CVE List - 2025 / August
Showing 2701 - 2800 of 3631 CVEs for August 2025 (Page 28 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-38642 | 2025-08-22 | wifi: mac80211: fix WARN_ON for monitor mode on some devices |
| CVE-2025-38643 | 2025-08-22 | wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() |
| CVE-2025-38644 | 2025-08-22 | wifi: mac80211: reject TDLS operations when station is not associated |
| CVE-2025-38645 | 2025-08-22 | net/mlx5: Check device memory pointer before usage |
| CVE-2025-38646 | 2025-08-22 | wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band |
| CVE-2025-38647 | 2025-08-22 | wifi: rtw89: sar: drop lockdep assertion in rtw89_set_sar_from_acpi |
| CVE-2025-38648 | 2025-08-22 | spi: stm32: Check for cfg availability in stm32_spi_probe |
| CVE-2025-38649 | 2025-08-22 | arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight |
| CVE-2025-38650 | 2025-08-22 | hfsplus: remove mutex_lock check in hfsplus_free_extents |
| CVE-2025-38651 | 2025-08-22 | landlock: Fix warning from KUnit tests |
| CVE-2025-38652 | 2025-08-22 | f2fs: fix to avoid out-of-boundary access in devs.path |
| CVE-2025-38653 | 2025-08-22 | proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al |
| CVE-2025-38654 | 2025-08-22 | pinctrl: canaan: k230: Fix order of DT parse and pinctrl register |
| CVE-2025-38655 | 2025-08-22 | pinctrl: canaan: k230: add NULL check in DT parse |
| CVE-2025-38656 | 2025-08-22 | wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() |
| CVE-2025-38657 | 2025-08-22 | wifi: rtw89: mcc: prevent shift wrapping in rtw89_core_mlsr_switch() |
| CVE-2025-38658 | 2025-08-22 | nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails |
| CVE-2025-38659 | 2025-08-22 | gfs2: No more self recovery |
| CVE-2025-38660 | 2025-08-22 | [ceph] parse_longname(): strrchr() expects NUL-terminated string |
| CVE-2025-38661 | 2025-08-22 | platform/x86: alienware-wmi-wmax: Fix `dmi_system_id` array |
| CVE-2025-38662 | 2025-08-22 | ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv |
| CVE-2025-38663 | 2025-08-22 | nilfs2: reject invalid file types when reading inodes |
| CVE-2025-38664 | 2025-08-22 | ice: Fix a null pointer dereference in ice_copy_and_init_pkg() |
| CVE-2025-38665 | 2025-08-22 | can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode |
| CVE-2025-38666 | 2025-08-22 | net: appletalk: Fix use-after-free in AARP proxy probe |
| CVE-2025-38667 | 2025-08-22 | iio: fix potential out-of-bound write |
| CVE-2025-38668 | 2025-08-22 | regulator: core: fix NULL dereference on unbind due to stale coupling data |
| CVE-2025-38669 | 2025-08-22 | Revert "drm/gem-shmem: Use dma_buf from GEM object instance" |
| CVE-2025-38670 | 2025-08-22 | arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() |
| CVE-2025-38671 | 2025-08-22 | i2c: qup: jump out of the loop in case of timeout |
| CVE-2025-38672 | 2025-08-22 | Revert "drm/gem-dma: Use dma_buf from GEM object instance" |
| CVE-2025-38673 | 2025-08-22 | Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance" |
| CVE-2025-38674 | 2025-08-22 | Revert "drm/prime: Use dma_buf from GEM object instance" |
| CVE-2025-38675 | 2025-08-22 | xfrm: state: initialize state_ptrs earlier in xfrm_state_find |
| CVE-2025-55741 | 2025-08-22 | unopim/unopim allows unauthorized product deletion via mass-delete endpoint |
| CVE-2025-55745 | 2025-08-22 | UnoPim Quick Export feature is vulnerable to CSV injection |
| CVE-2025-57771 | 2025-08-22 | Roo-Code potential remote code execution via auto-execute command parsing flaw |
| CVE-2025-57770 | 2025-08-22 | ZITADEL user enumeration vulnerability in login UI |
| CVE-2025-57800 | 2025-08-22 | Audiobookshelf vulnerable to OIDC token exfiltration and account takeover |
| CVE-2025-43760 | 2025-08-22 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.6, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through... |
| CVE-2025-43758 | 2025-08-22 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows... |
| CVE-2024-48988 | 2025-08-22 | Apache StreamPark: SQL injection vulnerability |
| CVE-2025-43762 | 2025-08-22 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow... |
| CVE-2025-54813 | 2025-08-22 | Apache Log4cxx: Improper escaping with JSONLayout |
| CVE-2025-54812 | 2025-08-22 | Apache Log4cxx: Improper HTML escaping in HTMLLayout |
| CVE-2025-4650 | 2025-08-22 | User with high privileges is able to introduce a SQLi using the Meta Service indicator page |
| CVE-2025-6791 | 2025-08-22 | Second order SQL injection available to user with low privilege |
| CVE-2025-43759 | 2025-08-22 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows admin users... |
| CVE-2025-57801 | 2025-08-22 | gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks |
| CVE-2025-26496 | 2025-08-22 | Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau... |
| CVE-2025-26497 | 2025-08-22 | Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12,... |
| CVE-2025-26498 | 2025-08-22 | Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before... |
| CVE-2025-52450 | 2025-08-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (abdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects... |
| CVE-2025-52451 | 2025-08-22 | Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. |
| CVE-2025-43761 | 2025-08-22 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.4, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4... |
| CVE-2025-9355 | 2025-08-22 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 scheduleAdd stack-based overflow |
| CVE-2025-9356 | 2025-08-22 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 inboundFilterAdd stack-based overflow |
| CVE-2025-4609 | 2025-08-22 | Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file.... |
| CVE-2025-43770 | 2025-08-23 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4... |
| CVE-2025-43769 | 2025-08-23 | Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows... |
| CVE-2025-43768 | 2025-08-23 | Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without... |
| CVE-2025-43767 | 2025-08-23 | Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through... |
| CVE-2025-43766 | 2025-08-23 | The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows the upload of unrestricted... |
| CVE-2025-7642 | 2025-08-23 | Simpler Checkout 0.7.0 - 1.1.9 - Authentication Bypass |
| CVE-2025-9131 | 2025-08-23 | Ogulo – 360° Tour <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter |
| CVE-2025-7827 | 2025-08-23 | Ni WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2025-9048 | 2025-08-23 | Wptobe-memberships <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2025-8062 | 2025-08-23 | WS Theme Addons <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ws_weather Shortcode |
| CVE-2025-7842 | 2025-08-23 | Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion |
| CVE-2025-7839 | 2025-08-23 | Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery |
| CVE-2025-7828 | 2025-08-23 | WP Filter & Combine RSS Feeds <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion |
| CVE-2025-7821 | 2025-08-23 | WC Plus <= 1.2.0 - Missing Authorization to Unauthenticated Settings Manipulation |
| CVE-2025-7841 | 2025-08-23 | Sertifier Certificate & Badge Maker for WordPress – Tutor LMS <= 1.19 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-7957 | 2025-08-23 | ShortcodeHub <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via author_link_target Parameter |
| CVE-2025-43765 | 2025-08-23 | A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update... |
| CVE-2025-43764 | 2025-08-23 | Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0... |
| CVE-2025-7813 | 2025-08-23 | Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery |
| CVE-2025-9357 | 2025-08-23 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 langSwitchByBBS stack-based overflow |
| CVE-2025-5821 | 2025-08-23 | Case Theme User <= 1.0.3 - Authentication Bypass via Social Login |
| CVE-2025-5060 | 2025-08-23 | Bravis User <= 1.0.0 - Authentication Bypass to Account Takeover |
| CVE-2025-5352 | 2025-08-23 | Environment Variable XSS in Analytics Component in lunary-ai/lunary |
| CVE-2025-9358 | 2025-08-23 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setSysAdm stack-based overflow |
| CVE-2025-9359 | 2025-08-23 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_checkCredentialsByBBS stack-based overflow |
| CVE-2025-9360 | 2025-08-23 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 accessControlAdd stack-based overflow |
| CVE-2025-9361 | 2025-08-23 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 ipRangeBlockManageRule stack-based overflow |
| CVE-2025-9362 | 2025-08-23 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 urlFilterManageRule stack-based overflow |
| CVE-2025-9363 | 2025-08-23 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 portTriggerManageRule stack-based overflow |
| CVE-2025-36157 | 2025-08-24 | IBM Engineering Lifecycle Management incorrect authorization |
| CVE-2025-36174 | 2025-08-24 | IBM Integrated Analytics System file upload |
| CVE-2025-8208 | 2025-08-24 | Spexo Addons for Elementor <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget |
| CVE-2025-9379 | 2025-08-24 | Belkin AX1800 Firmware Update data authenticity |
| CVE-2025-9380 | 2025-08-24 | FNKvision Y215 CCTV Camera Firmware passwd hard-coded credentials |
| CVE-2025-9381 | 2025-08-24 | FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure |
| CVE-2025-9382 | 2025-08-24 | FNKvision Y215 CCTV Camera Telnet Sevice s1_rf_test_config backdoor |
| CVE-2025-9383 | 2025-08-24 | FNKvision Y215 CCTV Camera passwd crypt weak hash |
| CVE-2025-9384 | 2025-08-24 | appneta tcpreplay parse_args.c tcpedit_post_args null pointer dereference |
| CVE-2025-9385 | 2025-08-24 | appneta tcpreplay tcprewrite edit_packet.c fix_ipv6_checksums use after free |
| CVE-2025-9386 | 2025-08-24 | appneta tcpreplay tcprewrite get.c get_l2len_protocol use after free |
| CVE-2025-9387 | 2025-08-24 | DCN DCME-720 Web Management Backend ip_block.php os command injection |
| CVE-2025-9388 | 2025-08-24 | Scada-LTS watch_list.shtm cross site scripting |