CVE List - 2025 / September
Showing 2501 - 2600 of 4322 CVEs for September 2025 (Page 26 of 44)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-9971 | 2025-09-17 | Planet Technology|Industrial Cellular Gateway - Missing Authentication |
| CVE-2025-9972 | 2025-09-17 | Planet Technology|Industrial Cellular Gateway - OS Command Injection |
| CVE-2025-9242 | 2025-09-17 | WatchGuard Firebox iked Out of Bounds Write Vulnerability |
| CVE-2025-0419 | 2025-09-17 | XSS in Mikrogrup's Zirve Nova |
| CVE-2025-59455 | 2025-09-17 | In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition |
| CVE-2025-59456 | 2025-09-17 | In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload |
| CVE-2025-59457 | 2025-09-17 | In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows |
| CVE-2025-59458 | 2025-09-17 | In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible due to improper command validation |
| CVE-2025-0420 | 2025-09-17 | XSS in Mikrogrup's Paraşüt |
| CVE-2025-10155 | 2025-09-17 | PickleScan Security Bypass Using Misleading File Extension |
| CVE-2025-10156 | 2025-09-17 | PickleScan Security Bypass via Bad CRC in ZIP Archive |
| CVE-2025-10590 | 2025-09-17 | Portabilis i-Educar educar_usuario_det.php cross site scripting |
| CVE-2025-10591 | 2025-09-17 | Portabilis i-Educar Editar Função educar_funcao_cad.php cross site scripting |
| CVE-2025-8411 | 2025-09-17 | XSS in Dokuzsoft Technology's E-Commerce Web Design Product |
| CVE-2025-8999 | 2025-09-17 | Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update |
| CVE-2025-10157 | 2025-09-17 | PickleScan Bypasses Unsafe Globals Check Using Submodule Imports |
| CVE-2025-0546 | 2025-09-17 | XSS in Mevzuattr Software's MevzuatTR |
| CVE-2025-10439 | 2025-09-17 | SQLi in Yordam Library Automation System |
| CVE-2025-53884 | 2025-09-17 | NeuVector has an insecure password storage vulnerable to rainbow attack |
| CVE-2025-54467 | 2025-09-17 | NeuVector process with sensitive arguments lead to leakage |
| CVE-2025-0879 | 2025-09-17 | XSS in Shopside Software's Shopside App |
| CVE-2025-8077 | 2025-09-17 | NeuVector admin account has insecure default password |
| CVE-2025-8463 | 2025-09-17 | IDOR in SecHard Information Technologies' SecHard |
| CVE-2025-10592 | 2025-09-17 | itsourcecode Online Public Access Catalog OPAC POST Parameter mysearch.php sql injection |
| CVE-2025-59474 | 2025-09-17 | Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without... |
| CVE-2025-59475 | 2025-09-17 | Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information... |
| CVE-2025-59476 | 2025-09-17 | Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control... |
| CVE-2025-10593 | 2025-09-17 | SourceCodester Online Student File Management System update_student.php sql injection |
| CVE-2025-10594 | 2025-09-17 | SourceCodester Online Student File Management System delete_student.php sql injection |
| CVE-2025-40933 | 2025-09-17 | Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely |
| CVE-2025-10595 | 2025-09-17 | SourceCodester Online Student File Management System delete_user.php sql injection |
| CVE-2024-48842 | 2025-09-17 | Hardcoded passwords |
| CVE-2025-10205 | 2025-09-17 | Predictable Salt and Weak Hashing Algorithm |
| CVE-2022-50353 | 2025-09-17 | mmc: wmt-sdmmc: fix return value check of mmc_add_host() |
| CVE-2022-50354 | 2025-09-17 | drm/amdkfd: Fix kfd_process_device_init_vm error handling |
| CVE-2022-50355 | 2025-09-17 | staging: vt6655: fix some erroneous memory clean-up loops |
| CVE-2022-50356 | 2025-09-17 | net: sched: sfb: fix null pointer access issue when sfb_init() fails |
| CVE-2022-50357 | 2025-09-17 | usb: dwc3: core: fix some leaks in probe |
| CVE-2022-50358 | 2025-09-17 | brcmfmac: return error when getting invalid max_flowrings from dongle |
| CVE-2022-50359 | 2025-09-17 | media: cx88: Fix a null-ptr-deref bug in buffer_prepare() |
| CVE-2022-50360 | 2025-09-17 | drm/msm/dp: fix aux-bus EP lifetime |
| CVE-2022-50361 | 2025-09-17 | wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init() |
| CVE-2022-50362 | 2025-09-17 | dmaengine: hisilicon: Add multi-thread support for a DMA channel |
| CVE-2022-50363 | 2025-09-17 | skmsg: pass gfp argument to alloc_sk_msg() |
| CVE-2022-50364 | 2025-09-17 | i2c: mux: reg: check return value after calling platform_get_resource() |
| CVE-2022-50365 | 2025-09-17 | skbuff: Account for tail adjustment during pull operations |
| CVE-2022-50366 | 2025-09-17 | powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue |
| CVE-2022-50367 | 2025-09-17 | fs: fix UAF/GPF bug in nilfs_mdt_destroy |
| CVE-2022-50368 | 2025-09-17 | drm/msm/dsi: fix memory corruption with too many bridges |
| CVE-2022-50369 | 2025-09-17 | drm/vkms: Fix null-ptr-deref in vkms_release() |
| CVE-2022-50370 | 2025-09-17 | i2c: designware: Fix handling of real but unexpected device interrupts |
| CVE-2022-50371 | 2025-09-17 | led: qcom-lpg: Fix sleeping in atomic |
| CVE-2022-50372 | 2025-09-17 | cifs: Fix memory leak when build ntlmssp negotiate blob failed |
| CVE-2022-50373 | 2025-09-17 | fs: dlm: fix race in lowcomms |
| CVE-2022-50374 | 2025-09-17 | Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure |
| CVE-2023-53335 | 2025-09-17 | RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() |
| CVE-2023-53336 | 2025-09-17 | media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings |
| CVE-2023-53337 | 2025-09-17 | nilfs2: do not write dirty data after degenerating to read-only |
| CVE-2023-53338 | 2025-09-17 | lwt: Fix return values of BPF xmit ops |
| CVE-2023-53339 | 2025-09-17 | btrfs: fix BUG_ON condition in btrfs_cancel_balance |
| CVE-2023-53340 | 2025-09-17 | net/mlx5: Collect command failures data only for known commands |
| CVE-2023-53341 | 2025-09-17 | of/fdt: run soc memory setup when early_init_dt_scan_memory fails |
| CVE-2023-53342 | 2025-09-17 | net: marvell: prestera: fix handling IPv4 routes with nhid |
| CVE-2023-53343 | 2025-09-17 | icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). |
| CVE-2023-53344 | 2025-09-17 | can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write |
| CVE-2023-53345 | 2025-09-17 | rxrpc: Fix potential data race in rxrpc_wait_to_be_connected() |
| CVE-2023-53346 | 2025-09-17 | kernel/fail_function: fix memory leak with using debugfs_lookup() |
| CVE-2023-53347 | 2025-09-17 | net/mlx5: Handle pairing of E-switch via uplink un/load APIs |
| CVE-2023-53348 | 2025-09-17 | btrfs: fix deadlock when aborting transaction during relocation with scrub |
| CVE-2023-53349 | 2025-09-17 | media: ov2740: Fix memleak in ov2740_init_controls() |
| CVE-2023-53350 | 2025-09-17 | accel/qaic: Fix slicing memory leak |
| CVE-2023-53351 | 2025-09-17 | drm/sched: Check scheduler work queue before calling timeout handling |
| CVE-2023-53352 | 2025-09-17 | drm/ttm: check null pointer before accessing when swapping |
| CVE-2023-53353 | 2025-09-17 | accel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release() |
| CVE-2023-53354 | 2025-09-17 | skbuff: skb_segment, Call zero copy functions before using skbuff frags |
| CVE-2023-53355 | 2025-09-17 | staging: pi433: fix memory leak with using debugfs_lookup() |
| CVE-2023-53356 | 2025-09-17 | usb: gadget: u_serial: Add null pointer check in gserial_suspend |
| CVE-2023-53357 | 2025-09-17 | md/raid10: check slab-out-of-bounds in md_bitmap_get_counter |
| CVE-2023-53358 | 2025-09-17 | ksmbd: fix racy issue under cocurrent smb2 tree disconnect |
| CVE-2023-53359 | 2025-09-17 | USB: fix memory leak with using debugfs_lookup() |
| CVE-2023-53360 | 2025-09-17 | NFSv4.2: Rework scratch handling for READ_PLUS (again) |
| CVE-2023-53361 | 2025-09-17 | LoongArch: mm: Add p?d_leaf() definitions |
| CVE-2023-53362 | 2025-09-17 | bus: fsl-mc: don't assume child devices are all fsl-mc devices |
| CVE-2023-53363 | 2025-09-17 | PCI: Fix use-after-free in pci_bus_release_domain_nr() |
| CVE-2023-53364 | 2025-09-17 | regulator: da9063: better fix null deref with partial DT |
| CVE-2023-53365 | 2025-09-17 | ip6mr: Fix skb_under_panic in ip6mr_cache_report() |
| CVE-2023-53366 | 2025-09-17 | block: be a bit more careful in checking for NULL bdev while polling |
| CVE-2023-53367 | 2025-09-17 | accel/habanalabs: fix mem leak in capture user mappings |
| CVE-2023-53368 | 2025-09-17 | tracing: Fix race issue between cpu buffer write and swap |
| CVE-2025-9862 | 2025-09-17 | Ghost 6.0.6 - SSRF via oEmbed Bookmark |
| CVE-2025-10596 | 2025-09-17 | SourceCodester Online Exam Form Submission index.php sql injection |
| CVE-2025-10597 | 2025-09-17 | kidaze CourseSelectionSystem COUNT2.php sql injection |
| CVE-2025-10598 | 2025-09-17 | SourceCodester Pet Grooming Management Software search_product.php sql injection |
| CVE-2025-10599 | 2025-09-17 | itsourcecode Web-Based Internet Laboratory Management System login.php AuthenticateUser sql injection |
| CVE-2025-10600 | 2025-09-17 | SourceCodester Online Exam Form Submission register.php unrestricted upload |
| CVE-2025-10601 | 2025-09-17 | SourceCodester Online Exam Form Submission index.php sql injection |
| CVE-2025-35430 | 2025-09-17 | CISA Thorium insecure downloaded file path validation |
| CVE-2025-35431 | 2025-09-17 | CISA Thorium LDAP injection |
| CVE-2025-35432 | 2025-09-17 | CISA Thorium does not rate limit account verification email messages |
| CVE-2025-35433 | 2025-09-17 | CISA Thorium does not properly invalidate previously used tokens |