CVE List - 2025 / August
Showing 2401 - 2500 of 3631 CVEs for August 2025 (Page 25 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2010-20049 | 2025-08-20 | LeapFTP < 3.1.x Stack Buffer Overflow |
| CVE-2011-10021 | 2025-08-20 | Magix Musik Maker <= v16 .mmm Stack-Based Buffer Overflow |
| CVE-2011-10024 | 2025-08-20 | MJM Core Player 2011 .s3m File Stack-Based Buffer Overflow |
| CVE-2011-10023 | 2025-08-20 | MJM QuickPlayer <= 2010 .s3m Stack-Based Buffer Overflow |
| CVE-2010-10014 | 2025-08-20 | Odin Secure FTP <= 4.1 Stack Buffer Overflow via LIST Response |
| CVE-2010-20103 | 2025-08-20 | ProFTPD 1.3.3c Backdoor Command Execution |
| CVE-2011-10028 | 2025-08-20 | RealNetworks Arcade Games StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution |
| CVE-2012-10061 | 2025-08-20 | Sockso Music Host Server <= 1.5 Path Traversal |
| CVE-2011-10029 | 2025-08-20 | Solar FTP Server <= 2.1.1 Malformed USER Denial of Service |
| CVE-2011-10022 | 2025-08-20 | SPlayer 3.7 Content-Type Header Buffer Overflow |
| CVE-2011-10026 | 2025-08-20 | Spreecommerce < 0.50.x API RCE |
| CVE-2011-10025 | 2025-08-20 | Subtitle Processor 7.7.1 .m3u SEH Unicode Buffer Overflow |
| CVE-2010-20042 | 2025-08-20 | Xion Audio Player ≤ 1.0.126 Unicode Stack Buffer Overflow |
| CVE-2025-8415 | 2025-08-20 | Cryostat: authentication bypass if network policies are disabled |
| CVE-2025-8610 | 2025-08-20 | AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability |
| CVE-2025-8611 | 2025-08-20 | AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability |
| CVE-2025-20131 | 2025-08-20 | Cisco Identity Services Engine Arbitrary File Upload Vulnerability |
| CVE-2025-20269 | 2025-08-20 | Cisco Evolved Programmable Network Manager and Prime Infrastructure Arbitrary File Download Vulnerability |
| CVE-2025-20345 | 2025-08-20 | Cisco Duo Authentication Proxy Information Disclosure Vulnerability |
| CVE-2025-8612 | 2025-08-20 | AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability |
| CVE-2010-20010 | 2025-08-20 | Foxit PDF Reader < 4.2.0.0928 Title Stack Buffer Overflow |
| CVE-2025-6180 | 2025-08-20 | Authentication Hijack |
| CVE-2025-6181 | 2025-08-20 | The StrongDM Windows service incorrectly handled input validation. Authenticated attackers could potentially exploit this leading to privilege escalation. |
| CVE-2025-46998 | 2025-08-20 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-6182 | 2025-08-20 | Root Certificate Injection |
| CVE-2025-6183 | 2025-08-20 | Configd Injection |
| CVE-2025-46962 | 2025-08-20 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-8309 | 2025-08-20 | User privilege escalation vulnerability |
| CVE-2025-46936 | 2025-08-20 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46932 | 2025-08-20 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46856 | 2025-08-20 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-9234 | 2025-08-20 | Scada-LTS maintenance_events.shtm cross site scripting |
| CVE-2025-9235 | 2025-08-20 | Scada-LTS compound_events.shtm cross site scripting |
| CVE-2025-46852 | 2025-08-20 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46849 | 2025-08-20 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-47054 | 2025-08-20 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-9236 | 2025-08-20 | Portabilis i-Educar Tipos de usuàrio educar_tipo_usuario_lst.php sql injection |
| CVE-2025-9237 | 2025-08-20 | CodeAstro Ecommerce Website Edit Your Account my_account.php cross site scripting |
| CVE-2025-55746 | 2025-08-20 | Directus allows unauthenticated file upload and file modification due to lacking input sanitization |
| CVE-2025-9238 | 2025-08-20 | Swatadru Exam-Seating-Arrangement Student Login student.php sql injection |
| CVE-2025-9239 | 2025-08-20 | elunez eladmin DES Key EncryptUtils.java EncryptUtils inadequate encryption |
| CVE-2025-9240 | 2025-08-20 | elunez eladmin info information disclosure |
| CVE-2025-43746 | 2025-08-20 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through... |
| CVE-2025-5115 | 2025-08-20 | MadeYouReset HTTP/2 vulnerability |
| CVE-2025-43757 | 2025-08-20 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through... |
| CVE-2025-9241 | 2025-08-20 | elunez eladmin exportUser csv injection |
| CVE-2025-9244 | 2025-08-20 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 addStaticRoute os command injection |
| CVE-2025-9245 | 2025-08-20 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 WPSSTAPINEnr stack-based overflow |
| CVE-2025-9246 | 2025-08-20 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 check_port_conflict stack-based overflow |
| CVE-2025-54988 | 2025-08-20 | Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA |
| CVE-2025-9247 | 2025-08-20 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setVlan stack-based overflow |
| CVE-2025-9248 | 2025-08-20 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_pingGatewayByBBS stack-based overflow |
| CVE-2025-9249 | 2025-08-20 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 DHCPReserveAddGroup stack-based overflow |
| CVE-2025-9250 | 2025-08-20 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setPWDbyBBS stack-based overflow |
| CVE-2025-9287 | 2025-08-20 | Missing type checks leading to hash rewind and passing on crafted data |
| CVE-2025-57749 | 2025-08-20 | n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files |
| CVE-2025-9288 | 2025-08-20 | Missing type checks leading to hash rewind and passing on crafted data |
| CVE-2025-9251 | 2025-08-20 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 sta_wps_pin stack-based overflow |
| CVE-2025-9252 | 2025-08-20 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 DisablePasswordAlertRedirect stack-based overflow |
| CVE-2025-9253 | 2025-08-20 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_doSpecifySiteSurvey stack-based overflow |
| CVE-2025-9262 | 2025-08-20 | wong2 mcp-cli oAuth provider.js redirectToAuthorization os command injection |
| CVE-2025-9263 | 2025-08-20 | Xuxueli xxl-job JobLogController.java getJobsByGroup resource injection |
| CVE-2025-9264 | 2025-08-20 | Xuxueli xxl-job Jobs JobInfoController.java remove resource injection |
| CVE-2024-45438 | 2025-08-21 | An issue was discovered in TitanHQ SpamTitan Email Security Gateway 8.00.x before 8.00.101 and 8.01.x before 8.01.14. The file quarantine.php within the SpamTitan interface allows unauthenticated users to trigger account-level... |
| CVE-2024-50641 | 2025-08-21 | An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token. |
| CVE-2025-47184 | 2025-08-21 | An XML external entities (XXE) injection vulnerability in the /init API endpoint in Exagid EX10 before 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08 allows an authenticated, unprivileged attacker to achieve... |
| CVE-2025-50860 | 2025-08-21 | SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter. |
| CVE-2025-51606 | 2025-08-21 | hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code or compiled binary to forge... |
| CVE-2025-51818 | 2025-08-21 | MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands |
| CVE-2025-51989 | 2025-08-21 | HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster module v235 allows an attacker to inject HTML tags into the "keresztnév" (firstname) field, which will be sent... |
| CVE-2025-52194 | 2025-08-21 | A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample... |
| CVE-2025-52351 | 2025-08-21 | Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation... |
| CVE-2025-52352 | 2025-08-21 | Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint... |
| CVE-2025-52395 | 2025-08-21 | An issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the application exposing a password reset API endpoint that fails to validate the identity of... |
| CVE-2025-55366 | 2025-08-21 | Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack. |
| CVE-2025-55367 | 2025-08-21 | Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account. |
| CVE-2025-55368 | 2025-08-21 | Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account. |
| CVE-2025-55370 | 2025-08-21 | Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value. |
| CVE-2025-55371 | 2025-08-21 | Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method. |
| CVE-2025-55383 | 2025-08-21 | Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the target server. |
| CVE-2025-55420 | 2025-08-21 | A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the... |
| CVE-2025-55521 | 2025-08-21 | An issue in the component /settings/localisation of Akaunting v3.1.18 allows authenticated attackers to cause a Denial of Service (DoS) via a crafted POST request. |
| CVE-2025-55522 | 2025-08-21 | Cross-site scripting (XSS) vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter. |
| CVE-2025-55523 | 2025-08-21 | An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal. |
| CVE-2025-55524 | 2025-08-21 | Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors. |
| CVE-2025-55564 | 2025-08-21 | Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function. |
| CVE-2025-27217 | 2025-08-21 | A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope. |
| CVE-2025-27216 | 2025-08-21 | Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges. |
| CVE-2025-27214 | 2025-08-21 | A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset.... |
| CVE-2025-27215 | 2025-08-21 | An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Affected Products: UniFi... |
| CVE-2025-48978 | 2025-08-21 | An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Affected Products: EdgeMAX EdgeSwitch... |
| CVE-2025-27213 | 2025-08-21 | An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the... |
| CVE-2025-24285 | 2025-08-21 | Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite.... |
| CVE-2025-43300 | 2025-08-21 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file... |
| CVE-2025-48355 | 2025-08-21 | WordPress ProveSource Social Proof plugin <= 3.0.5 - Sensitive Data Exposure vulnerability |
| CVE-2025-53504 | 2025-08-21 | Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in... |
| CVE-2025-53505 | 2025-08-21 | Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited, information on the server hosting the product... |
| CVE-2025-8592 | 2025-08-21 | Inspiro <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation |
| CVE-2025-7221 | 2025-08-21 | GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update |
| CVE-2025-8607 | 2025-08-21 | SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |