CVE List - 2025 / August
Showing 3401 - 3500 of 3631 CVEs for August 2025 (Page 35 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-54554 | 2025-08-29 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data. |
| CVE-2025-9599 | 2025-08-29 | itsourcecode Apartment Management System month_setup.php sql injection |
| CVE-2025-9600 | 2025-08-29 | itsourcecode Apartment Management System member_type_setup.php sql injection |
| CVE-2025-9601 | 2025-08-29 | itsourcecode Apartment Management System employee_salary_setup.php sql injection |
| CVE-2025-9602 | 2025-08-29 | Xinhu RockOA index.php publicsaveAjax improper authorization |
| CVE-2025-9603 | 2025-08-29 | Telesquare TLR-2005KSH internet.cgi command injection |
| CVE-2025-9604 | 2025-08-29 | coze-studio aes.go hard-coded key |
| CVE-2025-39245 | 2025-08-29 | There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data. |
| CVE-2025-39246 | 2025-08-29 | There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2025-39247 | 2025-08-29 | There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission. |
| CVE-2025-58323 | 2025-08-29 | NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks. |
| CVE-2025-9605 | 2025-08-29 | Tenda AC21/AC23 GetParentControlInfo stack-based overflow |
| CVE-2025-9606 | 2025-08-29 | Portabilis i-Educar agenda_preferencias.php sql injection |
| CVE-2025-9607 | 2025-08-29 | Portabilis i-Educar Tabelas de Arredondamento view sql injection |
| CVE-2025-9608 | 2025-08-29 | Portabilis i-Educar Formula de Cálculo de Média view sql injection |
| CVE-2025-8861 | 2025-08-29 | Changing|TSA - Missing Authentication |
| CVE-2025-9609 | 2025-08-29 | Portabilis i-Educar consulta improper authorization |
| CVE-2025-9610 | 2025-08-29 | code-projects Online Event Judging System create_account.php sql injection |
| CVE-2025-8857 | 2025-08-29 | Changing|Clinic Image System - Use of Hard-coded Credentials |
| CVE-2025-8858 | 2025-08-29 | Changing|Clinic Image System - SQL Injection |
| CVE-2025-9639 | 2025-08-29 | Ai3|QbiCRMGateway - Arbitrary File Reading through Path Traversal |
| CVE-2025-9619 | 2025-08-29 | E4 Sistemas Mercatus ERP id resource injection |
| CVE-2025-53507 | 2025-08-29 | Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of... |
| CVE-2025-53508 | 2025-08-29 | Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the... |
| CVE-2025-8147 | 2025-08-29 | LWSCache <= 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation via lwscache_activatePlugin Function |
| CVE-2025-9374 | 2025-08-29 | Ultimate Tag Warrior Importer <= 0.2 - Cross-Site Request Forgery |
| CVE-2025-8619 | 2025-08-29 | OSM Map Widget for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL |
| CVE-2025-8290 | 2025-08-29 | List Subpages <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter |
| CVE-2025-9441 | 2025-08-29 | iATS Online Forms <= 1.2 - Authenticated (Contributor+) SQL Injection via order Parameter |
| CVE-2025-54777 | 2025-08-29 | Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the... |
| CVE-2024-13987 | 2025-08-29 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server allows remote authenticated users with administrator privileges to read or write limited files in SRM... |
| CVE-2025-8150 | 2025-08-29 | Events Addon for Elementor <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter and Countdown Widgets |
| CVE-2025-7071 | 2025-08-29 | Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library |
| CVE-2025-7383 | 2025-08-29 | Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto library |
| CVE-2025-9071 | 2025-08-29 | Insecure RSA-OAEP implementation with all-zero seed for padding in Oberon PSA Crypto |
| CVE-2025-4643 | 2025-08-29 | Lack of JWT Expiration after Log Out in PayloadCMS |
| CVE-2025-4644 | 2025-08-29 | User Session Fixation after Account Removal in PayloadCMS |
| CVE-2024-13342 | 2025-08-29 | Booster for WooCommerce <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload |
| CVE-2025-9217 | 2025-08-29 | Slider Revolution <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images' |
| CVE-2025-40702 | 2025-08-29 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH |
| CVE-2025-40703 | 2025-08-29 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH |
| CVE-2025-40704 | 2025-08-29 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH |
| CVE-2025-40705 | 2025-08-29 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH |
| CVE-2025-40706 | 2025-08-29 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH |
| CVE-2025-40707 | 2025-08-29 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH |
| CVE-2025-40708 | 2025-08-29 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH |
| CVE-2025-40709 | 2025-08-29 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH |
| CVE-2025-9643 | 2025-08-29 | itsourcecode Apartment Management System utility_bill_setup.php sql injection |
| CVE-2025-9644 | 2025-08-29 | itsourcecode Apartment Management System bill_setup.php sql injection |
| CVE-2025-9645 | 2025-08-29 | itsourcecode Apartment Management System r_all_info.php sql injection |
| CVE-2025-9646 | 2025-08-29 | O2OA calendarConfig cross site scripting |
| CVE-2025-9647 | 2025-08-29 | mtons mblog list cross site scripting |
| CVE-2025-9649 | 2025-08-29 | appneta tcpreplay send_packets.c calc_sleep_time divide by zero |
| CVE-2025-9650 | 2025-08-29 | yeqifu carRental AppFileUtils.java removeFileByPath path traversal |
| CVE-2025-9651 | 2025-08-29 | shafhasan chatbox chat.php sql injection |
| CVE-2025-9652 | 2025-08-29 | Portabilis i-Educar Cadastrar tipo de transferência educar_transferencia_tipo_cad.php cross site scripting |
| CVE-2025-9653 | 2025-08-29 | Portabilis i-Educar Cadastrar projeto educar_projeto_cad.php cross site scripting |
| CVE-2025-54080 | 2025-08-29 | Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file |
| CVE-2025-55304 | 2025-08-29 | Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata |
| CVE-2025-9654 | 2025-08-29 | AiondaDotCom mcp-ssh server-simple.mjs command injection |
| CVE-2025-9655 | 2025-08-29 | O2OA Personal Profile person cross site scripting |
| CVE-2025-54877 | 2025-08-29 | Tuleap's special and always there fields permissions are not verified in cross-tracker search |
| CVE-2025-9656 | 2025-08-29 | PHPGurukul Directory Management System add-directory.php cross site scripting |
| CVE-2025-9657 | 2025-08-29 | O2OA Personal Profile script cross site scripting |
| CVE-2025-55202 | 2025-08-29 | Opencast has a partial path traversal vulnerability in UI config |
| CVE-2025-5808 | 2025-08-29 | Authentication Bypass vulnerability discovered in the OpenText™ Self-Service Password Reset |
| CVE-2025-55177 | 2025-08-29 | Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user... |
| CVE-2025-55750 | 2025-08-29 | Gitpod Classic Affected by Bitbucket OAuth Token Exposure via Redirect Fragment |
| CVE-2025-47909 | 2025-08-29 | Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf |
| CVE-2025-9658 | 2025-08-29 | O2OA Personal Profile dict cross site scripting |
| CVE-2025-9659 | 2025-08-29 | O2OA Personal Profile widget cross site scripting |
| CVE-2025-9660 | 2025-08-29 | SourceCodester Bakeshop Online Ordering System passwordrecover.php sql injection |
| CVE-2025-9662 | 2025-08-29 | code-projects Simple Grading System Admin Panel login.php sql injection |
| CVE-2025-9663 | 2025-08-29 | code-projects Simple Grading System Admin Panel edit_account.php sql injection |
| CVE-2025-9664 | 2025-08-29 | code-projects Simple Grading System Admin Panel add_student_grade.php sql injection |
| CVE-2024-12923 | 2025-08-29 | Photo Station |
| CVE-2025-22483 | 2025-08-29 | License Center |
| CVE-2025-29874 | 2025-08-29 | File Station 5 |
| CVE-2025-29875 | 2025-08-29 | File Station 5 |
| CVE-2025-29878 | 2025-08-29 | File Station 5 |
| CVE-2025-29879 | 2025-08-29 | File Station 5 |
| CVE-2025-29882 | 2025-08-29 | QTS, QuTS hero |
| CVE-2025-29886 | 2025-08-29 | File Station 5 |
| CVE-2025-29887 | 2025-08-29 | QuRouter 2.5 |
| CVE-2025-29888 | 2025-08-29 | File Station 5 |
| CVE-2025-29889 | 2025-08-29 | File Station 5 |
| CVE-2025-29890 | 2025-08-29 | File Station 5 |
| CVE-2025-29893 | 2025-08-29 | Qsync Central |
| CVE-2025-29894 | 2025-08-29 | Qsync Central |
| CVE-2025-29898 | 2025-08-29 | Qsync Central |
| CVE-2025-29899 | 2025-08-29 | File Station 5 |
| CVE-2025-29900 | 2025-08-29 | File Station 5 |
| CVE-2025-30260 | 2025-08-29 | Qsync Central |
| CVE-2025-30261 | 2025-08-29 | Qsync Central |
| CVE-2025-30262 | 2025-08-29 | Qsync Central |
| CVE-2025-30263 | 2025-08-29 | Qsync Central |
| CVE-2025-30264 | 2025-08-29 | QTS, QuTS hero |
| CVE-2025-30265 | 2025-08-29 | QTS, QuTS hero |
| CVE-2025-30267 | 2025-08-29 | QTS, QuTS hero |
| CVE-2025-30268 | 2025-08-29 | QTS, QuTS hero |