CVE List - 2025 / September
Showing 3101 - 3200 of 4322 CVEs for September 2025 (Page 32 of 44)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-10794 | 2025-09-22 | PHPGurukul Car Rental Project search.php cross site scripting |
| CVE-2025-10795 | 2025-09-22 | code-projects Online Bidding System bidupdate.php sql injection |
| CVE-2025-9983 | 2025-09-22 | Lack of Authentication for RTSP stream |
| CVE-2025-10796 | 2025-09-22 | code-projects Hostel Management System login.php sql injection |
| CVE-2025-10797 | 2025-09-22 | code-projects Hostel Management System index.php sql injection |
| CVE-2025-10854 | 2025-09-22 | Symlink Following in txtai leads to arbitrary file write when loading untrusted embedding indices |
| CVE-2025-10798 | 2025-09-22 | code-projects Hostel Management System index.php sql injection |
| CVE-2025-10799 | 2025-09-22 | code-projects Hostel Management System index.php sql injection |
| CVE-2025-10800 | 2025-09-22 | itsourcecode Online Discussion Forum index.php sql injection |
| CVE-2025-10801 | 2025-09-22 | SourceCodester Pet Grooming Management Software edit_tax.php sql injection |
| CVE-2025-10802 | 2025-09-22 | code-projects Online Bidding System remove.php sql injection |
| CVE-2025-9038 | 2025-09-22 | S1 Agile Privilege Escalation |
| CVE-2025-10803 | 2025-09-22 | Tenda AC23 HTTP POST Request SetPptpServerCfg sscanf buffer overflow |
| CVE-2025-36202 | 2025-09-22 | IBM webMethods Integration code execution |
| CVE-2025-36037 | 2025-09-22 | IBM webMethods Integration server-side request forgery |
| CVE-2025-10804 | 2025-09-22 | Campcodes Online Beauty Parlor Management System add-customer.php sql injection |
| CVE-2025-35041 | 2025-09-22 | Airship AI Acropolis MFA insufficient rate limiting |
| CVE-2025-35042 | 2025-09-22 | Airship AI Acropolis default credentials |
| CVE-2025-10805 | 2025-09-22 | Campcodes Online Beauty Parlor Management System add-services.php sql injection |
| CVE-2025-59335 | 2025-09-22 | CubeCart Session Not Invalidated After Password Change |
| CVE-2025-59411 | 2025-09-22 | CubeCart Stored/Reflected HTML Injection Vulnerability in Contact Enquiry |
| CVE-2025-59412 | 2025-09-22 | CubeCart Vulnerable to HTML Injection in Product Reviews Allows Malicious Links and Defacement |
| CVE-2025-59413 | 2025-09-22 | CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter |
| CVE-2025-43807 | 2025-09-22 | Stored cross-site scripting (XSS) vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92... |
| CVE-2025-10806 | 2025-09-22 | Campcodes Online Beauty Parlor Management System bwdates-reports-details.php sql injection |
| CVE-2025-10807 | 2025-09-22 | Campcodes Online Beauty Parlor Management System edit-customer-detailed.php sql injection |
| CVE-2025-59420 | 2025-09-22 | Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass) |
| CVE-2025-10808 | 2025-09-22 | Campcodes Farm Management System uploadProduct.php sql injection |
| CVE-2025-10809 | 2025-09-22 | Campcodes Online Learning Management System department.php sql injection |
| CVE-2025-59418 | 2025-09-22 | BunnyPad Vulnerable to Buffer Overflow When Opening Files of Size 20MB or Greater |
| CVE-2025-58704 | 2025-09-22 | WordPress WP Delete User Accounts Plugin <= 1.2.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58703 | 2025-09-22 | WordPress Skyword API Plugin Plugin <= 2.5.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58702 | 2025-09-22 | WordPress MarketKing Plugin <= 2.0.92 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58690 | 2025-09-22 | WordPress Doliconnect Plugin <= 9.5.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58691 | 2025-09-22 | WordPress Genesis Club Lite Plugin <= 1.17 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58689 | 2025-09-22 | WordPress Tapfiliate Plugin <= 3.2.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58688 | 2025-09-22 | WordPress Casengo Live Chat Support Plugin <= 2.1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58687 | 2025-09-22 | WordPress Current Age Plugin Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58686 | 2025-09-22 | WordPress Perfect Brands for WooCommerce Plugin <= 3.6.0 - SQL Injection Vulnerability |
| CVE-2025-58685 | 2025-09-22 | WordPress Cecabank WooCommerce Plugin Plugin <= 0.3.4 - Broken Access Control Vulnerability |
| CVE-2025-58684 | 2025-09-22 | WordPress Logo Showcase Plugin <= 3.0.9 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58683 | 2025-09-22 | WordPress Last Updated Shortcode Plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58682 | 2025-09-22 | WordPress Kama Click Counter Plugin <= 4.0.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58681 | 2025-09-22 | WordPress Easy Quotes Plugin <= 1.2.4 - Broken Access Control Vulnerability |
| CVE-2025-58680 | 2025-09-22 | WordPress Gutentor Plugin <= 3.5.2 - Broken Access Control Vulnerability |
| CVE-2025-58679 | 2025-09-22 | WordPress AppMySite Plugin <= 3.14.0 - Broken Access Control Vulnerability |
| CVE-2025-58678 | 2025-09-22 | WordPress Accordion Plugin <= 2.3.14 - Broken Access Control Vulnerability |
| CVE-2025-58677 | 2025-09-22 | WordPress ShrinkTheWeb (STW) Website Previews Plugin <= 2.8.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58676 | 2025-09-22 | WordPress HORIZONTAL SLIDER Plugin <= 2.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58675 | 2025-09-22 | WordPress Interact: Embed A Quiz On Your Site Plugin <= 3.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58673 | 2025-09-22 | WordPress WP User Frontend Plugin <= 4.1.11 - Content Injection Vulnerability |
| CVE-2025-58672 | 2025-09-22 | WordPress WP User Frontend Plugin <= 4.1.11 - Broken Access Control Vulnerability |
| CVE-2025-58671 | 2025-09-22 | WordPress Auction Feed Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58670 | 2025-09-22 | WordPress WP Content Protection Plugin <= 1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58669 | 2025-09-22 | WordPress Magento 2 WordPress Integration Plugin <= 1.4.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58668 | 2025-09-22 | WordPress WPLMS Theme <= 4.970 - Broken Access Control Vulnerability |
| CVE-2025-58667 | 2025-09-22 | WordPress ListingPro Reviews Plugin <= 1.6 - Broken Access Control Vulnerability |
| CVE-2025-58666 | 2025-09-22 | WordPress Website Chat Button: Kommo integration Plugin <= 1.3.1 - Broken Access Control Vulnerability |
| CVE-2025-58665 | 2025-09-22 | WordPress Form Generator for WordPress Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58664 | 2025-09-22 | WordPress Text To Speech TTS Accessibility Plugin <= 1.9.20 - Broken Access Control Vulnerability |
| CVE-2025-58663 | 2025-09-22 | WordPress Qubely Plugin <= 1.8.14 - Broken Access Control Vulnerability |
| CVE-2025-58662 | 2025-09-22 | WordPress Awesome Support Plugin <= 6.3.4 - Deserialization of untrusted data Vulnerability |
| CVE-2025-58661 | 2025-09-22 | WordPress eZee Online Hotel Booking Engine Plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58660 | 2025-09-22 | WordPress Oshine Core Plugin <= 1.5.5 - Broken Access Control Vulnerability |
| CVE-2025-58659 | 2025-09-22 | WordPress Helpie FAQ Plugin <= 1.39 - Sensitive Data Exposure Vulnerability |
| CVE-2025-58658 | 2025-09-22 | WordPress Proof Factor – Social Proof Notifications Plugin <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58657 | 2025-09-22 | WordPress Grid Plugin <= 2.3.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58656 | 2025-09-22 | WordPress Estonian Shipping Methods for WooCommerce Plugin <= 1.7.2 - Sensitive Data Exposure Vulnerability |
| CVE-2025-58655 | 2025-09-22 | WordPress Category Featured Images Plugin <= 1.1.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58654 | 2025-09-22 | WordPress xili-language Plugin <= 2.21.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58653 | 2025-09-22 | WordPress JSM file_get_contents() Shortcode Plugin <= 2.7.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58652 | 2025-09-22 | WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58651 | 2025-09-22 | WordPress PlayerJS Plugin <= 2.24 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58650 | 2025-09-22 | WordPress All In One SEO Pack Plugin <= 4.8.7 - Broken Access Control Vulnerability |
| CVE-2025-58649 | 2025-09-22 | WordPress All In One SEO Pack Plugin <= 4.8.7 - Sensitive Data Exposure Vulnerability |
| CVE-2025-58648 | 2025-09-22 | WordPress Simple JWT Login Plugin <= 3.6.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58647 | 2025-09-22 | WordPress Simple Restaurant Menu Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58646 | 2025-09-22 | WordPress Mobi2Go Plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58645 | 2025-09-22 | WordPress Gravitate Automated Tester Plugin <= 1.4.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58271 | 2025-09-22 | WordPress AnyClip Luminous Studio Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58270 | 2025-09-22 | WordPress NIX Anti-Spam Light Plugin <= 0.0.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58269 | 2025-09-22 | WordPress WP Project Manager Plugin <= 2.6.25 - Sensitive Data Exposure Vulnerability |
| CVE-2025-58268 | 2025-09-22 | WordPress WPMK PDF Generator Plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58267 | 2025-09-22 | WordPress Stock Message Plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58266 | 2025-09-22 | WordPress Gianism Plugin <= 5.2.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58265 | 2025-09-22 | WordPress Events Manager – OpenStreetMaps Plugin <= 4.2.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58264 | 2025-09-22 | WordPress JupiterX Core Plugin <= 4.10.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58263 | 2025-09-22 | WordPress BuddyPress Notification Widget Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58262 | 2025-09-22 | WordPress Sweet Energy Efficiency Plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58261 | 2025-09-22 | WordPress Mavis HTTPS to HTTP Redirection Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58260 | 2025-09-22 | WordPress Highlight and Share – Social Text and Image Sharing Plugin <= 5.1.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58259 | 2025-09-22 | WordPress Nokri Theme <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58258 | 2025-09-22 | WordPress Lazy Blocks Plugin <= 4.1.0 - Broken Access Control Vulnerability |
| CVE-2025-58257 | 2025-09-22 | WordPress Verowa Connect Plugin <= 3.2.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58256 | 2025-09-22 | WordPress DOAJ Export Plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58255 | 2025-09-22 | WordPress Custom Post Type Images Plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58254 | 2025-09-22 | WordPress StylePress for Elementor Plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58253 | 2025-09-22 | WordPress Real Estate Manager Plugin <= 7.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58252 | 2025-09-22 | WordPress Getwid Plugin <= 2.1.2 - Sensitive Data Exposure Vulnerability |
| CVE-2025-58251 | 2025-09-22 | WordPress Sticky Header Effects for Elementor Plugin <= 2.1.2 - Broken Access Control Vulnerability |