VULNMAP - Security Vulnerabilities

CVE List - 2025 / September

Showing 1501 - 1600 of 4322 CVEs for September 2025 (Page 16 of 44)

CVE ID Date Title
CVE-2025-59035 2025-09-10 Indico vulnerable to Cross-Site Scripting via LaTeX math code
CVE-2025-43938 2025-09-10 Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading...
CVE-2025-20248 2025-09-10 Cisco IOS XR Software Image Verification Bypass Vulnerability
CVE-2025-20159 2025-09-10 Cisco IOS XR Software Management Interface ACL Bypass Vulnerability
CVE-2025-20340 2025-09-10 Cisco IOS XR Address Resolution Protocol Broadcast Storm Vulnerability
CVE-2025-43886 2025-09-10 Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem...
CVE-2025-59045 2025-09-10 Stalwart vulnerable to Memory Exhaustion via CalDAV Event Expansion
CVE-2025-43785 2025-09-10 Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote...
CVE-2025-8696 2025-09-10 DoS attack against the Stork UI from an unauthenticated user
CVE-2025-10209 2025-09-10 Papermerge DMS Authorization Token improper authorization
CVE-2025-54123 2025-09-10 Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
CVE-2025-9714 2025-09-10 Stack overflow in libxml2
CVE-2025-59049 2025-09-10 Mockoon has a Path Traversal and LFI in the static file serving endpoint
CVE-2025-10210 2025-09-10 yanyutao0402 ChanCMS Api.js search sql injection
CVE-2025-43784 2025-09-10 Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest users to obtain...
CVE-2025-10200 2025-09-10 Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
CVE-2025-10201 2025-09-10 Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity:...
CVE-2025-54376 2025-09-10 Hoverfly's WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled.
CVE-2025-10211 2025-09-10 yanyutao0402 ChanCMS getArticle CollectController server-side request forgery
CVE-2025-43783 2025-09-10 Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows...
CVE-2024-47120 2025-09-10 IBM Security Verify Information Queue code execution
CVE-2024-45669 2025-09-10 IBM Security Verify Information Queue denial of service
CVE-2024-45671 2025-09-10 IBM Security Verify Information Queue information disclosure
CVE-2025-59052 2025-09-10 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage
CVE-2025-10216 2025-09-10 GrandNode Voucher ConfirmOrder race condition
CVE-2025-10218 2025-09-10 lostvip-com ruoyi-go Background Management SysRoleDao.go SelectListPage sql injection
CVE-2025-10229 2025-09-10 Freshwork logout redirect
CVE-2025-10232 2025-09-10 299ko FileManagerAPIController.php delete path traversal
CVE-2025-10233 2025-09-10 kalcaddle kodbox editor.class.php fileSave path traversal
CVE-2025-10234 2025-09-10 Scada-LTS Data Point Edit data_point_edit.shtm cross site scripting
CVE-2025-56556 2025-09-11 An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to...
CVE-2025-10235 2025-09-11 Scada-LTS Reports reports.shtm cross site scripting
CVE-2025-6088 2025-09-11 Improper Authorization in danny-avila/librechat
CVE-2025-10236 2025-09-11 binary-husky gpt_academic LaTeX File latex_toolbox.py merge_tex_files_ path traversal
CVE-2025-10245 2025-09-11 Display Painéis TGA Galeria rename path traversal
CVE-2025-9776 2025-09-11 CatFolders – Tame Your WordPress Media Library by Category <= 2.5.2 - Authenticated (Author+) SQL Injection via CSV Import
CVE-2025-9910 2025-09-11 Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution...
CVE-2025-10246 2025-09-11 lokibhardwaj PHP-Code-For-Unlimited-File-Upload f.php cross site scripting
CVE-2025-9059 2025-09-11 Elevation of Privileges Vulnerability in IT Management Suite
CVE-2025-10247 2025-09-11 JEPaaS Filter doFilterInternal access control
CVE-2025-9034 2025-09-11 Wp Edit Password Protected < 1.3.5 - Open Redirect
CVE-2025-8479 2025-09-11 Zoho Flow <= 2.14.1 - Cross-Site Request Forgery
CVE-2025-8721 2025-09-11 Workable API <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via workable_jobs Shortcode
CVE-2025-9631 2025-09-11 AutoCatSet <= 2.1.4 - Cross-Site Request Forgery
CVE-2025-8316 2025-09-11 Certifica WP <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via evento Parameter
CVE-2025-0763 2025-09-11 Ultimate Classified Listings <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
CVE-2025-8686 2025-09-11 WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode
CVE-2025-9861 2025-09-11 ThemeLoom Widgets <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-9628 2025-09-11 The integration of the AMO.CRM <= 1.0.1 - Cross-Site Request Forgery
CVE-2025-9850 2025-09-11 Evenium <= 1.3.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-8422 2025-09-11 Propovoice <= 1.7.6.7 - Unauthenticated Arbitrary File Read
CVE-2025-8417 2025-09-11 Catalog Importer, Scraper & Crawler <= 5.1.4 - Unauthenticated PHP Code Injection
CVE-2025-5801 2025-09-11 Digital Events Calendar <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via column Parameter
CVE-2025-8445 2025-09-11 Countdown Timer for Elementor <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'countdown_label'
CVE-2025-9073 2025-09-11 All in one Minifier <= 3.2 - Unauthenticated SQL Injection
CVE-2025-8692 2025-09-11 Coupon API <= 6.2.9 - Authenticated (Administrator+) SQL Injection via 'log_duration'
CVE-2025-8423 2025-09-11 My WP Translate <= 1.1 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Option Read and Deletion
CVE-2025-8318 2025-09-11 Jobify <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via keyword Parameter
CVE-2025-9634 2025-09-11 Plugin updates blocker <= 0.2 - Cross-Site Request Forgery
CVE-2025-9635 2025-09-11 Analytics Reduce Bounce Rate <= 2.3 - Cross-Site Request Forgery
CVE-2025-9874 2025-09-11 Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion
CVE-2025-9860 2025-09-11 Mixtape <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-9627 2025-09-11 Run Log <= 1.7.10 - Cross-Site Request Forgery to Settings Update
CVE-2025-8492 2025-09-11 Salon Booking System <= 10.20 - Missing Authorization to Unauthenticated AJAX Actions Execution
CVE-2025-8392 2025-09-11 Mitfahrgelegenheit <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via date Parameter
CVE-2025-9623 2025-09-11 Admin in English with Switch <= 1.1 - Cross-Site Request Forgery
CVE-2025-8481 2025-09-11 Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid <= 1.1.7 - Cross-Site Request Forgery
CVE-2025-8215 2025-09-11 Responsive Addons for Elementor <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
CVE-2025-8689 2025-09-11 Elements Plus! <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
CVE-2025-9451 2025-09-11 Smartcat Translator for WPML <= 3.1.69 - Authenticated (Author+) SQL Injection via orderby Parameter
CVE-2025-8570 2025-09-11 BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter
CVE-2025-9620 2025-09-11 Seo Monster <= 3.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-9693 2025-09-11 User Meta – User Profile Builder and User management plugin <= 3.1.2 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-9128 2025-09-11 eID Easy <= 4.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2025-9617 2025-09-11 Publish approval <= 1.1 - Cross-Site Request Forgery
CVE-2025-9632 2025-09-11 PhpList Subber <= 1.1 - Cross-Site Request Forgery
CVE-2025-9123 2025-09-11 CBX Map for Google Map & OpenStreetMap <= 1.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-8425 2025-09-11 My WP Translate <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
CVE-2025-9855 2025-09-11 Enhanced BibliPlug <= 1.3.8 - Authenticated (Contirbutor+) Stored Cross-Site Scripting
CVE-2025-8398 2025-09-11 azurecurve BBCode <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Shortcode
CVE-2025-8691 2025-09-11 WP Scriptcase <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter
CVE-2025-9633 2025-09-11 LH Signing <= 2.83 - Cross-Site Request Forgery
CVE-2025-9918 2025-09-11 Zip Slip in Google SecOps SOAR allows for Remote Code Execution
CVE-2025-48038 2025-09-11 Unverified File Handles can Cause Excessive Use of System Resources
CVE-2025-48039 2025-09-11 Unverified Paths can Cause Excessive Use of System Resources
CVE-2025-48040 2025-09-11 Malicious Key Exchange Messages may Lead to Excessive Resource Consumption
CVE-2025-48041 2025-09-11 SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles
CVE-2025-58321 2025-09-11 DIALink - Directory Traversal Authentication Bypass Vulnerability
CVE-2025-58320 2025-09-11 DIALink - Directory Traversal Authentication Bypass Vulnerability
CVE-2025-9018 2025-09-11 Time Tracker <= 3.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Limited Data Deletion
CVE-2025-40687 2025-09-11 SQL injection in PHPGurukul Online Fire Reporting System
CVE-2025-40689 2025-09-11 SQL injection in PHPGurukul Online Fire Reporting System
CVE-2025-40690 2025-09-11 SQL injection in PHPGurukul Online Fire Reporting System
CVE-2025-40691 2025-09-11 SQL injection in PHPGurukul Online Fire Reporting System
CVE-2025-40692 2025-09-11 SQL injection in PHPGurukul Online Fire Reporting System
CVE-2025-10250 2025-09-11 DJI Mavic Spark/Mavic Air/Mavic Mini Telemetry Channel hard-coded key
CVE-2025-40693 2025-09-11 Cross Site Scripting in PHPGurukul Online Fire Reporting System
CVE-2025-40694 2025-09-11 Cross Site Scripting in PHPGurukul Online Fire Reporting System
CVE-2025-40695 2025-09-11 Cross Site Scripting in PHPGurukul Online Fire Reporting System
CVE-2025-40696 2025-09-11 Cross Site Scripting in PHPGurukul Online Fire Reporting System