CVE List - 2025 / August
Showing 2801 - 2900 of 3631 CVEs for August 2025 (Page 29 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-9389 | 2025-08-24 | vim memmove-vec-unaligned-erms.S __memmove_avx_unaligned_erms memory corruption |
| CVE-2025-9390 | 2025-08-24 | vim xxd xxd.c main buffer overflow |
| CVE-2025-9391 | 2025-08-24 | Bjskzy Zhiyou ERP com.artery.workflow.ServiceImpl getFieldValue sql injection |
| CVE-2025-9392 | 2025-08-24 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 qosClassifier stack-based overflow |
| CVE-2025-9393 | 2025-08-24 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 addStaProfile stack-based overflow |
| CVE-2025-9394 | 2025-08-24 | PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free |
| CVE-2025-9395 | 2025-08-24 | wangsongyan wblog backup.go RestorePost server-side request forgery |
| CVE-2025-9396 | 2025-08-24 | ckolivas lrzip strtol_l.c __GI_____strtol_l_internal null pointer dereference |
| CVE-2025-9397 | 2025-08-24 | givanz Vvveb media.php unrestricted upload |
| CVE-2025-9398 | 2025-08-24 | YiFang CMS Migrate.php exportInstallTable information disclosure |
| CVE-2023-47799 | 2025-08-25 | Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export... |
| CVE-2024-39923 | 2025-08-25 | An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site... |
| CVE-2024-46412 | 2025-08-25 | Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location. |
| CVE-2024-46413 | 2025-08-25 | Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex method. |
| CVE-2025-29420 | 2025-08-25 | PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function. |
| CVE-2025-29421 | 2025-08-25 | PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function. |
| CVE-2025-29514 | 2025-08-25 | Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request. |
| CVE-2025-29515 | 2025-08-25 | Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password. |
| CVE-2025-29516 | 2025-08-25 | D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function. |
| CVE-2025-29517 | 2025-08-25 | D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function. |
| CVE-2025-29519 | 2025-08-25 | A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request. |
| CVE-2025-29520 | 2025-08-25 | Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges. |
| CVE-2025-29521 | 2025-08-25 | Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack. |
| CVE-2025-29522 | 2025-08-25 | D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function. |
| CVE-2025-29523 | 2025-08-25 | D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function. |
| CVE-2025-29524 | 2025-08-25 | Incorrect access control in the component /cgi-bin/system_diagnostic_main.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information. |
| CVE-2025-29525 | 2025-08-25 | DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem's control panel. |
| CVE-2025-43960 | 2025-08-25 | Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote,... |
| CVE-2025-44178 | 2025-08-25 | DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information and modify its... |
| CVE-2025-44179 | 2025-08-25 | Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. The issue arises due to improper input validation within the telnet command handling mechanism. An attacker can exploit... |
| CVE-2025-45968 | 2025-08-25 | An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference (IDOR)... |
| CVE-2025-50383 | 2025-08-25 | alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter. |
| CVE-2025-50722 | 2025-08-25 | Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component |
| CVE-2025-50900 | 2025-08-25 | An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecode(request.getRequestURI()) to obtain the URL-decoded... |
| CVE-2025-51281 | 2025-08-25 | D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in the qj_asp function. This vulnerability allows authenticated attackers to cause a Denial of Service... |
| CVE-2025-52130 | 2025-08-25 | File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET... |
| CVE-2025-55409 | 2025-08-25 | FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code. |
| CVE-2025-55574 | 2025-08-25 | Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code |
| CVE-2025-55575 | 2025-08-25 | SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive information via a crafted HTTP request with action=service_detail. |
| CVE-2025-56212 | 2025-08-25 | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter. |
| CVE-2025-56214 | 2025-08-25 | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter. |
| CVE-2025-56215 | 2025-08-25 | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter. |
| CVE-2025-56216 | 2025-08-25 | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. |
| CVE-2025-9399 | 2025-08-25 | YiFang CMS L_tool.php sql injection |
| CVE-2025-9400 | 2025-08-25 | YiFang CMS P_file.php mergeMultipartUpload unrestricted upload |
| CVE-2025-9401 | 2025-08-25 | HuangDou UTCMS Login login.php comparison |
| CVE-2025-9402 | 2025-08-25 | HuangDou UTCMS Config update.php server-side request forgery |
| CVE-2025-9403 | 2025-08-25 | jqlang jq JSON jq_test.c run_jq_tests assertion |
| CVE-2025-9404 | 2025-08-25 | Scada-LTS Folder pointHierarchySLTS cross site scripting |
| CVE-2025-9405 | 2025-08-25 | Open5GS gmm-sm.c gmm_state_exception assertion |
| CVE-2025-9406 | 2025-08-25 | xuhuisheng lemon CmsArticleController.java uploadImage unrestricted upload |
| CVE-2025-5514 | 2025-08-25 | Denial-of-Service(DoS) Vulnerability in Web server function on MELSEC iQ-F Series CPU module |
| CVE-2025-8997 | 2025-08-25 | OpenText Enterprise Security Manager Information Exposure |
| CVE-2025-54301 | 2025-08-25 | Extension - norrnext.com - Stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla |
| CVE-2025-54300 | 2025-08-25 | Extension - norrnext.com - Stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla |
| CVE-2025-9118 | 2025-08-25 | Dataform Path Traversal |
| CVE-2025-5191 | 2025-08-25 | Unquoted Search Path Vulnerability in the Utility for Industrial Computers (Windows) |
| CVE-2025-7426 | 2025-08-25 | MINOVA TTA Information Disclosure and Credential Exposure |
| CVE-2025-8562 | 2025-08-25 | Custom Query Shortcode <= 0.4.0 - Authenticated (Contributor+) Path Traversal via lens Parameter |
| CVE-2025-48303 | 2025-08-25 | WordPress Post Type Converter plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-9407 | 2025-08-25 | mtons mblog profile cross site scripting |
| CVE-2025-48005 | 2025-08-25 | A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to arbitrary... |
| CVE-2025-54462 | 2025-08-25 | A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to arbitrary... |
| CVE-2025-52461 | 2025-08-25 | An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to an information... |
| CVE-2025-53511 | 2025-08-25 | A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-46411 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-53557 | 2025-08-25 | A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54480 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54481 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54482 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54483 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54484 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54485 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54486 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54487 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54488 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54489 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54490 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54491 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54492 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54493 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-54494 | 2025-08-25 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary... |
| CVE-2025-52581 | 2025-08-25 | An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted GDF file can lead to arbitrary code... |
| CVE-2025-53853 | 2025-08-25 | A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ISHNE ECG annotations file can lead... |
| CVE-2025-53518 | 2025-08-25 | An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ABF file can lead to arbitrary code... |
| CVE-2025-26467 | 2025-08-25 | Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) |
| CVE-2025-54370 | 2025-08-25 | PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser |
| CVE-2025-52456 | 2025-08-25 | A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be... |
| CVE-2025-52930 | 2025-08-25 | A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a... |
| CVE-2025-50129 | 2025-08-25 | A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .tga file, a... |
| CVE-2025-53085 | 2025-08-25 | A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a... |
| CVE-2025-53510 | 2025-08-25 | A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be... |
| CVE-2025-35984 | 2025-08-25 | A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .pcx file, a... |
| CVE-2025-32468 | 2025-08-25 | A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be... |
| CVE-2025-46407 | 2025-08-25 | A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be... |
| CVE-2025-5302 | 2025-08-25 | Denial of Service (DOS) in JSONReader in run-llama/llama_index |
| CVE-2025-55301 | 2025-08-25 | The Scratch Channel Allows Username Modification |
| CVE-2025-3478 | 2025-08-25 | OpenText Enterprise Security Manager Stored XSS |
| CVE-2025-9409 | 2025-08-25 | lostvip-com ruoyi-go CommonController.go DownloadUpload path traversal |
| CVE-2025-53118 | 2025-08-25 | Securden Unified PAM Authentication Bypass |