VULNMAP - Security Vulnerabilities

CVE List - 2025 / September

Showing 3401 - 3500 of 4322 CVEs for September 2025 (Page 35 of 44)

CVE ID Date Title
CVE-2025-59573 2025-09-22 WordPress Cozy Blocks Plugin <= 2.1.29 - Content Injection Vulnerability
CVE-2025-59572 2025-09-22 WordPress WorkScout-Core Plugin < 1.7.06 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-59570 2025-09-22 WordPress Mail Mint Plugin <= 1.18.6 - SQL Injection Vulnerability
CVE-2025-59569 2025-09-22 WordPress CubeWP Plugin <= 1.1.26 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-59568 2025-09-22 WordPress Zoho Flow Plugin <= 2.14.1 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-59567 2025-09-22 WordPress Coupon Affiliates Plugin <= 6.8.0 - Broken Access Control Vulnerability
CVE-2025-59565 2025-09-22 WordPress Upsell Order Bump Offer for WooCommerce Plugin <= 3.0.7 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-59562 2025-09-22 WordPress Academy LMS Plugin <= 3.3.4 - Insecure Direct Object References (IDOR) Vulnerability
CVE-2025-59561 2025-09-22 WordPress Smart Blocks Plugin <= 2.4 - Broken Access Control Vulnerability
CVE-2025-59559 2025-09-22 WordPress Payrexx Payment Gateway for WooCommerce Plugin <= 3.1.5 - Broken Access Control Vulnerability
CVE-2025-59553 2025-09-22 WordPress Custom iFrame for Elementor Plugin <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-59552 2025-09-22 WordPress Save as PDF Plugin <= 4.5.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-59551 2025-09-22 WordPress Revive.so Plugin <= 2.0.6 - Broken Access Control Vulnerability
CVE-2025-59549 2025-09-22 WordPress GetResponse Forms Plugin <= 2.6.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-58992 2025-09-22 WordPress Product Catalog Simple Plugin <= 1.8.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-58974 2025-09-22 WordPress WPComplete Plugin <= 2.9.5.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-58973 2025-09-22 WordPress Easy Elementor Addons Plugin <= 2.2.8 - Local File Inclusion Vulnerability
CVE-2025-58969 2025-09-22 WordPress Custom Login URL Plugin <= 1.0.2 - Broken Access Control Vulnerability
CVE-2025-58968 2025-09-22 WordPress MaxiBlocks Plugin <= 2.1.3 - Broken Access Control Vulnerability
CVE-2025-58965 2025-09-22 WordPress Fusion Page Builder : Extension – Gallery Plugin <= 1.7.6 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-58962 2025-09-22 WordPress Publitio Plugin <= 2.2.1 - Server Side Request Forgery (SSRF) Vulnerability
CVE-2025-58960 2025-09-22 WordPress IP Based Login Plugin <= 2.4.3 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-58957 2025-09-22 WordPress VPSUForm Plugin <= 3.2.20 - Broken Access Control Vulnerability
CVE-2025-58956 2025-09-22 WordPress WP Attractive Donations System Plugin < 1.29 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-10810 2025-09-22 Campcodes Online Learning Management System edit_user.php sql injection
CVE-2025-9960 2025-09-22 is-localhost-ip 2.0.0 - SSRF via Restrictions bypass
CVE-2025-59430 2025-09-22 Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
CVE-2025-8892 2025-09-22 PRT File Parsing Memory Corruption Vulnerability
CVE-2025-10811 2025-09-22 code-projects Hostel Management System index.php sql injection
CVE-2025-59433 2025-09-22 @conventional-changelog/git-client has an Argument Injection vulnerability
CVE-2025-59432 2025-09-22 Timing Attack Vulnerability in SCRAM Authentication
CVE-2025-59526 2025-09-22 Mailgen: HTML injection vulnerability in plaintext e-mails
CVE-2025-10812 2025-09-22 code-projects Hostel Management System index.php sql injection
CVE-2025-59434 2025-09-22 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function
CVE-2025-59527 2025-09-22 FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
CVE-2025-59528 2025-09-22 Flowise has Remote Code Execution vulnerability
CVE-2025-10813 2025-09-22 code-projects Hostel Management System index.php sql injection
CVE-2025-59532 2025-09-22 Codex has sandbox bypass due to bug in path configuration logic
CVE-2025-10814 2025-09-22 D-Link DIR-823X goahead command injection
CVE-2025-59535 2025-09-22 DotNetNuke.Core allows loading of unused themes on anonymous clients through query parameters
CVE-2025-47910 2025-09-22 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http
CVE-2025-10815 2025-09-22 Tenda AC20 HTTP POST Request SetPptpServerCfg strcpy buffer overflow
CVE-2025-10816 2025-09-22 Jinher OA XML text xml external entity reference
CVE-2025-43806 2025-09-22 Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import...
CVE-2025-10817 2025-09-22 Campcodes Online Learning Management System admin_user.php sql injection
CVE-2025-43810 2025-09-22 Insecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update...
CVE-2025-10819 2025-09-22 fuyang_lipengjun platform queryAll UserCouponController improper authorization
CVE-2025-10820 2025-09-22 fuyang_lipengjun platform queryAll TopicController improper authorization
CVE-2025-43814 2025-09-22 In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit...
CVE-2025-10821 2025-09-22 fuyang_lipengjun platform queryAll TopicCategoryController improper authorization
CVE-2025-10822 2025-09-22 fuyang_lipengjun platform queryAll SysSmsLogController improper authorization
CVE-2025-10823 2025-09-22 axboe fio options.c str_buffer_pattern_cb null pointer dereference
CVE-2025-29083 2025-09-23 SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Plugin_Manager.php file.
CVE-2025-29084 2025-09-23 SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file.
CVE-2025-45326 2025-09-23 An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attackers to execute arbitrary code via the submit_size.php component.
CVE-2025-51005 2025-09-23 A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the checksum calculation logic at do_checksum_math_liveplay...
CVE-2025-55780 2025-09-23 A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does...
CVE-2025-56146 2025-09-23 Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity.
CVE-2025-56304 2025-09-23 Cross-site scripting (XSS) vulnerability in YzmCMS thru 7.3 via the referer header in the register page.
CVE-2025-56311 2025-09-23 In Shenzhen C-Data Technology Co. FD602GW-DX-R410 (firmware v2.2.14), the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint (/boaform/admin/formReboot). An attacker can craft a malicious webpage that,...
CVE-2025-56394 2025-09-23 Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly validates the 5GS mobile identity, resulting in slice reference overflow.
CVE-2025-57407 2025-09-23 A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent...
CVE-2025-57636 2025-09-23 OS Command injection vulnerability in D-Link C1 2020-02-21. The sub_47F028 function in jhttpd contains a command injection vulnerability via the HTTP parameter "time".
CVE-2025-57637 2025-09-23 Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary...
CVE-2025-57638 2025-09-23 Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value.
CVE-2025-57639 2025-09-23 OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd file.
CVE-2025-10824 2025-09-23 axboe fio init.c __parse_jobs_ini use after free
CVE-2025-10825 2025-09-23 Campcodes Online Beauty Parlor Management System view-appointment.php sql injection
CVE-2025-10826 2025-09-23 Campcodes Online Beauty Parlor Management System sales-reports-detail.php sql injection
CVE-2025-10827 2025-09-23 PHPJabbers Restaurant Menu Maker preview.php cross site scripting
CVE-2025-10828 2025-09-23 SourceCodester Pet Grooming Management Software edit.php sql injection
CVE-2025-10829 2025-09-23 Campcodes Computer Sales and Inventory System sup_edit1.php sql injection
CVE-2025-9494 2025-09-23 Viessmann Vitogate 300 OS Command Injection
CVE-2025-9495 2025-09-23 Viessmann Vitogate 300 Authentication Bypass
CVE-2025-10830 2025-09-23 Campcodes Computer Sales and Inventory System inv_edit1.php sql injection
CVE-2025-10831 2025-09-23 Campcodes Computer Sales and Inventory System pro_edit1.php sql injection
CVE-2025-42907 2025-09-23 Server-Side Request Forgery in SAP BI Platform
CVE-2025-10832 2025-09-23 SourceCodester Pet Grooming Management Software fetch_product_details.php sql injection
CVE-2025-58915 2025-09-23 WordPress YouTube Showcase plugin <= 3.5.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-10833 2025-09-23 1000projects Bookstore Management System login.php sql injection
CVE-2025-10834 2025-09-23 itsourcecode Open Source Job Portal login.php sql injection
CVE-2025-10835 2025-09-23 SourceCodester Pet Grooming Management Software view_payorder.php sql injection
CVE-2025-10836 2025-09-23 SourceCodester Pet Grooming Management Software print1.php sql injection
CVE-2025-10380 2025-09-23 Advanced Views – Display Posts, Custom Fields, and More <= 3.7.19 - Authenticated (Author+) Remote Code Execution via SSTI
CVE-2025-8902 2025-09-23 Widget Options - Extended <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-10837 2025-09-23 code-projects Simple Food Ordering System order.php cross site scripting
CVE-2025-9321 2025-09-23 WPCasa <= 1.4.1 - Unauthenticated Code Injection
CVE-2025-1131 2025-09-23 Asterisk Unsafe Shell Sourcing in safe_asterisk Leads to Local Privilege Escalation
CVE-2025-10838 2025-09-23 Tenda AC21 WifiExtraSet sub_45BB10 buffer overflow
CVE-2025-10839 2025-09-23 SourceCodester Pet Grooming Management Software inv-print.php sql injection
CVE-2025-10840 2025-09-23 SourceCodester Pet Grooming Management Software print-payment.php sql injection
CVE-2025-26399 2025-09-23 SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability
CVE-2025-10841 2025-09-23 code-projects Online Bidding System weweee.php sql injection
CVE-2025-8282 2025-09-23 SureForms < 1.9.1 - Admin+ Stored XSS
CVE-2025-39868 2025-09-23 erofs: fix runtime warning on truncate_folio_batch_exceptionals()
CVE-2025-39869 2025-09-23 dmaengine: ti: edma: Fix memory allocation size for queue_priority_map
CVE-2025-39870 2025-09-23 dmaengine: idxd: Fix double free in idxd_setup_wqs()
CVE-2025-39871 2025-09-23 dmaengine: idxd: Remove improper idxd_free
CVE-2025-39872 2025-09-23 hsr: hold rcu and dev lock for hsr_get_port_ndev
CVE-2025-39873 2025-09-23 can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB