CVE List - 2025 / September
Showing 1201 - 1300 of 4322 CVEs for September 2025 (Page 13 of 44)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-55145 | 2025-09-09 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed... |
| CVE-2025-55146 | 2025-09-09 | An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4... |
| CVE-2025-55147 | 2025-09-09 | CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on... |
| CVE-2025-55148 | 2025-09-09 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed... |
| CVE-2025-55139 | 2025-09-09 | SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on... |
| CVE-2025-55141 | 2025-09-09 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed... |
| CVE-2025-55142 | 2025-09-09 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed... |
| CVE-2025-55143 | 2025-09-09 | Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix... |
| CVE-2025-55144 | 2025-09-09 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed... |
| CVE-2025-59008 | 2025-09-09 | WordPress ZIP Code Based Content Protection plugin <= 1.0.0 - SQL Injection vulnerability |
| CVE-2025-59005 | 2025-09-09 | WordPress Categorify plugin <= 1.0.7.5 - Broken Access Control vulnerability |
| CVE-2025-49860 | 2025-09-09 | WordPress Majestic Support plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2025-47695 | 2025-09-09 | WordPress Blog Designer PRO plugin <= 3.4.7 - Authenticated Non-Arbitrary Local File Inclusion vulnerability |
| CVE-2025-47694 | 2025-09-09 | WordPress Blog Designer PRO plugin <= 3.4.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47579 | 2025-09-09 | WordPress Photography theme <= 7.5.2 - Unauthenticated PHP Object Injection vulnerability |
| CVE-2025-47571 | 2025-09-09 | WordPress Super Store Finder plugin <= 6.9.7 - Local File Inclusion vulnerability |
| CVE-2025-47570 | 2025-09-09 | WordPress WooCommerce Photo Reviews plugin <= 1.3.13 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47569 | 2025-09-09 | WordPress WooCommerce Ultimate Gift Card plugin <= 2.8.10 - SQL Injection vulnerability |
| CVE-2025-47437 | 2025-09-09 | WordPress LiteSpeed Cache plugin <= 7.0.1 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-39553 | 2025-09-09 | WordPress Church Admin plugin <= 5.0.9 - Sensitive Data Exposure vulnerability |
| CVE-2025-39541 | 2025-09-09 | WordPress WP Simple Booking Calendar plugin <= 2.0.13 - Broken Access Control vulnerability |
| CVE-2025-39523 | 2025-09-09 | WordPress GoodBarber plugin <= 1.0.26 - Open Redirection Vulnerability |
| CVE-2025-32688 | 2025-09-09 | WordPress Target Video Easy Publish plugin <= 3.8.8 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-32689 | 2025-09-09 | WordPress Download Manager and Payment Form plugin <= 2.7.13 - Price Manipulation vulnerability |
| CVE-2025-32486 | 2025-09-09 | WordPress Material Dashboard plugin <= 1.4.6 - Privilege Escalation Vulnerability |
| CVE-2025-54709 | 2025-09-09 | WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability |
| CVE-2025-53348 | 2025-09-09 | WordPress Kalium Theme <= 3.18.3 - Broken Access Control Vulnerability |
| CVE-2025-53340 | 2025-09-09 | WordPress Awesome Support Plugin <= 6.3.4 - Sensitive Data Exposure Vulnerability |
| CVE-2025-53291 | 2025-09-09 | WordPress Spreadconnect plugin <= 2.1.5 - Broken Access Control Vulnerability |
| CVE-2025-30875 | 2025-09-09 | WordPress WP Weixin plugin <= 1.3.16 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49430 | 2025-09-09 | WordPress Ultimate Video Player Plugin <= 10.1 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-48101 | 2025-09-09 | WordPress Constant Contact for WordPress Plugin <= 4.1.1 - PHP Object Injection Vulnerability |
| CVE-2025-58215 | 2025-09-09 | WordPress Ziston Theme < 1.4.5 - Local File Inclusion Vulnerability |
| CVE-2025-53303 | 2025-09-09 | WordPress ThemeMove Core Plugin <= 1.4.2 - PHP Object Injection Vulnerability |
| CVE-2025-5005 | 2025-09-09 | Shanghai Lingdang Information Technology Lingdang CRM index_event.php server-side request forgery |
| CVE-2025-5500 | 2025-09-09 | ZhenShi Mibro Fit App com.xiaoxun.xunoversea.mibrofit AndroidManifest.xml improper export of android application components |
| CVE-2025-58997 | 2025-09-09 | WordPress Mow Theme <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58993 | 2025-09-09 | WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability |
| CVE-2025-58990 | 2025-09-09 | WordPress ShopLentor Plugin <= 3.2.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58991 | 2025-09-09 | WordPress WooCommerce Booking Bundle Hours Plugin <= 0.7.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58989 | 2025-09-09 | WordPress Dynamic Text Field For Contact Form 7 Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58988 | 2025-09-09 | WordPress My Tickets Plugin <= 2.0.22 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58987 | 2025-09-09 | WordPress Football Pool Plugin <= 2.12.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58985 | 2025-09-09 | WordPress Additional Custom Product Tabs for WooCommerce Plugin <= 1.7.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58984 | 2025-09-09 | WordPress Welcart e-Commerce Plugin <= 2.11.20 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58983 | 2025-09-09 | WordPress Include Me Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58982 | 2025-09-09 | WordPress Pixeline's Email Protector Plugin <= 1.3.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58981 | 2025-09-09 | WordPress Accessibility Checker by Equalize Digital Plugin <= 1.31.0 - Broken Access Control Vulnerability |
| CVE-2025-58980 | 2025-09-09 | WordPress Export WP Page to Static HTML/CSS Plugin <= 4.1.0 - Broken Access Control Vulnerability |
| CVE-2025-58979 | 2025-09-09 | WordPress BerqWP Plugin <= 2.2.53 - Broken Access Control Vulnerability |
| CVE-2025-58978 | 2025-09-09 | WordPress PDF Generator for WordPress Plugin <= 1.5.4 - Broken Access Control Vulnerability |
| CVE-2025-58977 | 2025-09-09 | WordPress WP eBay Product Feeds Plugin <= 3.4.8 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-58976 | 2025-09-09 | WordPress Accessibility Checker by Equalize Digital Plugin <= 1.31.0 - Broken Access Control Vulnerability |
| CVE-2025-58975 | 2025-09-09 | WordPress Advanced Settings Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54249 | 2025-09-09 | Adobe Experience Manager | Server-Side Request Forgery (SSRF) (CWE-918) |
| CVE-2025-54252 | 2025-09-09 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-54251 | 2025-09-09 | Adobe Experience Manager | XML Injection (aka Blind XPath Injection) (CWE-91) |
| CVE-2025-54248 | 2025-09-09 | Adobe Experience Manager | Improper Input Validation (CWE-20) |
| CVE-2025-54246 | 2025-09-09 | Adobe Experience Manager | Incorrect Authorization (CWE-863) |
| CVE-2025-54247 | 2025-09-09 | Adobe Experience Manager | Improper Input Validation (CWE-20) |
| CVE-2025-54250 | 2025-09-09 | Adobe Experience Manager | Improper Input Validation (CWE-20) |
| CVE-2025-54261 | 2025-09-09 | ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
| CVE-2025-49734 | 2025-09-09 | PowerShell Direct Elevation of Privilege Vulnerability |
| CVE-2025-53797 | 2025-09-09 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-53798 | 2025-09-09 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-54095 | 2025-09-09 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-54096 | 2025-09-09 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-54097 | 2025-09-09 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-54099 | 2025-09-09 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-54101 | 2025-09-09 | Windows SMB Client Remote Code Execution Vulnerability |
| CVE-2025-54102 | 2025-09-09 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability |
| CVE-2025-54106 | 2025-09-09 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-54110 | 2025-09-09 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-54111 | 2025-09-09 | Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability |
| CVE-2025-54894 | 2025-09-09 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability |
| CVE-2025-54895 | 2025-09-09 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability |
| CVE-2025-54896 | 2025-09-09 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-54897 | 2025-09-09 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2025-54898 | 2025-09-09 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-54899 | 2025-09-09 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-54902 | 2025-09-09 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-54903 | 2025-09-09 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-54904 | 2025-09-09 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-54905 | 2025-09-09 | Microsoft Word Information Disclosure Vulnerability |
| CVE-2025-54906 | 2025-09-09 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-54907 | 2025-09-09 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2025-54908 | 2025-09-09 | Microsoft PowerPoint Remote Code Execution Vulnerability |
| CVE-2025-54913 | 2025-09-09 | Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability |
| CVE-2025-54916 | 2025-09-09 | Windows NTFS Remote Code Execution Vulnerability |
| CVE-2025-54918 | 2025-09-09 | Windows NTLM Elevation of Privilege Vulnerability |
| CVE-2025-54919 | 2025-09-09 | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2025-55223 | 2025-09-09 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| CVE-2025-55225 | 2025-09-09 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-55226 | 2025-09-09 | Graphics Kernel Remote Code Execution Vulnerability |
| CVE-2025-55228 | 2025-09-09 | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2025-55232 | 2025-09-09 | Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability |
| CVE-2025-55236 | 2025-09-09 | Graphics Kernel Remote Code Execution Vulnerability |
| CVE-2025-55245 | 2025-09-09 | Xbox Gaming Services Elevation of Privilege Vulnerability |
| CVE-2025-55243 | 2025-09-09 | Microsoft OfficePlus Spoofing Vulnerability |
| CVE-2025-55316 | 2025-09-09 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |