CVE List - 2025 / August
Showing 3301 - 3400 of 3631 CVEs for August 2025 (Page 34 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-53244 | 2025-08-28 | WordPress Magazine Elite Theme <= 1.2.4 - Local File Inclusion Vulnerability |
| CVE-2025-53247 | 2025-08-28 | WordPress BlogMarks Theme <= 1.0.8 - Local File Inclusion Vulnerability |
| CVE-2025-53248 | 2025-08-28 | WordPress Magazine Theme <= 1.2.2 - Local File Inclusion Vulnerability |
| CVE-2025-53250 | 2025-08-28 | WordPress Chartbeat Plugin <= 2.0.7 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-53289 | 2025-08-28 | WordPress Theme Blvd Widget Areas Plugin <= 1.3.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53326 | 2025-08-28 | WordPress Gutenify Plugin <= 1.5.6 - Local File Inclusion Vulnerability |
| CVE-2025-53328 | 2025-08-28 | WordPress Poll, Survey & Quiz Maker Plugin by Opinion Stage Plugin <= 19.11.0 - Local File Inclusion Vulnerability |
| CVE-2025-53334 | 2025-08-28 | WordPress Jannah Theme <= 7.4.1 - Local File Inclusion Vulnerability |
| CVE-2025-53337 | 2025-08-28 | WordPress LifePress Plugin <= 2.1.3 - Broken Access Control Vulnerability |
| CVE-2025-53572 | 2025-08-28 | WordPress WP Easy Contact Plugin <= 4.0.1 - PHP Object Injection Vulnerability |
| CVE-2025-53576 | 2025-08-28 | WordPress Ovatheme Events Plugin <= 1.2.8 - Local File Inclusion Vulnerability |
| CVE-2025-53578 | 2025-08-28 | WordPress Kipso Theme <= 1.3.4 - Local File Inclusion Vulnerability |
| CVE-2025-53579 | 2025-08-28 | WordPress Captcha.eu Plugin < 1.0.61 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53583 | 2025-08-28 | WordPress Employee Spotlight Plugin <= 5.1.1 - PHP Object Injection Vulnerability |
| CVE-2025-53584 | 2025-08-28 | WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - PHP Object Injection Vulnerability |
| CVE-2025-53588 | 2025-08-28 | WordPress UPC/EAN/GTIN Code Generator Plugin <= 2.0.2 - Arbitrary File Deletion Vulnerability |
| CVE-2025-54029 | 2025-08-28 | WordPress WooCommerce csv import export Plugin <= 2.0.6 - Arbitrary File Deletion Vulnerability |
| CVE-2025-54710 | 2025-08-28 | WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability |
| CVE-2025-54714 | 2025-08-28 | WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability |
| CVE-2025-54716 | 2025-08-28 | WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability |
| CVE-2025-54720 | 2025-08-28 | WordPress Nest Addons Plugin <= 1.6.3 - SQL Injection Vulnerability |
| CVE-2025-54724 | 2025-08-28 | WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-54725 | 2025-08-28 | WordPress Golo Theme <= 1.7.0 - Broken Authentication Vulnerability |
| CVE-2025-54731 | 2025-08-28 | WordPress YouTube Showcase Plugin <= 3.5.1 - PHP Object Injection Vulnerability |
| CVE-2025-54733 | 2025-08-28 | WordPress All Bootstrap Blocks Plugin <= 1.3.28 - Broken Access Control Vulnerability |
| CVE-2025-54734 | 2025-08-28 | WordPress B Slider Plugin <= 1.1.30 - Broken Access Control Vulnerability |
| CVE-2025-54738 | 2025-08-28 | WordPress Jobmonster Theme <= 4.7.9 - Broken Authentication Vulnerability |
| CVE-2025-54742 | 2025-08-28 | WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability |
| CVE-2025-58123 | 2025-08-28 | Lack of TLS validation in plugin BGP Monitoring on Checkmk Exchange |
| CVE-2025-58124 | 2025-08-28 | Lack of TLS validation in plugin check-mk-api on Checkmk Exchange |
| CVE-2025-58125 | 2025-08-28 | Lack of TLS validation in plugin Freebox v6 agent on Checkmk Exchange |
| CVE-2025-58126 | 2025-08-28 | Lack of TLS validation in plugin VMware vSAN on Checkmk Exchange |
| CVE-2025-58127 | 2025-08-28 | Lack of TLS validation in plugin Dell Powerscale on Checkmk Exchange |
| CVE-2025-9578 | 2025-08-28 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734. |
| CVE-2024-49790 | 2025-08-28 | IBM Watson Studio on Cloud Pak for Data cross-site scripting |
| CVE-2025-8067 | 2025-08-28 | Udisks: out-of-bounds read in udisks daemon |
| CVE-2024-48908 | 2025-08-28 | lychee-action vulnerable to arbitrary code injection in composite action |
| CVE-2025-54995 | 2025-08-28 | Asterisk remotely exploitable leak of RTP UDP ports and internal resources |
| CVE-2025-57767 | 2025-08-28 | Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request |
| CVE-2024-13986 | 2025-08-28 | Nagios XI < 2024R1.3.2 Authenticated Arbitrary File Upload Path Traversal RCE |
| CVE-2025-25010 | 2025-08-28 | Kibana privilege escalation via reporting_user role |
| CVE-2025-57756 | 2025-08-28 | Contao discloses sensitive information in the front end search index |
| CVE-2025-57757 | 2025-08-28 | Contao discloses information in the news module |
| CVE-2025-57758 | 2025-08-28 | Contao has improper access control in the back end voters |
| CVE-2025-57759 | 2025-08-28 | Contao has improper privilege management for page and article fields |
| CVE-2025-57819 | 2025-08-28 | FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE |
| CVE-2025-58334 | 2025-08-28 | In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves |
| CVE-2025-58335 | 2025-08-28 | In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_project function |
| CVE-2025-31972 | 2025-08-28 | HCL BigFix Service Management (SM) is affected by a Sensitive Information Exposure vulnerability |
| CVE-2025-31977 | 2025-08-28 | A cryptographic weakness has been identified in the HCL BigFix Service Management (SM) |
| CVE-2025-31979 | 2025-08-28 | A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix Service Management (SM) |
| CVE-2025-58047 | 2025-08-28 | Volto affected by possible DoS by invoking specific URL by anonymous user |
| CVE-2025-58048 | 2025-08-28 | Paymenter Vulnerable to Remote Code Execution via Public File Uploads |
| CVE-2025-58049 | 2025-08-28 | XWiki PDF export jobs store sensitive cookies unencrypted in job statuses |
| CVE-2025-58059 | 2025-08-28 | Valtimo scripting engine can be used to gain access to sensitive data or resources |
| CVE-2025-9195 | 2025-08-28 | Improper input validation in firmware of some Solidigm DC Products may allow an attacker with local access to cause a Denial of Service |
| CVE-2025-9575 | 2025-08-28 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 upload.cgi cgiMain os command injection |
| CVE-2025-9576 | 2025-08-28 | seeedstudio ReSpeaker Administrative shadow default credentials |
| CVE-2025-31971 | 2025-08-28 | AIML Solutions for HCL SX is susceptible to a URL validation vulnerability |
| CVE-2025-9577 | 2025-08-28 | TOTOLINK X2000R Administrative shadow.sample default credentials |
| CVE-2025-9579 | 2025-08-28 | LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection |
| CVE-2025-9580 | 2025-08-28 | LB-LINK BL-X26 HTTP set_blacklist os command injection |
| CVE-2025-9581 | 2025-08-28 | Comfast CF-N1 webmgnt multi_pppoe command injection |
| CVE-2025-9582 | 2025-08-28 | Comfast CF-N1 webmgnt ntp_timezone command injection |
| CVE-2025-6203 | 2025-08-28 | Vault unauthenticated denial of service through complex json payload |
| CVE-2025-9583 | 2025-08-28 | Comfast CF-N1 webmgnt ping_config command injection |
| CVE-2025-9584 | 2025-08-28 | Comfast CF-N1 webmgnt update_interface_png command injection |
| CVE-2025-9585 | 2025-08-28 | Comfast CF-N1 webmgnt wifilith_delete_pic_file command injection |
| CVE-2025-9586 | 2025-08-28 | Comfast CF-N1 webmgnt wireless_device_dissoc command injection |
| CVE-2025-9589 | 2025-08-28 | Cudy WR1200EA shadow default password |
| CVE-2025-9590 | 2025-08-28 | Weaver E-Mobile Mobile Management Platform cross site scripting |
| CVE-2025-58058 | 2025-08-28 | github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives |
| CVE-2025-9591 | 2025-08-28 | ZrLog Theme Configuration Form config cross site scripting |
| CVE-2025-9592 | 2025-08-28 | itsourcecode Apartment Management System bill_info.php sql injection |
| CVE-2025-58061 | 2025-08-28 | OpenEBS Local PV RawFile persistent volume data is world readable |
| CVE-2025-58062 | 2025-08-28 | LSTM-Kirigaya's openmcp-client Vulnerable to RCE in MCP Authorization Flow |
| CVE-2025-9593 | 2025-08-28 | itsourcecode Apartment Management System unit_status_info.php sql injection |
| CVE-2025-9594 | 2025-08-28 | itsourcecode Apartment Management System complain_info.php sql injection |
| CVE-2025-48979 | 2025-08-28 | An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access. |
| CVE-2025-9595 | 2025-08-28 | code-projects Student Information Management System login.php cross site scripting |
| CVE-2025-9596 | 2025-08-28 | itsourcecode Sports Management System login.php sql injection |
| CVE-2023-41471 | 2025-08-29 | Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. NOTE: this is disputed because WEEKEND-PLANS... |
| CVE-2024-46484 | 2025-08-29 | TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component. |
| CVE-2024-46916 | 2025-08-29 | Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in... |
| CVE-2024-46917 | 2025-08-29 | Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption... |
| CVE-2025-44033 | 2025-08-29 | SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java |
| CVE-2025-54142 | 2025-08-29 | Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an... |
| CVE-2025-55579 | 2025-08-29 | SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8. |
| CVE-2025-55580 | 2025-08-29 | SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting (XSS) issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the... |
| CVE-2025-55763 | 2025-08-29 | Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered... |
| CVE-2025-56577 | 2025-08-29 | An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys. |
| CVE-2025-9597 | 2025-08-29 | itsourcecode Apartment Management System rented_all_info.php sql injection |
| CVE-2025-9598 | 2025-08-29 | itsourcecode Apartment Management System year_setup.php sql injection |
| CVE-2025-40927 | 2025-08-29 | CGI::Simple versions 1.281 and earlier for Perl has a HTTP response splitting flaw |
| CVE-2025-43255 | 2025-08-29 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Sequoia 15.6, macOS Ventura 13.7.7. An app may be able to cause... |
| CVE-2025-43268 | 2025-08-29 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges. |
| CVE-2024-44271 | 2025-08-29 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator. |
| CVE-2024-54568 | 2025-08-29 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. Parsing a maliciously crafted file may lead to an unexpected app termination. |
| CVE-2025-43284 | 2025-08-29 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. An app may be able to cause... |
| CVE-2025-43187 | 2025-08-29 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. Running an hdiutil command may unexpectedly execute... |