CVE List - 2025 / August
Showing 3201 - 3300 of 3631 CVEs for August 2025 (Page 33 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-57217 | 2025-08-28 | Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. |
| CVE-2025-57218 | 2025-08-28 | Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. |
| CVE-2025-57219 | 2025-08-28 | Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. |
| CVE-2025-57220 | 2025-08-28 | An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet. |
| CVE-2025-9352 | 2025-08-28 | Pronamic Google Maps <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-9344 | 2025-08-28 | UsersWP <= 1.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-8897 | 2025-08-28 | Beaver Builder Plugin (Lite Version) <= 2.9.2.1 - Reflected Cross-Site Scripting |
| CVE-2025-7812 | 2025-08-28 | Video Share VOD – Turnkey Video Site Builder Script <= 2.7.6 - Cross-Site Request Forgery to Command Injection |
| CVE-2025-36003 | 2025-08-28 | IBM Security Verify Governance Identity Manager information disclosure |
| CVE-2025-0951 | 2025-08-28 | LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated |
| CVE-2025-8603 | 2025-08-28 | Unlimited Elements For Elementor <= 1.5.148 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9648 | 2025-08-28 | WP ULike Pro <= 1.9.3 - Unauthenticated Limited Arbitrary File Upload |
| CVE-2025-9346 | 2025-08-28 | Booking Calendar <= 10.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-9345 | 2025-08-28 | File Manager, Code Editor, and Backup by Managefy <= 1.4.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Download |
| CVE-2025-8977 | 2025-08-28 | Simple Download Monitor <= 3.9.33 - Simple Download Monitor <= 3.9.33 – Authenticated (Contributor+) SQL Injection via order parameter in Log Export functionality |
| CVE-2025-7955 | 2025-08-28 | RingCentral Communications 1.5 - 1.6.8 - Missing Server‑Side Verification to Authentication Bypass via ringcentral_admin_login_2fa_verify Function |
| CVE-2024-13807 | 2025-08-28 | Xagio SEO <= 7.1.0.5 - Unauthenticated Sensitive Information Exposure via Unprotected Back-Up Files |
| CVE-2025-7956 | 2025-08-28 | Ajax Search Lite <= 4.13.1 - Missing Authorization to Unauthenticated Basic Information Exposure via ASL_Query in AJAX Search Handler |
| CVE-2025-8073 | 2025-08-28 | Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Parameter |
| CVE-2025-6255 | 2025-08-28 | Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter |
| CVE-2025-58322 | 2025-08-28 | NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks. |
| CVE-2025-46409 | 2025-08-28 | Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, a function that requires authentication may be accessed by a remote... |
| CVE-2025-52460 | 2025-08-28 | Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If exploited, uploaded files and SS1 configuration files may be accessed by... |
| CVE-2025-53396 | 2025-08-28 | Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may allow users who can log in to a client terminal to... |
| CVE-2025-53970 | 2025-08-28 | SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges. |
| CVE-2025-54762 | 2025-08-28 | SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges. |
| CVE-2025-54819 | 2025-08-28 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, legitimate files may... |
| CVE-2025-58072 | 2025-08-28 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, arbitrary files may... |
| CVE-2025-58081 | 2025-08-28 | Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to view arbitrary files with root privileges. |
| CVE-2024-58240 | 2025-08-28 | tls: separate no-async decryption request handling from async |
| CVE-2025-48963 | 2025-08-28 | Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40296. |
| CVE-2025-54540 | 2025-08-28 | Reflected XSS in QuickCMS |
| CVE-2025-54541 | 2025-08-28 | Cross-Site Request Forgery in QuickCMS |
| CVE-2025-54542 | 2025-08-28 | Sending Password in GET Request |
| CVE-2025-54543 | 2025-08-28 | Stored XSS in QuickCMS |
| CVE-2025-54544 | 2025-08-28 | Stored XSS in QuickCMS |
| CVE-2025-55175 | 2025-08-28 | Reflected XSS in QuickCMS |
| CVE-2025-9376 | 2025-08-28 | Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 11.58 - Insufficient Authorization to Unauthenticated Blocklist Bypass |
| CVE-2025-39496 | 2025-08-28 | WordPress WooBeWoo Product Filter Pro plugin < 2.9.6 - SQL Injection vulnerability |
| CVE-2025-48100 | 2025-08-28 | WordPress bidorbuy Store Integrator plugin <= 2.12.0 - Remote Code Execution (RCE) vulnerability |
| CVE-2025-48109 | 2025-08-28 | WordPress XM-Backup plugin <= 0.9.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-48110 | 2025-08-28 | WordPress Link View plugin <= 0.8.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48304 | 2025-08-28 | WordPress Google XML News Sitemap plugin plugin <= 0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48305 | 2025-08-28 | WordPress Goal Tracker for Patreon plugin <= 0.4.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48306 | 2025-08-28 | WordPress Savyour Affiliate Partner plugin <= 2.1.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-48307 | 2025-08-28 | WordPress SEO For Images plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48308 | 2025-08-28 | WordPress Newsletter subscription optin module plugin <= 1.2.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48309 | 2025-08-28 | WordPress BetPress plugin <= 1.0.1 Lite - CSRF to Stored XSS vulnerability |
| CVE-2025-48310 | 2025-08-28 | WordPress Table Editor plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-48311 | 2025-08-28 | WordPress Invisible Optin plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48312 | 2025-08-28 | WordPress WPAvatar plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48313 | 2025-08-28 | WordPress Tripadvisor Shortcode plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48314 | 2025-08-28 | WordPress Add Code To Head plugin <= 1.17 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48315 | 2025-08-28 | WordPress WordPress HTML plugin <= 0.51 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48316 | 2025-08-28 | WordPress Responsive Mobile-Friendly Tooltip plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48318 | 2025-08-28 | WordPress 多说社会化评论框 plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-48319 | 2025-08-28 | WordPress Mesa Mesa Reservation Widget plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48320 | 2025-08-28 | WordPress 百度分享按钮 plugin <= 1.0.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-48321 | 2025-08-28 | WordPress Ultimate twitter profile widget plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-48322 | 2025-08-28 | WordPress Statify Widget plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48323 | 2025-08-28 | WordPress Advance Food Menu plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48324 | 2025-08-28 | WordPress tli.tl auto Twitter poster plugin <= 3.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48325 | 2025-08-28 | WordPress WP Admin Theme plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48327 | 2025-08-28 | WordPress WP Mailgun SMTP plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2025-48343 | 2025-08-28 | WordPress WPMU Ldap Authentication plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48347 | 2025-08-28 | WordPress bxSlider integration for WordPress plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48348 | 2025-08-28 | WordPress Site Offline plugin <= 1.5.7 - Broken Access Control vulnerability |
| CVE-2025-48349 | 2025-08-28 | WordPress Video Gallery – Vimeo and YouTube Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48350 | 2025-08-28 | WordPress AutoWP plugin <= 2.2.2 - Broken Access Control vulnerability |
| CVE-2025-48351 | 2025-08-28 | WordPress Kento Splash Screen plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48352 | 2025-08-28 | WordPress Yandex Site search pinger plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48353 | 2025-08-28 | WordPress Clickbank WordPress Plugin (Niche Storefront) plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48354 | 2025-08-28 | WordPress Better Post & Filter Widgets for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48356 | 2025-08-28 | WordPress Kanpress plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48357 | 2025-08-28 | WordPress Century ToolKit plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Activation vulnerability |
| CVE-2025-48358 | 2025-08-28 | WordPress Risk Free Cash On Delivery (COD) – WooCommerce plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48359 | 2025-08-28 | WordPress ATT YouTube Widget plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48360 | 2025-08-28 | WordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48361 | 2025-08-28 | WordPress Hesabfa Accounting plugin <= 2.2.4 - Sensitive Data Exposure via Log File vulnerability |
| CVE-2025-48362 | 2025-08-28 | WordPress Hesabfa Accounting plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-48363 | 2025-08-28 | WordPress Popup for CF7 with Sweet Alert plugin <= 1.6.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-48364 | 2025-08-28 | WordPress rajce plugin <= 0.4.2 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-48365 | 2025-08-28 | WordPress Custom Comment plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49383 | 2025-08-28 | WordPress Neresa Theme <= 1.3 - Local File Inclusion Vulnerability |
| CVE-2025-49387 | 2025-08-28 | WordPress Drag and Drop File Upload for Elementor Forms Plugin <= 1.5.3 - Arbitrary File Upload Vulnerability |
| CVE-2025-49388 | 2025-08-28 | WordPress Miraculous Core Plugin Plugin <= 2.0.7 - Privilege Escalation Vulnerability |
| CVE-2025-49402 | 2025-08-28 | WordPress Houzez CRM Plugin <= 1.4.7 - Broken Access Control Vulnerability |
| CVE-2025-49404 | 2025-08-28 | WordPress Listeo-Core Plugin <= 1.9.32 - SQL Injection Vulnerability |
| CVE-2025-49405 | 2025-08-28 | WordPress Houzez Theme < 4.1.4 - Local File Inclusion Vulnerability |
| CVE-2025-49407 | 2025-08-28 | WordPress Houzez Theme <= 4.1.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-52761 | 2025-08-28 | WordPress WP Funnel Manager Plugin <= 1.4.0 - PHP Object Injection Vulnerability |
| CVE-2025-53215 | 2025-08-28 | WordPress Yahoo! WebPlayer Plugin <= 2.0.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53216 | 2025-08-28 | WordPress Glamer Theme <= 1.0.2 - Local File Inclusion Vulnerability |
| CVE-2025-53220 | 2025-08-28 | WordPress XmasB Quotes Plugin <= 1.6.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53223 | 2025-08-28 | WordPress Theme Switcher Reloaded Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53224 | 2025-08-28 | WordPress NextGEN Gallery Search Plugin <= 2.12 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53225 | 2025-08-28 | WordPress e-Boekhouden.nl Plugin <= 1.9.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53227 | 2025-08-28 | WordPress Magazine Saga Theme <= 1.2.7 - Local File Inclusion Vulnerability |
| CVE-2025-53230 | 2025-08-28 | WordPress Page Manager for Elementor Plugin <= 2.0.5 - Broken Access Control Vulnerability |
| CVE-2025-53243 | 2025-08-28 | WordPress Employee Directory – Staff Listing & Team Directory Plugin for WordPress Plugin <= 4.5.3 - PHP Object Injection Vulnerability |