CVE List - 2025 / September

Showing 2601 - 2700 of 4322 CVEs for September 2025 (Page 27 of 44)

Back to List Previous Next

CVE ID	Date	Title
CVE-2025-35434	2025-09-17	CISA Thorium does not validate TLS connections to Elasticsearch
CVE-2025-35435	2025-09-17	CISA Thorium download stream divide by zero
CVE-2025-35436	2025-09-17	CISA Thorium account verification email error handling
CVE-2025-10602	2025-09-17	SourceCodester Online Exam Form Submission delete_s1.php sql injection
CVE-2025-10603	2025-09-17	PHPGurukul Online Discussion Forum search_result.php sql injection
CVE-2025-58431	2025-09-17	ZimaOS reads arbitrary files using localhost calls to File API Download
CVE-2025-58432	2025-09-17	ZimaOS Privilege Escalation using localhost calls to File API Upload
CVE-2025-10604	2025-09-17	PHPGurukul Online Discussion Forum edit_member.php sql injection
CVE-2025-10605	2025-09-17	Portabilis i-Educar agenda_preferencias.php cross site scripting
CVE-2025-58766	2025-09-17	Dyad Vulnerable to Remote Code Execution via Top-level Navigation in Preview Window
CVE-2025-58767	2025-09-17	REXML has a DoS condition when parsing malformed XML file
CVE-2025-59339	2025-09-17	The Bastion ttyrec files are not signed after encryption by the osh-encrypt-rsync script
CVE-2025-59341	2025-09-17	Local File Inclusion in esm.sh
CVE-2025-59342	2025-09-17	esm.sh writes arbitrary files via path traversal in `X-Zone-Id` header
CVE-2025-10606	2025-09-17	Portabilis i-Educar ConfiguracaoMovimentoGeral cross site scripting
CVE-2025-10607	2025-09-17	Portabilis i-Educar diarioApi information disclosure
CVE-2025-10608	2025-09-17	Portabilis i-Educar enrollment-history access control
CVE-2025-59414	2025-09-17	Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival
CVE-2025-59416	2025-09-17	The Scratch Channel forks can publish articles
CVE-2025-10613	2025-09-17	itsourcecode Student Information System leveledit1.php sql injection
CVE-2025-59345	2025-09-17	Dragonfly did not enable authentication for some Manager’s endpoints
CVE-2025-59346	2025-09-17	Dragonfly server-side request forgery vulnerability
CVE-2025-59347	2025-09-17	Dragonfly Manager makes requests to external endpoints with disabled TLS authentication
CVE-2025-59348	2025-09-17	Dragonfly incorrectly handles a task structure’s usedTraffic field
CVE-2025-37122	2025-09-17	Unauthenticated Reflected Cross-Site Scripting
CVE-2025-10614	2025-09-17	itsourcecode E-Logbook with Health Monitoring System for COVID-19 print_reports_prev.php cross site scripting
CVE-2025-59349	2025-09-17	Directories created via os.MkdirAll are not checked for permissions
CVE-2025-59350	2025-09-17	Timing attacks against Proxy’s basic authentication are possible
CVE-2025-59351	2025-09-17	Dragonfly possibly panics due to nil pointer dereference when using variables created alongside an error
CVE-2025-59352	2025-09-17	Dragonfly allows arbitrary file read and write on a peer machine
CVE-2025-59353	2025-09-17	Manager generates mTLS certificates for arbitrary IP addresses
CVE-2025-59354	2025-09-17	Dragonfly has weak integrity checks for downloaded files
CVE-2025-59410	2025-09-17	Dragonfly tiny file download uses hard coded HTTP protocol
CVE-2025-59340	2025-09-17	jinjava Sandbox Bypass via JavaType-Based Deserialization
CVE-2025-10615	2025-09-17	itsourcecode E-Commerce Website products.php unrestricted upload
CVE-2025-10616	2025-09-17	itsourcecode E-Commerce Website users.php unrestricted upload
CVE-2025-10617	2025-09-17	SourceCodester Online Polling System positions.php sql injection
CVE-2025-10643	2025-09-17	Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability
CVE-2025-10644	2025-09-17	Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
CVE-2025-7977	2025-09-17	Ashlar-Vellum Cobalt LI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7982	2025-09-17	Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2025-7980	2025-09-17	Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7978	2025-09-17	Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability
CVE-2025-7979	2025-09-17	Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-7981	2025-09-17	Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability
CVE-2025-7983	2025-09-17	Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-7984	2025-09-17	Ashlar-Vellum Cobalt AR File Parsing Uninitialized Variable Remote Code Execution Vulnerability
CVE-2025-7985	2025-09-17	Ashlar-Vellum Cobalt VC6 File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2025-7990	2025-09-17	Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7986	2025-09-17	Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7989	2025-09-17	Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7987	2025-09-17	Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7992	2025-09-17	Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7991	2025-09-17	Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7988	2025-09-17	Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7999	2025-09-17	Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-7994	2025-09-17	Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7998	2025-09-17	Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7996	2025-09-17	Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7995	2025-09-17	Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-8000	2025-09-17	Ashlar-Vellum Cobalt LI File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-7997	2025-09-17	Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-8003	2025-09-17	Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-8001	2025-09-17	Ashlar-Vellum Cobalt CO File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-8005	2025-09-17	Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-8004	2025-09-17	Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-8002	2025-09-17	Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-8006	2025-09-17	Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7993	2025-09-17	Ashlar-Vellum Cobalt LI File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2025-10618	2025-09-17	itsourcecode Online Clinic Management System transact.php sql injection
CVE-2025-10619	2025-09-17	sequa-ai sequa-mcp OAuth Server Discovery node-oauth-client-provider.ts redirectToAuthorization os command injection
CVE-2025-59415	2025-09-17	Frappe Learning vulnerable to Malicious Content upload via Profile bio field
CVE-2025-10620	2025-09-17	itsourcecode Online Clinic Management System editp2.php sql injection
CVE-2025-23316	2025-09-17	NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter...
CVE-2025-23328	2025-09-17	NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write through a specially crafted input. A successful exploit of this vulnerability...
CVE-2025-23329	2025-09-17	NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and accessing the shared memory region used by the Python...
CVE-2025-23336	2025-09-17	NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of service by loading a misconfigured model. A successful exploit of this...
CVE-2025-10621	2025-09-17	SourceCodester Hotel Reservation System editroomimage.php sql injection
CVE-2025-23268	2025-09-17	NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper input validation issue. A successful exploit of this vulnerability may lead to...
CVE-2025-23337	2025-09-17	NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access...
CVE-2025-10623	2025-09-17	SourceCodester Hotel Reservation System deleteuser.php sql injection
CVE-2025-10624	2025-09-17	PHPGurukul User Management System login.php sql injection
CVE-2025-10625	2025-09-17	SourceCodester Online Exam Form Submission dashboard.php sql injection
CVE-2025-10626	2025-09-17	SourceCodester Online Exam Form Submission update_s3.php sql injection
CVE-2025-10627	2025-09-17	SourceCodester Online Exam Form Submission delete_user.php sql injection
CVE-2023-49367	2025-09-18	An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user.
CVE-2025-50255	2025-09-18	Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request.
CVE-2025-55911	2025-09-18	An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameter
CVE-2025-55912	2025-09-18	An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to missing access...
CVE-2025-57293	2025-09-18	A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is not sanitized, allowing attackers to...
CVE-2025-57295	2025-09-18	H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses...
CVE-2025-57452	2025-09-18	In realme BackupRestore app v15.1.12_2810c08_250314, improper URI scheme handling in com.coloros.pc.PcToolMainActivity allows local attackers to cause a crash and potential XSS via crafted ADB intents.
CVE-2025-59691	2025-09-18	PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI...
CVE-2025-59692	2025-09-18	PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes...
CVE-2025-10628	2025-09-18	D-Link DIR-852 Web Management hedwig.cgi command injection
CVE-2025-10629	2025-09-18	D-Link DIR-852 Simple Service Discovery Protocol Service cgibin ssdpcgi_main command injection
CVE-2025-10631	2025-09-18	itsourcecode Online Petshop Management System Available Products addcnp.php cross site scripting
CVE-2025-10632	2025-09-18	itsourcecode Online Petshop Management System Admin Dashboard availableframe.php cross site scripting
CVE-2025-10634	2025-09-18	D-Link DIR-823X Environment Variable goahead sub_412E7C command injection
CVE-2025-10642	2025-09-18	wangchenyi1996 chat_forum q.php cross site scripting