CVE List - 2025 / September
Showing 101 - 200 of 4322 CVEs for September 2025 (Page 2 of 44)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-56254 | 2025-09-02 | PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave... |
| CVE-2025-57140 | 2025-09-02 | rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path. |
| CVE-2025-57611 | 2025-09-02 | An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the dump() method allows an attacker to cause a denial of service. The vulnerability exists... |
| CVE-2025-57612 | 2025-09-02 | An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial of service. The vulnerability exists... |
| CVE-2025-57613 | 2025-09-02 | An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of service. The... |
| CVE-2025-57614 | 2025-09-02 | An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid input vulnerability in the cached method allows an attacker to cause a denial of service or... |
| CVE-2025-57615 | 2025-09-02 | An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a... |
| CVE-2025-57616 | 2025-09-02 | An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability in the write_interleaved method allows an attacker to cause a denial of service or memory corruption. The... |
| CVE-2025-9805 | 2025-09-02 | SimStudioAI sim route.ts server-side request forgery |
| CVE-2025-57808 | 2025-09-02 | ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header |
| CVE-2025-9806 | 2025-09-02 | Tenda F1202 Administrative shadow hard-coded credentials |
| CVE-2025-58161 | 2025-09-02 | MobSF Path Traversal in GET /download/<filename> using absolute filenames |
| CVE-2025-58162 | 2025-09-02 | MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction |
| CVE-2025-58178 | 2025-09-02 | Command Injection via sonarqube-scan-action GitHub Action |
| CVE-2025-8662 | 2025-09-02 | OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1. |
| CVE-2025-9811 | 2025-09-02 | Campcodes Farm Management System reviewInput.php sql injection |
| CVE-2025-9812 | 2025-09-02 | Tenda CH22 exeCommand formexeCommand buffer overflow |
| CVE-2025-9813 | 2025-09-02 | Tenda CH22 SetSambaConf formSetSambaConf buffer overflow |
| CVE-2025-9814 | 2025-09-02 | PHPGurukul Beauty Parlour Management System contact-us.php sql injection |
| CVE-2025-9815 | 2025-09-02 | alaneuler batteryKid NSXPCListener PrivilegeHelper.swift missing authentication |
| CVE-2025-44017 | 2025-09-02 | "Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON... |
| CVE-2025-41690 | 2025-09-02 | Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain conditions |
| CVE-2025-41030 | 2025-09-02 | Multiple vulnerabilities in Deporsite by T-INNOVA |
| CVE-2025-41031 | 2025-09-02 | Multiple vulnerabilities in Deporsite by T-INNOVA |
| CVE-2025-9573 | 2025-09-02 | Command Injection in extension "TYPO3 Backup Plus" (ns_backup) |
| CVE-2025-5662 | 2025-09-02 | Deserialization Vulnerability in h2oai/h2o-3 |
| CVE-2025-6519 | 2025-09-02 | Consistent predictable generation of the password for the default admin user "ONEDAY" to the application services |
| CVE-2025-52543 | 2025-09-02 | Login to the application services using only the password hash |
| CVE-2025-52544 | 2025-09-02 | Arbitrary read file from the filesystem |
| CVE-2025-52545 | 2025-09-02 | Privilege escalation in the application services |
| CVE-2025-52546 | 2025-09-02 | Stored XSS by uploading a specially crafted floor plan file |
| CVE-2025-52547 | 2025-09-02 | DoS to the application services |
| CVE-2025-52548 | 2025-09-02 | Enabling SSH and Shellinabox on the vulnerable machine |
| CVE-2025-52549 | 2025-09-02 | Predictable root linux password generation |
| CVE-2025-52550 | 2025-09-02 | Firmware upgrade packages are unsigned |
| CVE-2025-52551 | 2025-09-02 | Proprietary protocol allows for unauthenticated file operations |
| CVE-2025-46810 | 2025-09-02 | A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29. |
| CVE-2024-12972 | 2025-09-02 | XSS in Akinsoft's OctoCloud |
| CVE-2024-12973 | 2025-09-02 | Host Header Injection in Akinsoft's OctoCloud |
| CVE-2025-0640 | 2025-09-02 | IDOR in Akinsoft's OctoCloud |
| CVE-2024-52284 | 2025-09-02 | Rancher Fleet Helm Values are stored inside BundleDeployment in plain text |
| CVE-2025-2414 | 2025-09-02 | OTP Bypass in Akinsoft's OctoCloud |
| CVE-2024-58259 | 2025-09-02 | Rancher affected by unauthenticated Denial of Service |
| CVE-2024-12974 | 2025-09-02 | XSS in Akinsoft's ProKuaför |
| CVE-2025-0670 | 2025-09-02 | IDOR in Akinsoft's ProKuafor |
| CVE-2025-2413 | 2025-09-02 | OTP Bypass in Akinsoft's ProKuafor |
| CVE-2025-9784 | 2025-09-02 | Undertow: undertow madeyoureset http/2 ddos vulnerability |
| CVE-2025-9696 | 2025-09-02 | Use of Hard-coded Credentials in SunPower PVS6 |
| CVE-2025-9828 | 2025-09-02 | Tenda CP6 uhttp sub_2B7D04 risky encryption |
| CVE-2025-9189 | 2025-09-02 | Out Of Bounds Write when parsing a DSB file with Digilent DASYLab |
| CVE-2025-57774 | 2025-09-02 | Out Of Bounds Write of invalid data when parsing a DSB file with Digilent DASYLab |
| CVE-2025-57776 | 2025-09-02 | Out Of Bounds Write to invalid address when parsing a DSB file with Digilent DASYLab |
| CVE-2025-57778 | 2025-09-02 | Out Of Bounds Write to invalid source address when parsing a DSB file with Digilent DASYLab |
| CVE-2025-9188 | 2025-09-02 | Deserialization of Untrusted Data when parsing a DSB file with Digilent DASYLab |
| CVE-2025-57775 | 2025-09-02 | Heap-based Buffer Overflow when parsing a DSB file with Digilent DASYLab |
| CVE-2025-57777 | 2025-09-02 | Out Of Bounds Write in displ2.dll when parsing a DSB file with Digilent DASYLab |
| CVE-2025-43726 | 2025-09-02 | Dell Alienware Command Center 5.x (AWCC), versions prior to 5.10.2.0, contains an Improper Link Resolution Before File Access ('Link Following')" vulnerability. A low privileged attacker with local access could potentially... |
| CVE-2025-9829 | 2025-09-02 | PHPGurukul Beauty Parlour Management System signup.php sql injection |
| CVE-2025-36162 | 2025-09-02 | IBM DevOps Deploy / IBM UrbanCode Deploy information disclosure |
| CVE-2025-7974 | 2025-09-02 | rocket.chat Incorrect Authorization Information Disclosure Vulnerability |
| CVE-2025-8614 | 2025-09-02 | NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| CVE-2025-7975 | 2025-09-02 | Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability |
| CVE-2025-7976 | 2025-09-02 | Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| CVE-2025-6685 | 2025-09-02 | ATEN eco DC Missing Authorization Privilege Escalation Vulnerability |
| CVE-2025-8613 | 2025-09-02 | Vacron Camera ping Command Injection Remote Code Execution Vulnerability |
| CVE-2025-9273 | 2025-09-02 | CData API Server MySQL Misconfiguration Information Disclosure Vulnerability |
| CVE-2025-9274 | 2025-09-02 | Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability |
| CVE-2025-9275 | 2025-09-02 | Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-9276 | 2025-09-02 | Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability |
| CVE-2025-9830 | 2025-09-02 | PHPGurukul Beauty Parlour Management System add-customer-services.php sql injection |
| CVE-2025-8302 | 2025-09-02 | Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability |
| CVE-2025-8301 | 2025-09-02 | Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability |
| CVE-2025-8298 | 2025-09-02 | Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2025-8299 | 2025-09-02 | Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability |
| CVE-2025-8300 | 2025-09-02 | Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability |
| CVE-2025-9329 | 2025-09-02 | Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-9328 | 2025-09-02 | Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-9327 | 2025-09-02 | Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2025-9326 | 2025-09-02 | Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-9325 | 2025-09-02 | Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2025-9324 | 2025-09-02 | Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2025-9323 | 2025-09-02 | Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2025-9330 | 2025-09-02 | Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| CVE-2025-9831 | 2025-09-02 | PHPGurukul Beauty Parlour Management System edit-services.php sql injection |
| CVE-2025-9832 | 2025-09-02 | SourceCodester Food Ordering Management System register-router.php sql injection |
| CVE-2025-9833 | 2025-09-02 | SourceCodester Online Farm Management System login.php sql injection |
| CVE-2025-9834 | 2025-09-02 | PHPGurukul Small CRM registration.php cross site scripting |
| CVE-2025-9835 | 2025-09-02 | macrozheng mall cancelUserOrder cancelOrder authorization |
| CVE-2025-9836 | 2025-09-02 | macrozheng mall paySuccess authorization |
| CVE-2025-9837 | 2025-09-02 | itsourcecode Student Information Management System index.php sql injection |
| CVE-2024-40653 | 2025-09-02 | In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to... |
| CVE-2024-49720 | 2025-09-02 | In multiple functions of Permissions.java, there is a possible way to override the state of the user's location permissions due to a logic error in the code. This could lead... |
| CVE-2024-49722 | 2025-09-02 | In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2024-49728 | 2025-09-02 | In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2024-49730 | 2025-09-02 | In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2025-22416 | 2025-09-02 | In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no... |
| CVE-2025-22417 | 2025-09-02 | In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional... |
| CVE-2025-22418 | 2025-09-02 | In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... |
| CVE-2025-22419 | 2025-09-02 | In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could lead to local escalation of... |
| CVE-2025-22421 | 2025-09-02 | In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information disclosure with... |