CVE List - 2025 / September
Showing 301 - 400 of 4322 CVEs for September 2025 (Page 4 of 44)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-13064 | 2025-09-03 | XSS in Akinsoft's MyRezzta |
| CVE-2024-13065 | 2025-09-03 | Business Logic Error in Akinsoft's MyRezzta |
| CVE-2025-1740 | 2025-09-03 | Authentication Bypass in Akinsoft's MyRezzta |
| CVE-2025-2415 | 2025-09-03 | OTP Bypass in Akinsoft's MyRezzta |
| CVE-2024-43166 | 2025-09-03 | Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue. |
| CVE-2025-9821 | 2025-09-03 | SSRF via webhook function |
| CVE-2025-41000 | 2025-09-03 | Cross-Frame Scripting (XFS) in BoomCMS |
| CVE-2025-9901 | 2025-09-03 | Libsoup: improper handling of http vary header in libsoup caching |
| CVE-2025-53694 | 2025-09-03 | Information Disclosure in ItemServices API |
| CVE-2025-53693 | 2025-09-03 | HTML Cache Poisoning through Unsafe Reflections |
| CVE-2025-53691 | 2025-09-03 | Sitecore Experience Remote Code Execution through Insecure Deserialization |
| CVE-2025-3701 | 2025-09-03 | WordPress Malcure Malware Scanner plugin <= 16.8 - Broken Access Control vulnerability |
| CVE-2025-38678 | 2025-09-03 | netfilter: nf_tables: reject duplicate device on updates |
| CVE-2024-13066 | 2025-09-03 | iFrame Injection in Akinsoft's LimonDesk |
| CVE-2024-13068 | 2025-09-03 | Host Header Injection in Akinsoft's LimonDesk |
| CVE-2025-0878 | 2025-09-03 | XSS in Akinsoft's LimonDesk |
| CVE-2025-2416 | 2025-09-03 | OTP Bypass in Akinsoft's LimonDesk |
| CVE-2025-47421 | 2025-09-03 | Privilege escalation via SCP login |
| CVE-2025-9822 | 2025-09-03 | Secret data extraction via elfinder |
| CVE-2025-9824 | 2025-09-03 | User Enumeration via Response Timing |
| CVE-2025-9823 | 2025-09-03 | Reflected XSS in lead:addLeadTags - Quick Add |
| CVE-2025-58593 | 2025-09-03 | WordPress Orbit Fox by ThemeIsle Plugin <= 3.0.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58594 | 2025-09-03 | WordPress Brizy Plugin <= 2.7.12 - Broken Access Control Vulnerability |
| CVE-2025-58596 | 2025-09-03 | WordPress MailOptin Plugin <= 1.2.75.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58597 | 2025-09-03 | WordPress wpForo Forum Plugin <= 2.4.6 - Insecure Direct Object References (IDOR) Vulnerability |
| CVE-2025-58598 | 2025-09-03 | WordPress Klarna Order Management for WooCommerce Plugin <= 1.9.8 - Sensitive Data Exposure Vulnerability |
| CVE-2025-58599 | 2025-09-03 | WordPress Order Delivery Date for WooCommerce Plugin <= 4.1.0 - Broken Access Control Vulnerability |
| CVE-2025-58600 | 2025-09-03 | WordPress Paid Member Subscriptions Plugin <= 2.15.9 - Broken Access Control Vulnerability |
| CVE-2025-58601 | 2025-09-03 | WordPress Classified Listing Plugin <= 5.0.6 - Broken Access Control Vulnerability |
| CVE-2025-58602 | 2025-09-03 | WordPress If-So Dynamic Content Personalization Plugin <= 1.9.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58603 | 2025-09-03 | WordPress Surfer Plugin <= 1.6.4.574 - Broken Access Control Vulnerability |
| CVE-2025-58604 | 2025-09-03 | WordPress Mail Mint Plugin <= 1.18.5 - SQL Injection Vulnerability |
| CVE-2025-58605 | 2025-09-03 | WordPress WP Delicious Plugin <= 1.8.7 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58606 | 2025-09-03 | WordPress SaasLauncher Theme <= 1.3.0 - Broken Access Control Vulnerability |
| CVE-2025-58607 | 2025-09-03 | WordPress Cookie Notice & Consent Banner for GDPR & CCPA Compliance Plugin <= 1.7.11 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58608 | 2025-09-03 | WordPress MediaPress Plugin <= 1.5.9.1 - Local File Inclusion Vulnerability |
| CVE-2025-58609 | 2025-09-03 | WordPress Latest Post Shortcode Plugin <= 14.0.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58610 | 2025-09-03 | WordPress Gallery PhotoBlocks Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58611 | 2025-09-03 | WordPress Tickera Plugin <= 3.5.5.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58612 | 2025-09-03 | WordPress PropertyHive Plugin <= 2.1.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58613 | 2025-09-03 | WordPress Posts Table with Search & Sort Plugin <= 1.4.10 - Broken Access Control Vulnerability |
| CVE-2025-58614 | 2025-09-03 | WordPress Tooltipy Plugin <= 5.5.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58615 | 2025-09-03 | WordPress WP Bannerize Pro Plugin <= 1.10.0 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-58616 | 2025-09-03 | WordPress Frisbii Pay Plugin <= 1.8.2.1 - Broken Access Control Vulnerability |
| CVE-2025-58617 | 2025-09-03 | WordPress F4 Media Taxonomies Plugin <= 1.1.4 - Broken Access Control Vulnerability |
| CVE-2025-58618 | 2025-09-03 | WordPress Pie Calendar Plugin <= 1.2.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58620 | 2025-09-03 | WordPress PDF for WPForms Plugin <= 6.2.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58621 | 2025-09-03 | WordPress PuzzleMe for WordPress Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58622 | 2025-09-03 | WordPress Mobile Contact Line Plugin <= 2.4.0 - Broken Access Control Vulnerability |
| CVE-2025-58623 | 2025-09-03 | WordPress Event Feed for Eventbrite Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58624 | 2025-09-03 | WordPress Exchange Rates Plugin <= 1.2.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58625 | 2025-09-03 | WordPress WP Flow Plus Plugin <= 5.2.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58626 | 2025-09-03 | WordPress RumbleTalk Live Group Chat Plugin <= 6.3.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58630 | 2025-09-03 | WordPress Simple Matomo Tracking Code Plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58631 | 2025-09-03 | WordPress IssueM Plugin <= 2.9.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58632 | 2025-09-03 | WordPress Dadevarzan WordPress Common Plugin <= 2.2.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58633 | 2025-09-03 | WordPress Booking Ultra Pro Plugin <= 1.1.21 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58634 | 2025-09-03 | WordPress PeachPay Payments Plugin <= 1.117.4 - Broken Access Control Vulnerability |
| CVE-2025-58635 | 2025-09-03 | WordPress Support Genix Plugin <= 1.4.23 - Broken Access Control Vulnerability |
| CVE-2025-58637 | 2025-09-03 | WordPress immonex Kickstart Plugin <= 1.11.6 - Local File Inclusion Vulnerability |
| CVE-2025-58639 | 2025-09-03 | WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability |
| CVE-2025-58640 | 2025-09-03 | WordPress Document Engine Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58641 | 2025-09-03 | WordPress Exit Intent Popup Plugin <= 1.0.1 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-58642 | 2025-09-03 | WordPress LTL Freight Quotes – Day & Ross Edition Plugin <= 2.1.11 - PHP Object Injection Vulnerability |
| CVE-2025-58643 | 2025-09-03 | WordPress LTL Freight Quotes – Daylight Edition Plugin <= 2.2.7 - PHP Object Injection Vulnerability |
| CVE-2025-58644 | 2025-09-03 | WordPress LTL Freight Quotes - TQL Edition Plugin <= 1.2.6 - PHP Object Injection Vulnerability |
| CVE-2025-58458 | 2025-09-03 | In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller... |
| CVE-2025-58459 | 2025-09-03 | Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. |
| CVE-2025-58460 | 2025-09-03 | A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,... |
| CVE-2025-0280 | 2025-09-03 | HCL Compass is affected by a security vulnerability |
| CVE-2025-9919 | 2025-09-03 | 1000projects Beauty Parlour Management System bwdates-reports-details.php sql injection |
| CVE-2025-9920 | 2025-09-03 | Campcodes Recruitment Management System index.php include file inclusion |
| CVE-2025-9865 | 2025-09-03 | Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing... |
| CVE-2025-9866 | 2025-09-03 | Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-9867 | 2025-09-03 | Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-9959 | 2025-09-03 | Sandbox escape in smolagents Local Python execution environment via dunder attributes |
| CVE-2025-9921 | 2025-09-03 | code-projects POS Pharmacy System products.php cross site scripting |
| CVE-2025-9922 | 2025-09-03 | Campcodes Sales and Inventory System index.php cross site scripting |
| CVE-2025-20270 | 2025-09-03 | Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability |
| CVE-2025-20287 | 2025-09-03 | Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability |
| CVE-2025-20326 | 2025-09-03 | Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability |
| CVE-2025-20280 | 2025-09-03 | Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability |
| CVE-2025-20330 | 2025-09-03 | Cisco Unified Communications Manager IM and Presence Cross-Site Scripting Vulnerability |
| CVE-2025-20336 | 2025-09-03 | Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Disclosure Vulnerability |
| CVE-2025-20335 | 2025-09-03 | Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability |
| CVE-2025-20291 | 2025-09-03 | A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to redirect a targeted Webex Meetings user to an untrusted website. Cisco has addressed this vulnerability in... |
| CVE-2025-20328 | 2025-09-03 | A vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenticated, remote attacker with low privileges to conduct a cross-site scripting (XSS) attack against a... |
| CVE-2025-9923 | 2025-09-03 | Campcodes Sales and Inventory System index.php cross site scripting |
| CVE-2025-9924 | 2025-09-03 | projectworlds Travel Management System enquiry.php sql injection |
| CVE-2025-36193 | 2025-09-03 | IBM Transformation Advisor incorrect permissions |
| CVE-2025-9925 | 2025-09-03 | projectworlds Travel Management System detail.php sql injection |
| CVE-2025-9365 | 2025-09-03 | Fuji Electric FRENIC-Loader 4 Deserialization of Untrusted Data |
| CVE-2025-55162 | 2025-09-03 | Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag |
| CVE-2025-9926 | 2025-09-03 | projectworlds Travel Management System viewsubcategory.php sql injection |
| CVE-2025-53690 | 2025-09-03 | Sitecore Products ViewState Deserialization Vulnerability |
| CVE-2025-55747 | 2025-09-03 | XWiki Platform's configuration files can be accessed through the webjars API |
| CVE-2025-55748 | 2025-09-03 | XWiki Platform's configuration files can be accessed through jsx and sx endpoints |
| CVE-2025-8268 | 2025-09-03 | Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion |
| CVE-2025-9927 | 2025-09-03 | projectworlds Travel Management System viewpackage.php sql injection |
| CVE-2025-58056 | 2025-09-03 | Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions |