CVE List - 2025 / August
Showing 201 - 300 of 3631 CVEs for August 2025 (Page 3 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-51390 | 2025-08-04 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. |
| CVE-2025-51534 | 2025-08-04 | A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field. |
| CVE-2025-51535 | 2025-08-04 | Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability. |
| CVE-2025-51536 | 2025-08-04 | Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password. |
| CVE-2025-51726 | 2025-08-04 | CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake installer with a... |
| CVE-2025-52239 | 2025-08-04 | An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2025-53394 | 2025-08-04 | Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed executable placed in the same... |
| CVE-2025-53395 | 2025-08-04 | Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll located in the same directory.... |
| CVE-2025-54554 | 2025-08-04 | tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that reveal sensitive information about the underlying SQL queries and database structure. |
| CVE-2025-54962 | 2025-08-04 | /edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static... |
| CVE-2025-55014 | 2025-08-04 | The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP. |
| CVE-2025-20696 | 2025-08-04 | In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access... |
| CVE-2025-20697 | 2025-08-04 | In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has... |
| CVE-2025-20698 | 2025-08-04 | In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has... |
| CVE-2025-48499 | 2025-08-04 | Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an... |
| CVE-2025-20700 | 2025-08-04 | In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote... |
| CVE-2025-20701 | 2025-08-04 | In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional... |
| CVE-2025-20702 | 2025-08-04 | In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. This could lead to remote escalation of privilege with no additional execution privileges needed.... |
| CVE-2025-41658 | 2025-08-04 | CODESYS Toolkit Exposes Sensitive Files via Default Permissions |
| CVE-2025-41659 | 2025-08-04 | CODESYS Control PKI Exposure Enables Remote Certificate Access |
| CVE-2025-41691 | 2025-08-04 | CODESYS Control DoS via Unauthenticated NULL Pointer Dereference |
| CVE-2025-8341 | 2025-08-04 | SSRF in Infinity Datasource Plugin |
| CVE-2025-6204 | 2025-08-04 | Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 |
| CVE-2025-6205 | 2025-08-04 | Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 |
| CVE-2025-0932 | 2025-08-04 | Mali GPU Userspace Driver allows access to already freed memory |
| CVE-2025-8515 | 2025-08-04 | Intelbras InControl JSON Endpoint operador information disclosure |
| CVE-2025-8109 | 2025-08-04 | GPU DDK - GPU shader shared memory corrupted using ptrace to disrupt GPU operation |
| CVE-2025-36604 | 2025-08-04 | Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially... |
| CVE-2025-36605 | 2025-08-04 | Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation... |
| CVE-2025-36606 | 2025-08-04 | Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute... |
| CVE-2025-36607 | 2025-08-04 | Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute... |
| CVE-2025-36594 | 2025-08-04 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through... |
| CVE-2025-30096 | 2025-08-04 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through... |
| CVE-2025-30097 | 2025-08-04 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through... |
| CVE-2025-30098 | 2025-08-04 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through... |
| CVE-2025-30099 | 2025-08-04 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through... |
| CVE-2025-5988 | 2025-08-04 | Aap-gateway: csrf origin checking is disabled |
| CVE-2025-8516 | 2025-08-04 | Kingdee Cloud-Starry-Sky Enterprise Edition IIS-K3CloudMiniApp FileUploadAction.class path traversal |
| CVE-2025-38739 | 2025-08-04 | Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure. |
| CVE-2025-8517 | 2025-08-04 | givanz Vvveb session fixiation |
| CVE-2025-8518 | 2025-08-04 | givanz Vvveb Code Editor code.php save code injection |
| CVE-2025-8519 | 2025-08-04 | givanz Vvveb Drag-and-Drop Editor editor information disclosure |
| CVE-2025-34147 | 2025-08-04 | Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via SSID |
| CVE-2025-8520 | 2025-08-04 | givanz Vvveb Drag-and-Drop Editor editor server-side request forgery |
| CVE-2013-10052 | 2025-08-04 | ZPanel zsudo Local Privilege Escalation |
| CVE-2013-10054 | 2025-08-04 | LibrettoCMS File Manager Arbitrary File Upload |
| CVE-2025-38741 | 2025-08-04 | Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. |
| CVE-2025-8521 | 2025-08-04 | givanz Vvveb Add Type post-types cross site scripting |
| CVE-2025-21120 | 2025-08-04 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged... |
| CVE-2025-26476 | 2025-08-04 | Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to... |
| CVE-2025-8522 | 2025-08-04 | givanz Vvvebjs node.js save.php path traversal |
| CVE-2025-8523 | 2025-08-04 | RiderLike Fruit Crush-Brain App com.fruitcrush.fun AndroidManifest.xml improper export of android application components |
| CVE-2025-8524 | 2025-08-04 | Boquan DotWallet App com.boquanhash.dotwallet AndroidManifest.xml improper export of android application components |
| CVE-2025-8525 | 2025-08-04 | Exrick xboot Spring Boot Admin/Spring Actuator information disclosure |
| CVE-2025-8526 | 2025-08-04 | Exrick xboot UploadController.java upload unrestricted upload |
| CVE-2025-4599 | 2025-08-04 | The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through... |
| CVE-2025-8527 | 2025-08-04 | Exrick xboot Swagger SecurityController.java server-side request forgery |
| CVE-2025-7844 | 2025-08-04 | wolfTPM library wrapper function `wolfTPM2_RsaKey_TpmToWolf` copies external data to a fixed-size stack buffer without length validation potentially causing stack-based buffer overflow |
| CVE-2025-8528 | 2025-08-04 | Exrick xboot getMenuList sensitive information in a cookie |
| CVE-2025-4604 | 2025-08-04 | The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0... |
| CVE-2025-27212 | 2025-08-04 | An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Access Reader... |
| CVE-2025-27211 | 2025-08-04 | An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. |
| CVE-2025-8529 | 2025-08-04 | cloudfavorites favorites-web CollectController.java getCollectLogoUrl server-side request forgery |
| CVE-2025-8530 | 2025-08-04 | elunez eladmin Druid application-prod.yml default credentials |
| CVE-2025-8534 | 2025-08-04 | libtiff tiff2ps tiff2ps.c PS_Lvl2page null pointer dereference |
| CVE-2025-29745 | 2025-08-05 | A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft Custom... |
| CVE-2025-43978 | 2025-08-05 | Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubus/?flag=set_wifi_cfgs. This allows an authenticated attacker to execute arbitrary... |
| CVE-2025-43979 | 2025-08-05 | An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xml_action.cgi?method= endpoint. |
| CVE-2025-43980 | 2025-08-05 | An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable... |
| CVE-2025-44964 | 2025-08-05 | A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information. |
| CVE-2025-45512 | 2025-08-05 | A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution. |
| CVE-2025-46658 | 2025-08-05 | An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages. |
| CVE-2025-50454 | 2025-08-05 | An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials. |
| CVE-2025-50592 | 2025-08-05 | Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player. |
| CVE-2025-50688 | 2025-08-05 | A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. An attacker can exploit this vulnerability by sending a specially crafted... |
| CVE-2025-50706 | 2025-08-05 | An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function |
| CVE-2025-50707 | 2025-08-05 | An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component |
| CVE-2025-51060 | 2025-08-05 | An issue was discovered in CPUID cpuz.sys 1.0.5.4. An attacker can use DeviceIoControl with the unvalidated parameters 0x9C402440 and 0x9C402444 as IoControlCodes to perform RDMSR and WRMSR, respectively. Through this... |
| CVE-2025-51541 | 2025-08-05 | A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The c_database_schema field fails to properly sanitize user-supplied input before rendering it in the browser,... |
| CVE-2025-51627 | 2025-08-05 | Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalate privileges to Administrator. |
| CVE-2025-51628 | 2025-08-05 | Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter. |
| CVE-2025-51857 | 2025-08-05 | The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is vulnerable to XSS attacks. |
| CVE-2025-52078 | 2025-08-05 | File upload vulnerability in Writebot AI Content Generator SaaS React Template thru 4.0.0, allowing remote attackers to gain escalated privileges via a crafted POST request to the /file-upload endpoint. |
| CVE-2025-52237 | 2025-08-05 | An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal. |
| CVE-2025-8535 | 2025-08-05 | cronoh NanoVault xrb URL main.js executeJavaScript cross site scripting |
| CVE-2025-54870 | 2025-08-05 | VTun-ng's failure to initialize encryption modules may cause reversion to plaintext |
| CVE-2025-54871 | 2025-08-05 | Electron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS) |
| CVE-2025-54865 | 2025-08-05 | Tilesheets MediaWiki Extension is Vulnerable to Potential SQL Injection |
| CVE-2025-54804 | 2025-08-05 | Russh is missing an overflow check during channel windows adjust |
| CVE-2025-54803 | 2025-08-05 | js-toml is vulnerable to Prototype Pollution |
| CVE-2025-54802 | 2025-08-05 | pyLoad CNL Blueprint is vulnerable to Path Traversal through `dlc_path` leading to Remote Code Execution (RCE) |
| CVE-2025-54795 | 2025-08-05 | Claude Code echo command allowed bypass of user approval prompt for command execution |
| CVE-2025-54794 | 2025-08-05 | Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access |
| CVE-2025-54780 | 2025-08-05 | glpi-screenshot-plugin exposes local files in /ajax/screenshot.php |
| CVE-2025-54387 | 2025-08-05 | IPX is Vulnerable to Path Traversal via Prefix Matching Bypass |
| CVE-2025-54135 | 2025-08-05 | Cursor Agent is vulnerable to prompt injection via MCP Special Files |
| CVE-2025-54130 | 2025-08-05 | Cursor Agent is vulnerable prompt injection via Editor Special Files |
| CVE-2025-54119 | 2025-08-05 | ADOdb's sqlite3 driver allows SQL injection |
| CVE-2025-53544 | 2025-08-05 | Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval |
| CVE-2025-52892 | 2025-08-05 | EspoCRM is vulnerable to access denial through double slash in URI corrupting router cache |