CVE List - 2025 / September
Showing 3001 - 3100 of 4322 CVEs for September 2025 (Page 31 of 44)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-59431 | 2025-09-19 | MapServer - WFS XML Filter Query SQL injection |
| CVE-2025-9081 | 2025-09-19 | IDOR in board file download allows any user to download any file by UUID |
| CVE-2025-10568 | 2025-09-19 | HyperX NGENUITY - Arbitrary Code Execution |
| CVE-2025-43808 | 2025-09-19 | The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update... |
| CVE-2025-10652 | 2025-09-20 | Robcore Netatmo <= 1.7 - Authenticated (Contributor+) SQL Injection via robcore-netatmo Shortcode |
| CVE-2025-10181 | 2025-09-20 | Draft List <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-10489 | 2025-09-20 | SureForms – Drag and Drop Form Builder for WordPress <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form Creation |
| CVE-2025-10305 | 2025-09-20 | Secure Passkeys <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Passkey Exposure and Deletion |
| CVE-2025-10002 | 2025-09-20 | ClickWhale <= 2.5.0 - Authenticated (Admin+) SQL injection |
| CVE-2025-9949 | 2025-09-20 | Internal Links Manager <= 3.0.1 - Cross-Site Request Forgery |
| CVE-2025-10658 | 2025-09-20 | SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.7 - Authentication Bypass to Support Session Takeover |
| CVE-2025-9882 | 2025-09-20 | osTicket WP Bridge <= 1.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9883 | 2025-09-20 | Browser Sniff <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9887 | 2025-09-20 | Custom Login And Signup Widget <= 1.0 - Cross-Site Request Forgery |
| CVE-2025-10741 | 2025-09-20 | Selleo Mentingo Profile Picture unrestricted upload |
| CVE-2025-40925 | 2025-09-20 | Starch versions 0.14 and earlier generate session ids insecurely |
| CVE-2025-10755 | 2025-09-20 | Selleo Mentingo Content-Type unrestricted upload |
| CVE-2025-10756 | 2025-09-20 | UTT HiPER 840G getOneApConfTempEntry buffer overflow |
| CVE-2025-10757 | 2025-09-20 | UTT 1200GW formConfigDnsFilterGlobal buffer overflow |
| CVE-2025-10758 | 2025-09-21 | htmly Custom Field post cross site scripting |
| CVE-2025-10759 | 2025-09-21 | Webkul QloApps CSRF Token authorization |
| CVE-2025-10760 | 2025-09-21 | Harness lookup_repo.go LookupRepo server-side request forgery |
| CVE-2025-10761 | 2025-09-21 | Harness Login Endpoint login excessive authentication |
| CVE-2025-10762 | 2025-09-21 | kuaifan DooTask UsersController.php sql injection |
| CVE-2025-10763 | 2025-09-21 | academico-sis academico Profile Picture edit-photo unrestricted upload |
| CVE-2025-10764 | 2025-09-21 | SeriaWei ZKEACMS Event Action System PendingTaskController.cs Edit server-side request forgery |
| CVE-2025-10765 | 2025-09-21 | SeriaWei ZKEACMS SEOSuggestions ZKEACMS.SEOSuggestions.dll server-side request forgery |
| CVE-2025-10766 | 2025-09-21 | SeriaWei ZKEACMS EventViewerController.cs Download path traversal |
| CVE-2025-6544 | 2025-09-21 | Deserialization Vulnerability in h2oai/h2o-3 |
| CVE-2025-10768 | 2025-09-21 | h2oai h2o-3 IBMDB2 JDBC Driver ImportSQLTable deserialization |
| CVE-2025-10769 | 2025-09-21 | h2oai h2o-3 H2 JDBC Driver ImportSQLTable deserialization |
| CVE-2025-53692 | 2025-09-21 | Sitecore Experience Platform Cross-Site Scripting Vulnerability |
| CVE-2025-10767 | 2025-09-21 | CosmodiumCS OnlyRAT Configuration File main.py remote_download os command injection |
| CVE-2025-10770 | 2025-09-21 | jeecgboot JimuReport MySQL JDBC testConnection deserialization |
| CVE-2025-10771 | 2025-09-21 | jeecgboot JimuReport DB2 JDBC testConnection deserialization |
| CVE-2025-10772 | 2025-09-21 | huggingface LeRobot ZeroMQ Socket lekiwi_remote.py missing authentication |
| CVE-2025-43953 | 2025-09-22 | In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen. |
| CVE-2025-51006 | 2025-09-22 | Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine multiple times on... |
| CVE-2025-52367 | 2025-09-22 | Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field. |
| CVE-2025-55885 | 2025-09-22 | SQL Injection vulnerability in Alpes Recherche et Developpement ARD GEC en Lign before v.2025-04-23 allows a remote attacker to escalate privileges via the GET parameters in index.php |
| CVE-2025-55886 | 2025-09-22 | An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ARD. The flaw exists in the `fe_uid` parameter of the payment history API endpoint. An authenticated attacker can manipulate this... |
| CVE-2025-55887 | 2025-09-22 | Cross-Site Scripting (XSS) vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation... |
| CVE-2025-55888 | 2025-09-22 | Cross-Site Scripting (XSS) vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This... |
| CVE-2025-56074 | 2025-09-22 | A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the fromdate... |
| CVE-2025-56075 | 2025-09-22 | A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the fromdate... |
| CVE-2025-57203 | 2025-09-22 | MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS) vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted... |
| CVE-2025-57204 | 2025-09-22 | Stocky POS with Inventory Management & HRM (ui-lib) version 5.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability within the Products module available to authenticated users. The vulnerability resides... |
| CVE-2025-57205 | 2025-09-22 | iNiLabs School Express (SMS Express) 6.2 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the content-management features available to authenticated admin users. The vulnerability resides in POSTed editor... |
| CVE-2025-57430 | 2025-09-22 | Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials. |
| CVE-2025-57431 | 2025-09-22 | The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of... |
| CVE-2025-57432 | 2025-09-22 | Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and... |
| CVE-2025-57433 | 2025-09-22 | The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint (/cwi/ajax_request/get_data.php), an authenticated attacker (even with a low-privileged... |
| CVE-2025-57434 | 2025-09-22 | Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with... |
| CVE-2025-57437 | 2025-09-22 | The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an unauthenticated Telnet service on port 9977. When connected, the service reveals extensive device configuration data including: -... |
| CVE-2025-57438 | 2025-09-22 | The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible only after the admin explicitly grants access to a manager-level... |
| CVE-2025-57439 | 2025-09-22 | Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then... |
| CVE-2025-57440 | 2025-09-22 | The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented Telnet service on TCP port 9993, which accepts unauthenticated plaintext commands for controlling streaming, recording, formatting storage devices, and system reboot.... |
| CVE-2025-57441 | 2025-09-22 | The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information via an unauthenticated Telnet service on port 9990. Upon connection, the attacker can access a protocol preamble... |
| CVE-2025-57601 | 2025-09-22 | AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal"... |
| CVE-2025-57602 | 2025-09-22 | Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the... |
| CVE-2025-57605 | 2025-09-22 | Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results... |
| CVE-2025-57682 | 2025-09-22 | Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API |
| CVE-2025-57685 | 2025-09-22 | The LB-Link routers, including the BL-AC2100_AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000_AE4 v2.4.9, BL-AC1900_AZ2 v1.0.2, BL-X26_AC8 v1.2.8, and BL-LTE300_DA4 V1.2.3 models, are vulnerable to unauthorized command injection. Attackers can exploit this vulnerability... |
| CVE-2025-59797 | 2025-09-22 | Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/{id} and also URLs for eversports, the user-management page, and the plane page. |
| CVE-2025-59798 | 2025-09-22 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. |
| CVE-2025-59799 | 2025-09-22 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. |
| CVE-2025-59800 | 2025-09-22 | In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8. |
| CVE-2025-59801 | 2025-09-22 | In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked. |
| CVE-2025-10773 | 2025-09-22 | B-Link BL-AC2100 Web Management set_delshrpath_cfg delshrpath stack-based overflow |
| CVE-2025-10774 | 2025-09-22 | Ruijie 6000-E10 sub_commit.php os command injection |
| CVE-2025-10775 | 2025-09-22 | Wavlink WL-NU516U1 login.cgi sub_4012A0 os command injection |
| CVE-2025-10776 | 2025-09-22 | LionCoders SalePro POS Login cleartext transmission |
| CVE-2025-10777 | 2025-09-22 | JSC R7 R7-Office Document Server downloadas path traversal |
| CVE-2025-10778 | 2025-09-22 | Smartstore Gift Voucher confirm race condition |
| CVE-2025-10779 | 2025-09-22 | D-Link DCS-935L HNAP1 sub_402280 stack-based overflow |
| CVE-2025-10780 | 2025-09-22 | CodeAstro Simple Pharmacy Management view.php sql injection |
| CVE-2025-10781 | 2025-09-22 | Campcodes Online Learning Management System edit_class.php sql injection |
| CVE-2025-10782 | 2025-09-22 | Campcodes Online Learning Management System class.php sql injection |
| CVE-2025-10783 | 2025-09-22 | Campcodes Online Learning Management System add_subject.php sql injection |
| CVE-2025-10784 | 2025-09-22 | Campcodes Online Learning Management System edit_subject.php sql injection |
| CVE-2025-9115 | 2025-09-22 | Etsy Shop < 3.0.7 - Reflected XSS via $_SERVER['REQUEST_URI'] |
| CVE-2025-9487 | 2025-09-22 | Admin and Site Enhancements < 7.9.8 - Authenticated Stored XSS via SVG |
| CVE-2025-9540 | 2025-09-22 | Markup Markdown < 3.20.10 - Contributor+ Stored XSS |
| CVE-2025-9541 | 2025-09-22 | Markup Markdown < 3.20.10 - Contributor+ Stored XSS |
| CVE-2025-10785 | 2025-09-22 | Campcodes Grocery Sales and Inventory System manage_user.php sql injection |
| CVE-2025-10786 | 2025-09-22 | Campcodes Grocery Sales and Inventory System ajax.php sql injection |
| CVE-2025-10787 | 2025-09-22 | MuYuCMS Add Fiend Link index.html server-side request forgery |
| CVE-2025-10788 | 2025-09-22 | SourceCodester Online Hotel Reservation System deleteroominventory.php sql injection |
| CVE-2025-10789 | 2025-09-22 | SourceCodester Online Hotel Reservation System deleteslide.php sql injection |
| CVE-2025-0875 | 2025-09-22 | IDOR in Proliz Software's OBS |
| CVE-2025-5962 | 2025-09-22 | Rhel-lightspeed: improper access control in lightspeed history management allows local privilege manipulation |
| CVE-2025-10790 | 2025-09-22 | SourceCodester Simple Forum Discussion System ajax.php sql injection |
| CVE-2025-8079 | 2025-09-22 | Reflected XSS in Akıllı Ticaret Software Technologies' Smart Trade E-Commerce |
| CVE-2025-10791 | 2025-09-22 | code-projects Online Bidding System index.php sql injection |
| CVE-2025-9035 | 2025-09-22 | Reflected XSS in Horato Internet Technologies' Virtual Library Platform |
| CVE-2025-10009 | 2025-09-22 | Authenticated admin RCE in Invoice Ninja |
| CVE-2025-10792 | 2025-09-22 | D-Link DIR-513 formWPS buffer overflow |
| CVE-2025-10793 | 2025-09-22 | code-projects E-Commerce Website admin_account_delete.php sql injection |
| CVE-2025-25177 | 2025-09-22 | GPU DDK - Roll-back of pvr_exp_fence not in finalised state can cause UAF |
| CVE-2025-46711 | 2025-09-22 | GPU DDK - NULL Pointer dereference occurs in LockHandle on bridge entry when connection misused |