CVE List - 2025 / August
Showing 2901 - 3000 of 3631 CVEs for August 2025 (Page 30 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-53119 | 2025-08-25 | Securden Unified PAM Unauthenticated Unrestricted File Upload |
| CVE-2025-53120 | 2025-08-25 | Securden Unified PAM Path Traversal In File Upload |
| CVE-2025-6737 | 2025-08-25 | Securden Unified PAM Shared SSH Key and Cloud Infrastructure |
| CVE-2025-57760 | 2025-08-25 | Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation |
| CVE-2025-9410 | 2025-08-25 | lostvip-com ruoyi-go GenTableDao.go SelectListByPage sql injection |
| CVE-2025-57773 | 2025-08-25 | Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability |
| CVE-2025-57772 | 2025-08-25 | Dataease H2 JDBC RCE Bypass |
| CVE-2025-9411 | 2025-08-25 | lostvip-com ruoyi-go LoginInforService.go SelectPageList sql injection |
| CVE-2025-9412 | 2025-08-25 | lostvip-com ruoyi-go DictDataDao.go SelectListByPage sql injection |
| CVE-2025-57802 | 2025-08-25 | Airlink's Daemon Symlink Vulnerability |
| CVE-2025-57811 | 2025-08-25 | Craft Potential Remote Code Execution via Twig SSTI |
| CVE-2025-9413 | 2025-08-25 | lostvip-com ruoyi-go system_router.go SelectListByPage sql injection |
| CVE-2025-9414 | 2025-08-25 | kalcaddle kodbox Download from Link serverDownload server-side request forgery |
| CVE-2025-9415 | 2025-08-25 | GreenCMS index.php unrestricted upload |
| CVE-2025-9416 | 2025-08-25 | oitcode samarium Pages Image webpage cross site scripting |
| CVE-2025-9417 | 2025-08-25 | itsourcecode Apartment Management System addemployee.php sql injection |
| CVE-2025-3456 | 2025-08-25 | On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-c |
| CVE-2025-6188 | 2025-08-25 | On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do n |
| CVE-2025-9418 | 2025-08-25 | itsourcecode Apartment Management System addowner.php sql injection |
| CVE-2025-9419 | 2025-08-25 | itsourcecode Apartment Management System addunit.php sql injection |
| CVE-2025-57804 | 2025-08-25 | h2 allows HTTP Request Smuggling due to illegal characters in headers |
| CVE-2025-57805 | 2025-08-25 | The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation |
| CVE-2025-8627 | 2025-08-25 | Unauthenticated Protocol Commands on TP-Link KP303 |
| CVE-2025-57809 | 2025-08-25 | XGrammar affected by Denial of Service by infinite recursion grammars |
| CVE-2025-9420 | 2025-08-25 | itsourcecode Apartment Management System addfloor.php sql injection |
| CVE-2025-57814 | 2025-08-25 | request-filtering-agent SSRF Bypass via HTTPS Requests |
| CVE-2025-9421 | 2025-08-25 | itsourcecode Apartment Management System addcomplain.php sql injection |
| CVE-2025-9422 | 2025-08-25 | oitcode samarium Team Image team cross site scripting |
| CVE-2025-9423 | 2025-08-25 | Campcodes Online Water Billing System editecex.php sql injection |
| CVE-2025-9424 | 2025-08-25 | Ruijie WS7204-A branch_import.php os command injection |
| CVE-2025-9425 | 2025-08-25 | itsourcecode Online Tour and Travel Management System enquiry.php sql injection |
| CVE-2025-9426 | 2025-08-25 | itsourcecode Online Tour and Travel Management System package.php sql injection |
| CVE-2025-9429 | 2025-08-25 | mtons mblog Post submit cross site scripting |
| CVE-2024-35203 | 2025-08-26 | Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system. |
| CVE-2024-39335 | 2025-08-26 | Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration... |
| CVE-2024-45753 | 2025-08-26 | In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute. |
| CVE-2024-47192 | 2025-08-26 | An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission... |
| CVE-2024-47853 | 2025-08-26 | An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI). |
| CVE-2025-25732 | 2025-08-26 | Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM... |
| CVE-2025-25733 | 2025-08-26 | Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash... |
| CVE-2025-25734 | 2025-08-26 | Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges... |
| CVE-2025-25735 | 2025-08-26 | Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers (PRRs), allowing attackers with software running on the system to... |
| CVE-2025-25736 | 2025-08-26 | Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge (ADB) pre-installed (/mnt/c3platpersistent/opt/platform-tools/adb) and enabled by default, allowing unauthenticated root shell access to the... |
| CVE-2025-25737 | 2025-08-26 | Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User accounts, allowing attackers to bypass... |
| CVE-2025-29992 | 2025-08-26 | Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy. |
| CVE-2025-50753 | 2025-08-26 | Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and... |
| CVE-2025-50971 | 2025-08-26 | Directory traversal vulnerability in AbanteCart version 1.4.2 allows unauthenticated attackers to gain access to sensitive system files via the template parameter to index.php. |
| CVE-2025-50974 | 2025-08-26 | The Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary... |
| CVE-2025-50975 | 2025-08-26 | IPFire 2.29 web-based firewall interface (firewall.cgi) fails to sanitize several rule parameters such as PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, and tgt_addr, allowing an authenticated administrator to inject... |
| CVE-2025-50976 | 2025-08-26 | IPFire 2.29 DNS management interface (dns.cgi) fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLS_HOSTNAME query parameters, resulting in a reflected cross-site scripting (XSS) vulnerability. |
| CVE-2025-52035 | 2025-08-26 | A vulnerability in NotesCMS and specifically in the page /index.php?route=notes. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to... |
| CVE-2025-52036 | 2025-08-26 | A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=categories. The manipulation of the title of the service descriptions leads to... |
| CVE-2025-52037 | 2025-08-26 | A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=sites. The manipulation of the title of the service descriptions leads to... |
| CVE-2025-52184 | 2025-08-26 | Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion. |
| CVE-2025-52217 | 2025-08-26 | SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML. |
| CVE-2025-52218 | 2025-08-26 | SelectZero Data Observability Platform before 2025.5.2 is vulnerable to Content Spoofing / Text Injection. Improper sanitization of unspecified parameters allows attackers to inject arbitrary text or limited HTML into the... |
| CVE-2025-52219 | 2025-08-26 | SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection. |
| CVE-2025-52353 | 2025-08-26 | An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When... |
| CVE-2025-55443 | 2025-08-26 | Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are stored in plaintext within log files on the device's external storage.... |
| CVE-2025-55526 | 2025-08-26 | n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download_workflow function within api_server.py |
| CVE-2025-56432 | 2025-08-26 | A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially... |
| CVE-2025-57425 | 2025-08-26 | A Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint. |
| CVE-2025-9430 | 2025-08-26 | mtons mblog update cross site scripting |
| CVE-2025-9431 | 2025-08-26 | mtons mblog search cross site scripting |
| CVE-2025-9432 | 2025-08-26 | mtons mblog Admin Panel list cross site scripting |
| CVE-2025-9433 | 2025-08-26 | mtons mblog Admin Panel list cross site scripting |
| CVE-2025-9434 | 2025-08-26 | 1000projects Online Project Report Submission and Evaluation System edit_title.php cross site scripting |
| CVE-2025-9438 | 2025-08-26 | 1000projects Online Project Report Submission and Evaluation System add_student.php cross site scripting |
| CVE-2025-8447 | 2025-08-26 | Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only access |
| CVE-2025-9439 | 2025-08-26 | 1000projects Online Project Report Submission and Evaluation System edit_faculty.php cross site scripting |
| CVE-2025-9440 | 2025-08-26 | 1000projects Online Project Report Submission and Evaluation System add_title.php cross site scripting |
| CVE-2025-9443 | 2025-08-26 | Tenda CH22 editUserName formeditUserName buffer overflow |
| CVE-2025-9444 | 2025-08-26 | 1000projects Online Project Report Submission and Evaluation System delete_group_student.php sql injection |
| CVE-2025-9461 | 2025-08-26 | diyhi bbs File Compression FilePackageManageAction.java information disclosure |
| CVE-2025-9172 | 2025-08-26 | Vibes <= 2.2.0 - Unauthenticated SQL Injection via `resource` Parameter |
| CVE-2025-9468 | 2025-08-26 | itsourcecode Apartment Management System add_bill.php sql injection |
| CVE-2025-9469 | 2025-08-26 | itsourcecode Apartment Management System add_fund.php sql injection |
| CVE-2025-9470 | 2025-08-26 | itsourcecode Apartment Management System add_m_committee.php sql injection |
| CVE-2025-9471 | 2025-08-26 | itsourcecode Apartment Management System add_maintenance_cost.php sql injection |
| CVE-2025-9472 | 2025-08-26 | itsourcecode Apartment Management System add_owner_utility.php sql injection |
| CVE-2025-9473 | 2025-08-26 | SourceCodester Online Bank Management System feedback.php sql injection |
| CVE-2025-9474 | 2025-08-26 | Mihomo Party Socket sysproxy.ts enableSysProxy temp file |
| CVE-2025-5931 | 2025-08-26 | Dokan Pro <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation |
| CVE-2025-9475 | 2025-08-26 | SourceCodester Human Resource Information System editemployee_process.php unrestricted upload |
| CVE-2025-9476 | 2025-08-26 | SourceCodester Human Resource Information System editemployee_process.php unrestricted upload |
| CVE-2025-41702 | 2025-08-26 | egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass |
| CVE-2025-57704 | 2025-08-26 | EIP Builder XML External Entity Processing Information Disclosure Vulnerability |
| CVE-2025-53418 | 2025-08-26 | COMMGR Stack-based Buffer Overflow Vulnerability |
| CVE-2025-53419 | 2025-08-26 | COMMGR Code Injection Vulnerability |
| CVE-2024-8860 | 2025-08-26 | Tourfic <= 2.14.5 - Missing Authorization in Multiple Functions |
| CVE-2025-6247 | 2025-08-26 | WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-29901 | 2025-08-26 | File Station 5 |
| CVE-2025-48108 | 2025-08-26 | WordPress School Management Plugin <= 93.2.0 - Broken Access Control Vulnerability |
| CVE-2025-1501 | 2025-08-26 | Incorrect authorization for traces request/download in CMC before 25.1.0 |
| CVE-2025-44002 | 2025-08-26 | Arbitrary File Creation via Symbolic Link leading to Denial-of-Service |
| CVE-2025-53811 | 2025-08-26 | TCC Bypass via misconfigured Node fuses in Mosh-Pro |
| CVE-2025-53813 | 2025-08-26 | TCC Bypass via misconfigured Node fuses in Nozbe |
| CVE-2025-9190 | 2025-08-26 | TCC Bypass via misconfigured Node fuses in Cursor |
| CVE-2025-8597 | 2025-08-26 | Privilege Escalation via get-task-allow entitlement in MacVim.app |
| CVE-2025-8700 | 2025-08-26 | Privilege Escalation via get-task-allow entitlement in Invoice Ninja |