CVE List - 2025 / September
Showing 1301 - 1400 of 4322 CVEs for September 2025 (Page 14 of 44)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-55317 | 2025-09-09 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
| CVE-2025-49692 | 2025-09-09 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| CVE-2025-47997 | 2025-09-09 | Microsoft SQL Server Information Disclosure Vulnerability |
| CVE-2025-53796 | 2025-09-09 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-53799 | 2025-09-09 | Windows Imaging Component Information Disclosure Vulnerability |
| CVE-2025-53800 | 2025-09-09 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2025-53801 | 2025-09-09 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-53802 | 2025-09-09 | Windows Bluetooth Service Elevation of Privilege Vulnerability |
| CVE-2025-53803 | 2025-09-09 | Windows Kernel Memory Information Disclosure Vulnerability |
| CVE-2025-53804 | 2025-09-09 | Windows Kernel-Mode Driver Information Disclosure Vulnerability |
| CVE-2025-53805 | 2025-09-09 | HTTP.sys Denial of Service Vulnerability |
| CVE-2025-53806 | 2025-09-09 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-53807 | 2025-09-09 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2025-53808 | 2025-09-09 | Windows Defender Firewall Service Elevation of Privilege Vulnerability |
| CVE-2025-53809 | 2025-09-09 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability |
| CVE-2025-53810 | 2025-09-09 | Windows Defender Firewall Service Elevation of Privilege Vulnerability |
| CVE-2025-54091 | 2025-09-09 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-54092 | 2025-09-09 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-54093 | 2025-09-09 | Windows TCP/IP Driver Elevation of Privilege Vulnerability |
| CVE-2025-54094 | 2025-09-09 | Windows Defender Firewall Service Elevation of Privilege Vulnerability |
| CVE-2025-54098 | 2025-09-09 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-54103 | 2025-09-09 | Windows Management Service Elevation of Privilege Vulnerability |
| CVE-2025-54104 | 2025-09-09 | Windows Defender Firewall Service Elevation of Privilege Vulnerability |
| CVE-2025-54105 | 2025-09-09 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-54107 | 2025-09-09 | MapUrlToZone Security Feature Bypass Vulnerability |
| CVE-2025-54108 | 2025-09-09 | Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability |
| CVE-2025-54109 | 2025-09-09 | Windows Defender Firewall Service Elevation of Privilege Vulnerability |
| CVE-2025-54112 | 2025-09-09 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability |
| CVE-2025-54113 | 2025-09-09 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-54114 | 2025-09-09 | Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability |
| CVE-2025-54115 | 2025-09-09 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-54116 | 2025-09-09 | Windows MultiPoint Services Elevation of Privilege Vulnerability |
| CVE-2025-54900 | 2025-09-09 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-54901 | 2025-09-09 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2025-54910 | 2025-09-09 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-54911 | 2025-09-09 | Windows BitLocker Elevation of Privilege Vulnerability |
| CVE-2025-54912 | 2025-09-09 | Windows BitLocker Elevation of Privilege Vulnerability |
| CVE-2025-54915 | 2025-09-09 | Windows Defender Firewall Service Elevation of Privilege Vulnerability |
| CVE-2025-54917 | 2025-09-09 | MapUrlToZone Security Feature Bypass Vulnerability |
| CVE-2025-55224 | 2025-09-09 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2025-55227 | 2025-09-09 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2025-55234 | 2025-09-09 | Windows SMB Elevation of Privilege Vulnerability |
| CVE-2025-9269 | 2025-09-09 | Server-Side Request Forgery (SSRF) vulnerability found in embedded web server |
| CVE-2025-10198 | 2025-09-09 | LizardBytes Sunshine for Windows contains a DLL search-order hijacking vulnerability |
| CVE-2025-10199 | 2025-09-09 | A local privilege escalation vulnerability exists in LizardBytes' Sunshine for Windows |
| CVE-2025-43775 | 2025-09-09 | Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows... |
| CVE-2025-54256 | 2025-09-09 | Dreamweaver Desktop | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2025-54242 | 2025-09-09 | Premiere Pro | Use After Free (CWE-416) |
| CVE-2025-55727 | 2025-09-09 | XWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro |
| CVE-2025-10164 | 2025-09-09 | lmsys sglang update_weights_from_tensor main deserialization |
| CVE-2025-55728 | 2025-09-09 | XWiki Remote Macros vulnerable to remote code execution using the panel macro |
| CVE-2025-55047 | 2025-09-09 | CWE-798 Use of Hard-coded Credentials |
| CVE-2025-55048 | 2025-09-09 | Multiple CWE-78 |
| CVE-2025-43781 | 2025-09-09 | Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary... |
| CVE-2025-55729 | 2025-09-09 | XWiki Remote Macros vulnerable to remote code execution using the ConfluenceLayoutSection macro |
| CVE-2025-55049 | 2025-09-09 | Use of Default Cryptographic Key (CWE-1394) |
| CVE-2025-55730 | 2025-09-09 | XWiki Remote Macros vulnerable to remote code execution using the confluence paste code macro |
| CVE-2025-55050 | 2025-09-09 | CWE-1242: Inclusion of Undocumented Features |
| CVE-2025-55051 | 2025-09-09 | CWE-1392: Use of Default Credentials |
| CVE-2025-55052 | 2025-09-09 | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2025-43786 | 2025-09-09 | Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update... |
| CVE-2025-55053 | 2025-09-09 | CWE-328: Use of Weak Hash |
| CVE-2025-55054 | 2025-09-09 | CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') |
| CVE-2025-47415 | 2025-09-09 | RECWAVE Filepath Traversal |
| CVE-2025-58063 | 2025-09-09 | CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion |
| CVE-2025-36125 | 2025-09-09 | IBM Hardware Management Console - Power Systems cross-site scripting |
| CVE-2025-36011 | 2025-09-09 | IBM Jazz for Service Management information disclosure |
| CVE-2025-58180 | 2025-09-09 | OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload |
| CVE-2025-58430 | 2025-09-09 | listmonk Vulnerable to CSRF to XSS Chain That Can Lead to Admin Account Takeover |
| CVE-2025-34172 | 2025-09-09 | Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting |
| CVE-2025-58435 | 2025-09-09 | Open OnDemand didn't rotate password for VNC batch_connect |
| CVE-2025-58442 | 2025-09-09 | Saleor has user enumeration vulnerability due to different error messages |
| CVE-2025-58758 | 2025-09-09 | TinyEnv: Missing .env file not required — may cause unexpected behavior |
| CVE-2025-58759 | 2025-09-09 | TinyEnv: Inline comments not stripped properly in .env values |
| CVE-2025-53913 | 2025-09-09 | Calix GigaCenter ONT (Quantenna SoC) - Excessive Privileges |
| CVE-2025-58753 | 2025-09-09 | copyparty: Sharing a single file does not fully restrict access to other files in source folder |
| CVE-2025-58760 | 2025-09-09 | Tautulli vulnerable to Unauthenticated Path Traversal in `/image` endpoint |
| CVE-2025-34173 | 2025-09-09 | Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure |
| CVE-2025-58761 | 2025-09-09 | Tautulli vulnerable to Unauthenticated Path Traversal in `real_pms_image_proxy` |
| CVE-2025-53914 | 2025-09-09 | Calix GigaCenter ONT (Broadcom SoC) - Excessive Privileges |
| CVE-2025-34174 | 2025-09-09 | Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting |
| CVE-2025-58762 | 2025-09-09 | Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent |
| CVE-2025-7635 | 2025-09-09 | Calix GigaCenter ONT - Unauthenticated Telnet |
| CVE-2025-54257 | 2025-09-09 | Acrobat Reader | Use After Free (CWE-416) |
| CVE-2025-34175 | 2025-09-09 | Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting |
| CVE-2025-54255 | 2025-09-09 | Acrobat Reader | Violation of Secure Design Principles (CWE-657) |
| CVE-2025-58763 | 2025-09-09 | Tautulli vulnerable to Authenticated Remote Code Execution via Command Injection |
| CVE-2025-34176 | 2025-09-09 | Netgate pfSense CE Suricata Package v7.0.8_2 Directory Traversal Information Disclosure |
| CVE-2025-58765 | 2025-09-09 | wabac.js has XSS vulnerability in 404 error handling logic |
| CVE-2025-34177 | 2025-09-09 | Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting |
| CVE-2025-58768 | 2025-09-09 | DeepChat's Mermaid rendering has XSS leading to RCE |
| CVE-2025-34178 | 2025-09-09 | Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting |
| CVE-2025-59037 | 2025-09-09 | DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware |
| CVE-2025-54083 | 2025-09-09 | Calix GigaCenter ONT firmware - Sensitive Information Disclosure |
| CVE-2025-43491 | 2025-09-09 | Poly Lens Desktop Application – Privilege Escalation |
| CVE-2025-54084 | 2025-09-09 | Calix Gigacenter ONT - Command Injection |
| CVE-2025-54240 | 2025-09-09 | After Effects | Out-of-bounds Read (CWE-125) |
| CVE-2025-54239 | 2025-09-09 | After Effects | Out-of-bounds Read (CWE-125) |
| CVE-2025-54241 | 2025-09-09 | After Effects | Out-of-bounds Read (CWE-125) |
| CVE-2025-10159 | 2025-09-09 | An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7). |