CVE List - 2025 / September
Showing 2201 - 2300 of 4322 CVEs for September 2025 (Page 23 of 44)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-43303 | 2025-09-15 | A logging issue was addressed with improved data redaction. This issue is fixed in visionOS 26, tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able... |
| CVE-2025-43231 | 2025-09-15 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8. An app may be able to access user-sensitive data. |
| CVE-2025-31270 | 2025-09-15 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data. |
| CVE-2025-43362 | 2025-09-15 | The issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26, iOS 18.7 and iPadOS 18.7. An app may be able to monitor keystrokes... |
| CVE-2025-43319 | 2025-09-15 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access protected user data. |
| CVE-2025-43358 | 2025-09-15 | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7.... |
| CVE-2025-43359 | 2025-09-15 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, visionOS... |
| CVE-2025-43318 | 2025-09-15 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Tahoe 26. An app with root privileges may be able to access private information. |
| CVE-2025-31271 | 2025-09-15 | This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26. Incoming FaceTime calls can appear or be accepted on a locked macOS device, even... |
| CVE-2025-43375 | 2025-09-15 | The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. |
| CVE-2025-43302 | 2025-09-15 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7,... |
| CVE-2025-43355 | 2025-09-15 | A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7,... |
| CVE-2025-43343 | 2025-09-15 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously crafted web... |
| CVE-2025-43314 | 2025-09-15 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be... |
| CVE-2025-43292 | 2025-09-15 | A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Sequoia 15.7.2. An app may be able to access sensitive user data. |
| CVE-2025-43372 | 2025-09-15 | The issue was addressed with improved input validation. This issue is fixed in tvOS 26, watchOS 26, iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, visionOS 26. Processing a maliciously... |
| CVE-2025-43325 | 2025-09-15 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. |
| CVE-2025-43299 | 2025-09-15 | A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7. An app may be able to... |
| CVE-2025-43333 | 2025-09-15 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges. |
| CVE-2025-43283 | 2025-09-15 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination. |
| CVE-2025-43329 | 2025-09-15 | A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able to break out... |
| CVE-2025-43295 | 2025-09-15 | A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7. An app may be able to... |
| CVE-2025-43368 | 2025-09-15 | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an... |
| CVE-2025-43190 | 2025-09-15 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26,... |
| CVE-2025-43344 | 2025-09-15 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 26, tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be... |
| CVE-2025-43305 | 2025-09-15 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. A malicious app may be able to access private information. |
| CVE-2025-43304 | 2025-09-15 | A race condition was addressed with improved state handling. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to gain root privileges. |
| CVE-2025-43353 | 2025-09-15 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. Processing a maliciously crafted string may lead to heap corruption. |
| CVE-2025-43312 | 2025-09-15 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to cause unexpected system termination. |
| CVE-2025-43369 | 2025-09-15 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data. |
| CVE-2025-43294 | 2025-09-15 | An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1.... |
| CVE-2025-43328 | 2025-09-15 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. |
| CVE-2025-43308 | 2025-09-15 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access sensitive user data. |
| CVE-2025-43349 | 2025-09-15 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7,... |
| CVE-2025-43298 | 2025-09-15 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be... |
| CVE-2025-43332 | 2025-09-15 | A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to break out of its... |
| CVE-2025-30075 | 2025-09-16 | In Alludo MindManager before 25.0.208 on Windows, attackers could potentially execute code as other local users on the same machine if they could write DLL files to directories within victims'... |
| CVE-2025-44034 | 2025-09-16 | SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the alph parameters in src/main/Java/cn/gson/oasys/controller/address/AddrController |
| CVE-2025-52044 | 2025-09-16 | In Frappe ERPNext v15.57.5, the function get_stock_balance() at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventory_dimensions_dict... |
| CVE-2025-54391 | 2025-09-16 | A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentials to bypass Two-Factor Authentication (2FA) protection. The attacker can configure an additional... |
| CVE-2025-55834 | 2025-09-16 | A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information via the logController.do component |
| CVE-2025-56263 | 2025-09-16 | by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api/sms/upload/headImg endpoint allows uploading arbitrary files. Users can upload files of any size and type. |
| CVE-2025-56264 | 2025-09-16 | The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability. |
| CVE-2025-56276 | 2025-09-16 | code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the registration function. An attacker enters malicious JavaScript code as a username, which triggers the XSS... |
| CVE-2025-56280 | 2025-09-16 | code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the area where users submit reservation information. |
| CVE-2025-56289 | 2025-09-16 | code-projects Document Management System 1.0 has a Cross Site Scripting (XSS) vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field when adding... |
| CVE-2025-56293 | 2025-09-16 | code-projects Human Resource Integrated System 1.0 is vulnerable to Cross Site Scripting (XSS) in the Add Child Information section in the Childs Name field. |
| CVE-2025-56295 | 2025-09-16 | code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection... |
| CVE-2025-56557 | 2025-09-16 | An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol. |
| CVE-2025-56562 | 2025-09-16 | An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address. |
| CVE-2025-56697 | 2025-09-16 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the /users/adminpanel/admin/home.php?page=feedbacks file of Kashipara Computer Base Test v1.0. Attackers can inject malicious scripts via the smyFeedbacks POST parameter in /users/home.php. |
| CVE-2025-56706 | 2025-09-16 | Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability via the Object parameter in the openwrt_getConfig function. |
| CVE-2025-57119 | 2025-09-16 | An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function |
| CVE-2025-57145 | 2025-09-16 | A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an... |
| CVE-2025-57624 | 2025-09-16 | A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs. |
| CVE-2025-57625 | 2025-09-16 | CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability. A low-privileged user can abuse these issues to escalate privileges and execute arbitrary code in the... |
| CVE-2025-57631 | 2025-09-16 | SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module |
| CVE-2025-59436 | 2025-09-16 | The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists... |
| CVE-2025-59437 | 2025-09-16 | The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists... |
| CVE-2025-59453 | 2025-09-16 | Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized... |
| CVE-2025-9808 | 2025-09-16 | The Events Calendar <= 6.15.2 - Missing Authorization to Unauthenticated Password-Protected Information Disclosure |
| CVE-2024-12367 | 2025-09-16 | Information Disclosure in Vegagrup Software's Vega Master |
| CVE-2025-5518 | 2025-09-16 | IDOR in ArgusTech's BILGER |
| CVE-2025-5519 | 2025-09-16 | Information Disclosure in ArgusTech's BILGER |
| CVE-2023-53263 | 2025-09-16 | drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create |
| CVE-2023-53264 | 2025-09-16 | clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe |
| CVE-2023-53265 | 2025-09-16 | ubi: ensure that VID header offset + VID header size <= alloc, size |
| CVE-2023-53266 | 2025-09-16 | arm64: acpi: Fix possible memory leak of ffh_ctxt |
| CVE-2023-53267 | 2025-09-16 | driver: soc: xilinx: fix memory leak in xlnx_add_cb_for_notify_event() |
| CVE-2023-53268 | 2025-09-16 | ASoC: fsl_mqs: move of_node_put() to the correct location |
| CVE-2023-53269 | 2025-09-16 | block: ublk: make sure that block size is set correctly |
| CVE-2023-53270 | 2025-09-16 | ext4: fix i_disksize exceeding i_size problem in paritally written case |
| CVE-2023-53271 | 2025-09-16 | ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() |
| CVE-2023-53272 | 2025-09-16 | net: ena: fix shift-out-of-bounds in exponential backoff |
| CVE-2023-53273 | 2025-09-16 | Drivers: vmbus: Check for channel allocation before looking up relids |
| CVE-2023-53274 | 2025-09-16 | clk: mediatek: mt8183: Add back SSPM related clocks |
| CVE-2023-53275 | 2025-09-16 | ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() |
| CVE-2023-53276 | 2025-09-16 | ubifs: Free memory for tmpfile name |
| CVE-2023-53277 | 2025-09-16 | wifi: iwl3945: Add missing check for create_singlethread_workqueue |
| CVE-2023-53278 | 2025-09-16 | ubifs: Fix memory leak in ubifs_sysfs_init() |
| CVE-2023-53279 | 2025-09-16 | misc: vmw_balloon: fix memory leak with using debugfs_lookup() |
| CVE-2023-53280 | 2025-09-16 | scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue |
| CVE-2023-53281 | 2025-09-16 | drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() |
| CVE-2023-53282 | 2025-09-16 | scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write |
| CVE-2023-53284 | 2025-09-16 | drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init() |
| CVE-2023-53285 | 2025-09-16 | ext4: add bounds checking in get_max_inline_xattr_value_size() |
| CVE-2023-53286 | 2025-09-16 | RDMA/mlx5: Return the firmware result upon destroying QP/RQ |
| CVE-2023-53287 | 2025-09-16 | usb: cdns3: Put the cdns set active part outside the spin lock |
| CVE-2023-53288 | 2025-09-16 | drm/client: Fix memory leak in drm_client_modeset_probe |
| CVE-2023-53289 | 2025-09-16 | media: bdisp: Add missing check for create_workqueue |
| CVE-2023-53290 | 2025-09-16 | samples/bpf: Fix fout leak in hbm's run_bpf_prog |
| CVE-2023-53291 | 2025-09-16 | rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale |
| CVE-2023-53292 | 2025-09-16 | blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none |
| CVE-2023-53294 | 2025-09-16 | fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() |
| CVE-2023-53295 | 2025-09-16 | udf: Do not update file length for failed writes to inline files |
| CVE-2023-53296 | 2025-09-16 | sctp: check send stream number after wait_for_sndbuf |
| CVE-2023-53297 | 2025-09-16 | Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp |
| CVE-2023-53298 | 2025-09-16 | nfc: fix memory leak of se_io context in nfc_genl_se_io |
| CVE-2023-53299 | 2025-09-16 | md/raid10: fix leak of 'r10bio->remaining' for recovery |
| CVE-2023-53300 | 2025-09-16 | media: hi846: Fix memleak in hi846_init_controls() |