CVE List - 2025 / September
Showing 3901 - 4000 of 4322 CVEs for September 2025 (Page 40 of 44)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-60118 | 2025-09-26 | WordPress PGS Core Plugin <= 5.9.0 - SQL Injection Vulnerability |
| CVE-2025-60120 | 2025-09-26 | WordPress WP Directory Kit Plugin <= 1.3.8 - Broken Access Control Vulnerability |
| CVE-2025-60119 | 2025-09-26 | WordPress CoSchedule Plugin <= 3.3.10 - Sensitive Data Exposure Vulnerability |
| CVE-2025-60121 | 2025-09-26 | WordPress WooEvents Plugin <= 4.1.7 - Broken Access Control Vulnerability |
| CVE-2025-60122 | 2025-09-26 | WordPress HivePress Claim Listings Plugin <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-60123 | 2025-09-26 | WordPress HivePress Claim Listings Plugin <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-60124 | 2025-09-26 | WordPress Simple Colorbox Plugin <= 1.6.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60125 | 2025-09-26 | WordPress FoodBook Plugin <= 4.7.1 - Sensitive Data Exposure Vulnerability |
| CVE-2025-60126 | 2025-09-26 | WordPress Testimonial Slider Plugin <= 3.5.8.6 - Local File Inclusion Vulnerability |
| CVE-2025-60127 | 2025-09-26 | WordPress CopySafe Web Protection Plugin <= 4.3 - Broken Access Control Vulnerability |
| CVE-2025-60128 | 2025-09-26 | WordPress Delisho Plugin <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-60129 | 2025-09-26 | WordPress Yext Plugin <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-60130 | 2025-09-26 | WordPress WEDOS Global Plugin <= 1.2.2 - Broken Access Control Vulnerability |
| CVE-2025-60133 | 2025-09-26 | WordPress PE Easy Slider Plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60136 | 2025-09-26 | WordPress User Notes Plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60137 | 2025-09-26 | WordPress Post Featured Video Plugin <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60138 | 2025-09-26 | WordPress SKT Blocks Plugin <= 2.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60139 | 2025-09-26 | WordPress Sendle Shipping Plugin <= 6.02 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60140 | 2025-09-26 | WordPress The Tribal Plugin <= 1.3.3 - Sensitive Data Exposure Vulnerability |
| CVE-2025-60141 | 2025-09-26 | WordPress The Tribal Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60142 | 2025-09-26 | WordPress Simple Meta Tags Plugin <= 1.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60143 | 2025-09-26 | WordPress Netgsm Plugin <= 2.9.58 - Broken Access Control Vulnerability |
| CVE-2025-60144 | 2025-09-26 | WordPress Lenix scss compiler Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60145 | 2025-09-26 | WordPress Lenix scss compiler Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60146 | 2025-09-26 | WordPress Map Categories to Pages Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60147 | 2025-09-26 | WordPress HT Feed Plugin <= 1.3.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60148 | 2025-09-26 | WordPress Subscribe to Download Plugin <= 2.0.9 - Broken Access Control Vulnerability |
| CVE-2025-60149 | 2025-09-26 | WordPress Notely Plugin <= 1.8.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60150 | 2025-09-26 | WordPress Subscribe to Download Plugin <= 2.0.9 - Local File Inclusion Vulnerability |
| CVE-2025-60152 | 2025-09-26 | WordPress Subscribe To Unlock Plugin <= 1.1.5 - Broken Access Control Vulnerability |
| CVE-2025-60153 | 2025-09-26 | WordPress Subscribe To Unlock Plugin <= 1.1.5 - Local File Inclusion Vulnerability |
| CVE-2025-60154 | 2025-09-26 | WordPress MWW Disclaimer Buttons Plugin <= 3.41 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60155 | 2025-09-26 | WordPress WP Virtual Assistant Plugin <= 3.0 - Broken Access Control Vulnerability |
| CVE-2025-60156 | 2025-09-26 | WordPress AR For WordPress Plugin <= 7.98 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60157 | 2025-09-26 | WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60158 | 2025-09-26 | WordPress Nota Fiscal Eletrônica WooCommerce Plugin <= 3.4.0.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60159 | 2025-09-26 | WordPress Nota Fiscal Eletrônica WooCommerce Plugin <= 3.4.0.6 - Broken Access Control Vulnerability |
| CVE-2025-60160 | 2025-09-26 | WordPress Smart Related Products Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60161 | 2025-09-26 | WordPress ZoloBlocks Plugin <= 2.3.11 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-60162 | 2025-09-26 | WordPress Job Board Manager Plugin <= 2.1.61 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60163 | 2025-09-26 | WordPress bbp topic count Plugin <= 3.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60164 | 2025-09-26 | WordPress NewsmanApp Plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60165 | 2025-09-26 | WordPress Frames Theme <= 1.5.7 - Broken Access Control Vulnerability |
| CVE-2025-60166 | 2025-09-26 | WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-60167 | 2025-09-26 | WordPress Page Manager for Elementor Plugin <= 2.0.5 - Sensitive Data Exposure Vulnerability |
| CVE-2025-60169 | 2025-09-26 | WordPress W3SCloud Contact Form 7 to Zoho CRM Plugin <= 3.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60170 | 2025-09-26 | WordPress HTACCESS IP Blocker Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60171 | 2025-09-26 | WordPress Conditional Cart Messages for WooCommerce – YourPlugins.com Plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60172 | 2025-09-26 | WordPress Flytedesk Digital Plugin <= 20181101 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60173 | 2025-09-26 | WordPress GST for WooCommerce Plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60177 | 2025-09-26 | WordPress Recaptcha – wp Plugin <= 0.2.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60179 | 2025-09-26 | WordPress Click & Tweet Plugin <= 0.8.9 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60181 | 2025-09-26 | WordPress Silencesoft RSS Reader Plugin <= 0.6 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-60184 | 2025-09-26 | WordPress SEO Search Permalink Plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60185 | 2025-09-26 | WordPress kontur Admin Style Plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60186 | 2025-09-26 | WordPress Google+ Comments Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60219 | 2025-09-26 | WordPress WooCommerce Designer Pro Plugin <= 1.9.24 - Arbitrary File Upload Vulnerability |
| CVE-2025-11021 | 2025-09-26 | Libsoup: out-of-bounds read in cookie date handling of libsoup http library |
| CVE-2025-10871 | 2025-09-26 | Missing Authorization in GitLab |
| CVE-2025-10867 | 2025-09-26 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-10858 | 2025-09-26 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-9958 | 2025-09-26 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2025-9642 | 2025-09-26 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2025-7691 | 2025-09-26 | Privilege Defined With Unsafe Actions in GitLab |
| CVE-2025-10868 | 2025-09-26 | Business Logic Errors in GitLab |
| CVE-2025-5069 | 2025-09-26 | Incorrect Ownership Assignment in GitLab |
| CVE-2025-11042 | 2025-09-26 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-10544 | 2025-09-26 | Unrestricted uploading of dangerous file types to AvePoint products |
| CVE-2025-11010 | 2025-09-26 | vstakhov libucl ucl_util.c ucl_include_common heap-based overflow |
| CVE-2025-11011 | 2025-09-26 | BehaviorTree json_export.cpp fromJson null pointer dereference |
| CVE-2025-11012 | 2025-09-26 | BehaviorTree Diagnostic Message script_parser.cpp ParseScript stack-based overflow |
| CVE-2025-11060 | 2025-09-26 | Surrealdb: surrealdb is vulnerable to unauthorized data exposure via live query subscriptions |
| CVE-2025-11013 | 2025-09-26 | BehaviorTree XML Parser xml_parsing.cpp loadDocImpl null pointer dereference |
| CVE-2025-11014 | 2025-09-26 | OGRECave Ogre Image OgreSTBICodec.cpp encode heap-based overflow |
| CVE-2025-9267 | 2025-09-26 | In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their... |
| CVE-2025-11025 | 2025-09-26 | Information Disclosure in Vimeosoft Information Technologies' Vimesoft Corporate Messaging Platform |
| CVE-2025-11015 | 2025-09-26 | OGRECave Ogre OgreSTBICodec.cpp encode mismatched memory management routines |
| CVE-2025-11016 | 2025-09-26 | kalcaddle kodbox index.class.php fileOut path traversal |
| CVE-2025-11017 | 2025-09-26 | OGRECave Ogre OgreLogManager.cpp stream null pointer dereference |
| CVE-2025-11018 | 2025-09-26 | Four-Faith Water Conservancy Informatization Platform download.do;usrlogout.do.do path traversal |
| CVE-2025-6396 | 2025-09-26 | XSS in Webbeyaz's web site |
| CVE-2025-36274 | 2025-09-26 | IBM Aspera HTTP Gateway information disclosure |
| CVE-2025-36326 | 2025-09-26 | IBM Controller information disclosure |
| CVE-2025-11019 | 2025-09-26 | Total.js CMS Files Menu cross site scripting |
| CVE-2025-11026 | 2025-09-26 | givanz Vvveb Configuration File information disclosure |
| CVE-2025-59842 | 2025-09-26 | JupyterLab LaTeX typesetter links did not enforce `noopener` attribute |
| CVE-2025-11027 | 2025-09-26 | givanz Vvveb SVG File cross site scripting |
| CVE-2025-11028 | 2025-09-26 | givanz Vvveb Image information disclosure |
| CVE-2025-59843 | 2025-09-26 | FlagForgeCTF Exposes User Emails via Public /api/user/[username] API |
| CVE-2025-59844 | 2025-09-26 | Argument injection vulnerability in SonarQube Scan Action |
| CVE-2025-11029 | 2025-09-26 | givanz Vvveb cross-site request forgery |
| CVE-2025-11030 | 2025-09-26 | Tutorials-Website Employee Management System HTTP Request all-applied-leave.php improper authorization |
| CVE-2025-11031 | 2025-09-26 | DataTables examples.php path traversal |
| CVE-2025-11032 | 2025-09-26 | kidaze CourseSelectionSystem COUNT3s6.php sql injection |
| CVE-2025-11033 | 2025-09-26 | kidaze CourseSelectionSystem COUNT3s7.php sql injection |
| CVE-2025-11034 | 2025-09-26 | Dibo Data Decision Making System common_dep.action.jsp downloadImpTemplet path traversal |
| CVE-2025-11035 | 2025-09-26 | Jinher OA text xml external entity reference |
| CVE-2025-11036 | 2025-09-26 | code-projects E-Commerce Website admin_account_update.php sql injection |
| CVE-2025-11037 | 2025-09-26 | code-projects E-Commerce Website admin_index_search.php sql injection |
| CVE-2025-11038 | 2025-09-26 | itsourcecode Online Clinic Management System details.php sql injection |