CVE List - 2025 / August
Showing 2201 - 2300 of 3631 CVEs for August 2025 (Page 23 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-50902 | 2025-08-20 | Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Shop (aka old-peanut/wechat_applet__open_source) thru 1.0.0 allows attackers to gain sensitive information via crafted HTTP Post message. |
| CVE-2025-50904 | 2025-08-20 | There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to access /admin/ API without any token. |
| CVE-2025-51990 | 2025-08-20 | XWiki through version 17.3.0 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities in the Administration interface, specifically under the Presentation section of the Global Preferences panel. An authenticated administrator... |
| CVE-2025-51991 | 2025-08-20 | XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection (SSTI) in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticated... |
| CVE-2025-54363 | 2025-08-20 | Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. extract_full_summary_from_signature employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracking when processing... |
| CVE-2025-54364 | 2025-08-20 | Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. option_descriptions employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracking when processing... |
| CVE-2025-55444 | 2025-08-20 | A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries,... |
| CVE-2025-55482 | 2025-08-20 | Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function. |
| CVE-2025-55483 | 2025-08-20 | Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList. |
| CVE-2025-55498 | 2025-08-20 | Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. |
| CVE-2025-55499 | 2025-08-20 | Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function. |
| CVE-2025-55503 | 2025-08-20 | Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function. |
| CVE-2025-57788 | 2025-08-20 | Unauthorized API Access Risk |
| CVE-2025-9193 | 2025-08-20 | TOTVS Portal Meu RH Password Reset redirect |
| CVE-2025-9132 | 2025-08-20 | Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-12223 | 2025-08-20 | Stored Cross-site Scripting (XSS) in Nutanix Prism Central |
| CVE-2025-8145 | 2025-08-20 | Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection |
| CVE-2025-8289 | 2025-08-20 | Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization |
| CVE-2025-8141 | 2025-08-20 | Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated Arbitrary File Deletion |
| CVE-2025-57789 | 2025-08-20 | Vulnerability in Initial Administrator Login Process |
| CVE-2025-57790 | 2025-08-20 | Path Traversal Vulnerability |
| CVE-2025-57791 | 2025-08-20 | Argument Injection Vulnerability in CommServe |
| CVE-2025-53522 | 2025-08-20 | Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker. |
| CVE-2025-55706 | 2025-08-20 | URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may... |
| CVE-2025-8618 | 2025-08-20 | WPC Smart Quick View for WooCommerce <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via woosq_btn Shortcode |
| CVE-2025-54551 | 2025-08-20 | Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. If exploited, a user of the product may escalate the privilege... |
| CVE-2025-9202 | 2025-08-20 | ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation |
| CVE-2025-9225 | 2025-08-20 | Cross-site scripting (XSS) in MiR robots and MiR fleet |
| CVE-2025-55715 | 2025-08-20 | WordPress Otter - Gutenberg Block Plugin <= 3.1.0 - Sensitive Data Exposure Vulnerability |
| CVE-2025-54750 | 2025-08-20 | WordPress Funnel Builder by FunnelKit Plugin <= 3.11.1 - Local File Inclusion Vulnerability |
| CVE-2025-54735 | 2025-08-20 | WordPress CubeWP Framework Plugin <= 1.1.24 - Privilege Escalation Vulnerability |
| CVE-2025-54726 | 2025-08-20 | WordPress JS Archive List Plugin < 6.1.6 - SQL Injection Vulnerability |
| CVE-2025-54713 | 2025-08-20 | WordPress Taxi Booking Manager for WooCommerce Plugin <= 1.3.0 - Broken Authentication Vulnerability |
| CVE-2025-54677 | 2025-08-20 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.5.3 - Arbitrary File Upload Vulnerability |
| CVE-2025-54670 | 2025-08-20 | WordPress oik Plugin <= 4.15.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-54056 | 2025-08-20 | WordPress Responsive HTML5 Audio Player PRO With Playlist <= 3.5.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-54055 | 2025-08-20 | WordPress Druco <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-54053 | 2025-08-20 | WordPress Groundhogg <= 4.2.2 - PHP Object Injection Vulnerability |
| CVE-2025-54052 | 2025-08-20 | WordPress Realtyna Organic IDX plugin <= 5.0.0 - Local File Inclusion Vulnerability |
| CVE-2025-54049 | 2025-08-20 | WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability |
| CVE-2025-54048 | 2025-08-20 | WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability |
| CVE-2025-54046 | 2025-08-20 | WordPress Cost Calculator Plugin <= 7.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-54044 | 2025-08-20 | WordPress Elite Video Player <= 10.0.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-54040 | 2025-08-20 | WordPress Webba Booking <= 5.1.20 - Broken Access Control Vulnerability |
| CVE-2025-54034 | 2025-08-20 | WordPress Newsletters <= 4.10 - Local File Inclusion Vulnerability |
| CVE-2025-54032 | 2025-08-20 | WordPress Real Estate Manager Pro Plugin <= 12.7.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-54031 | 2025-08-20 | WordPress Support Board <= 3.8.0 - Local File Inclusion Vulnerability |
| CVE-2025-54028 | 2025-08-20 | WordPress CF7 WOW Styler Plugin <= 1.7.2 - Local File Inclusion Vulnerability |
| CVE-2025-54027 | 2025-08-20 | WordPress Support Board <= 3.8.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-54025 | 2025-08-20 | WordPress Coupon Affiliates Plugin <= 6.4.0 - Settings Change Vulnerability |
| CVE-2025-54021 | 2025-08-20 | WordPress Simple File List <= 6.1.14 - Arbitrary File Download Vulnerability |
| CVE-2025-54019 | 2025-08-20 | WordPress Alone < 7.8.5 - Arbitrary Code Execution Vulnerability |
| CVE-2025-54017 | 2025-08-20 | WordPress Paid Member Subscriptions <= 2.15.4 - Local File Inclusion Vulnerability |
| CVE-2025-54014 | 2025-08-20 | WordPress MediCenter - Health Medical Clinic <= 15.1 - PHP Object Injection Vulnerability |
| CVE-2025-54012 | 2025-08-20 | WordPress Welcart e-Commerce Plugin <= 2.11.16 - PHP Object Injection Vulnerability |
| CVE-2025-54008 | 2025-08-20 | WordPress JetSmartFilters <= 3.6.7 - Sensitive Data Exposure Vulnerability |
| CVE-2025-54007 | 2025-08-20 | WordPress Post Grid and Gutenberg Blocks Plugin <= 2.3.11 - PHP Object Injection Vulnerability |
| CVE-2025-53998 | 2025-08-20 | WordPress JetWooBuilder <= 2.1.20 - Sensitive Data Exposure Vulnerability |
| CVE-2025-53993 | 2025-08-20 | WordPress JetPopup <= 2.0.15 - Sensitive Data Exposure Vulnerability |
| CVE-2025-53992 | 2025-08-20 | WordPress JetTricks <= 1.5.4.1 - Sensitive Data Exposure Vulnerability |
| CVE-2025-53988 | 2025-08-20 | WordPress JetBlocks For Elementor <= 1.3.18 - Sensitive Data Exposure Vulnerability |
| CVE-2025-53987 | 2025-08-20 | WordPress JetMenu <= 2.4.11.1 - Sensitive Data Exposure Vulnerability |
| CVE-2025-53985 | 2025-08-20 | WordPress JetTabs <= 2.2.9 - Sensitive Data Exposure Vulnerability |
| CVE-2025-53983 | 2025-08-20 | WordPress JetElements For Elementor <= 2.7.7 - Sensitive Data Exposure Vulnerability |
| CVE-2025-53580 | 2025-08-20 | WordPress Simple Business Directory Pro Plugin < 15.6.9 - Privilege Escalation Vulnerability |
| CVE-2025-53577 | 2025-08-20 | WordPress Global DNS Plugin <= 3.1.0 - Remote Code Execution (RCE) Vulnerability |
| CVE-2025-53567 | 2025-08-20 | WordPress Ghost Kit <= 3.4.1 - Local File Inclusion Vulnerability |
| CVE-2025-53565 | 2025-08-20 | WordPress Widget for Google Reviews <= 1.0.15 - Local File Inclusion Vulnerability |
| CVE-2025-53564 | 2025-08-20 | WordPress HTML5 Radio Player - WPBakery Page Builder Addon <= 2.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53563 | 2025-08-20 | WordPress Youtube Vimeo Video Player and Slider <= 3.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53562 | 2025-08-20 | WordPress Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53561 | 2025-08-20 | WordPress Prevent files / folders access Plugin <= 2.6.0 - Path Traversal Vulnerability |
| CVE-2025-53560 | 2025-08-20 | WordPress Noisa theme <= 2.6.0 - PHP Object Injection Vulnerability |
| CVE-2025-53559 | 2025-08-20 | WordPress Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53319 | 2025-08-20 | WordPress Raptive Ads Plugin <= 3.8.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53299 | 2025-08-20 | WordPress ThemeMakers Visual Content Composer Plugin <= 1.5.8 - PHP Object Injection Vulnerability |
| CVE-2025-53226 | 2025-08-20 | WordPress Comments Capcha Box Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53213 | 2025-08-20 | WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability |
| CVE-2025-53212 | 2025-08-20 | WordPress Revolution Video Player With Bottom Playlist <= 2.9.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53210 | 2025-08-20 | WordPress ZoloBlocks Plugin <= 2.3.2 - Local File Inclusion Vulnerability |
| CVE-2025-53208 | 2025-08-20 | WordPress Maya Business <= 1.2.0 - Insecure Direct Object References (IDOR) Vulnerability |
| CVE-2025-53207 | 2025-08-20 | WordPress WP Travel Gutenberg Blocks plugin <= 3.9.0 - Local File Inclusion Vulnerability |
| CVE-2025-53205 | 2025-08-20 | WordPress Radio Player Shoutcast & Icecast <= 4.4.7 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53204 | 2025-08-20 | WordPress eventlist plugin <= 1.9.2 - Local File Inclusion Vulnerability |
| CVE-2025-53201 | 2025-08-20 | WordPress Jobmonster <= 4.7.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53198 | 2025-08-20 | WordPress Houzez theme <= 4.0.4 - Local File Inclusion Vulnerability |
| CVE-2025-53196 | 2025-08-20 | WordPress JetEngine <= 3.7.0 - Sensitive Data Exposure Vulnerability |
| CVE-2025-53195 | 2025-08-20 | WordPress JetEngine plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53194 | 2025-08-20 | WordPress JetEngine <= 3.7.0 - Remote Code Execution (RCE) Vulnerability |
| CVE-2025-48302 | 2025-08-20 | WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability |
| CVE-2025-48298 | 2025-08-20 | WordPress SEOPress for MainWP <= 1.4 - Local File Inclusion Vulnerability |
| CVE-2025-48297 | 2025-08-20 | WordPress Simple Link Directory < 14.8.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48296 | 2025-08-20 | WordPress UpStore <= 1.7.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48171 | 2025-08-20 | WordPress Cena Store <= 2.11.26 - Local File Inclusion Vulnerability |
| CVE-2025-48170 | 2025-08-20 | WordPress Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48169 | 2025-08-20 | WordPress Code Engine Plugin <= 0.3.3 - Remote Code Execution (RCE) Vulnerability |
| CVE-2025-48168 | 2025-08-20 | WordPress Apollo - Sticky Full Width HTML5 Audio Player <= 3.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48165 | 2025-08-20 | WordPress DELUCKS SEO Plugin <= 2.6.0 - Privilege Escalation Vulnerability |
| CVE-2025-48164 | 2025-08-20 | WordPress SureDash <= 1.0.3 - Privilege Escalation Vulnerability |
| CVE-2025-48163 | 2025-08-20 | WordPress SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support <= 3.5.4 - Cross Site Scripting (XSS) Vulnerability |