE-2025-54144 | 2025-08-19 | The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into... |
| CVE-2025-54145 | 2025-08-19 | The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability affects Firefox... |
| CVE-2025-55030 | 2025-08-19 | Content-Disposition headers incorrectly ignored for some MIME types |
| CVE-2025-55028 | 2025-08-19 | JavaScript alerts could impede UI interaction or allow denial of service attacks |
| CVE-2025-55031 | 2025-08-19 | Passkey phishing within Bluetooth range |
| CVE-2025-55029 | 2025-08-19 | Malicious scripts could spam popups for denial of service attacks |
| CVE-2025-55032 | 2025-08-19 | Focus incorrectly ignores Content-Disposition headers for some MIME types |
| CVE-2025-55033 | 2025-08-19 | Drag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectly |
| CVE-2025-9168 | 2025-08-19 | SolidInvoice Invoice Creation invoice cross site scripting |
| CVE-2025-9169 | 2025-08-19 | SolidInvoice Quote quotes cross site scripting |
| CVE-2025-9170 | 2025-08-19 | SolidInvoice Tax Rates rates cross site scripting |
| CVE-2025-9171 | 2025-08-19 | SolidInvoice Clients clients cross site scripting |
| CVE-2025-9174 | 2025-08-19 | neurobin shc Filename shc.c make os command injection |
| CVE-2025-9175 | 2025-08-19 | neurobin shc shc.c make stack-based overflow |
| CVE-2025-9176 | 2025-08-19 | neurobin shc Environment Variable shc.c make os command injection |
| CVE-2024-50640 | 2025-08-20 | jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function |
| CVE-2024-53495 | 2025-08-20 | Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication. |
| CVE-2024-57152 | 2025-08-20 | Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sensitive components without authentication via the cn.luischen.interceptor.BaseInterceptor class |
| CVE-2024-57154 | 2025-08-20 | Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers to bypass authentication via sending a crafted payload to /admin/auth/index. |
| CVE-2024-57155 | 2025-08-20 | Incorrect access control in radar v1.0.8 allows attackers to bypass authentication and access sensitive APIs without a token. |
| CVE-2024-57157 | 2025-08-20 | Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token. |
| CVE-2024-57491 | 2025-08-20 | Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle function. |
| CVE-2025-28041 | 2025-08-20 | Incorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authentication. |
| CVE-2025-50503 | 2025-08-20 | A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an attacker to bypass the OTP reset password mechanism. By manipulating the reset process, an... |
| CVE-2025-50864 | 2025-08-20 | An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The library incorrectly validates the supplied origin by checking if it... |
| CVE-2025-50901 | 2025-08-20 | JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading. |