CVE List - 2025 / September
Showing 4201 - 4300 of 4322 CVEs for September 2025 (Page 43 of 44)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-59163 | 2025-09-29 | vet MCP Server SSE Transport DNS Rebinding Vulnerability |
| CVE-2025-43811 | 2025-09-29 | Multiple stored cross-site scripting (XSS) vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50... |
| CVE-2025-59933 | 2025-09-29 | libvips is vulnerable to Buffer Over-Read in poppler-based pdfload |
| CVE-2025-43812 | 2025-09-29 | Cross-site scripting (XSS) vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows... |
| CVE-2025-43813 | 2025-09-29 | Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA... |
| CVE-2025-59937 | 2025-09-29 | go-mail has insufficient address encoding when passing mail addresses to the SMTP client |
| CVE-2025-59940 | 2025-09-29 | mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders |
| CVE-2025-36245 | 2025-09-29 | IBM InfoSphere Information Server command execution |
| CVE-2025-43817 | 2025-09-29 | Multiple reflected cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote... |
| CVE-2025-59941 | 2025-09-29 | go-f3 is Vulnerable to Cached Justification Verification Bypass |
| CVE-2025-59942 | 2025-09-29 | go-f3 module vulnerable to integer overflow leading to panic |
| CVE-2025-59948 | 2025-09-29 | FreshRSS is vulnerable to XSS due to lack of CSP on HTML query page |
| CVE-2025-61586 | 2025-09-29 | FreshRSS is vulnerable to directory enumeration by setting path in its theme field |
| CVE-2025-59950 | 2025-09-29 | FreshRSS: Double clickjacking can lead to privilege escalation |
| CVE-2025-59952 | 2025-09-29 | minio-java Client XML Tag is Vulnerable to Value Substitution |
| CVE-2025-59954 | 2025-09-29 | Knowage Contains a Remote Code Execution Vulnerability |
| CVE-2024-58040 | 2025-09-29 | Crypt::RandomEncryption for Perl uses insecure rand() function during encryption |
| CVE-2025-59956 | 2025-09-29 | AgentAPI exposed user chat history via a DNS rebinding attack |
| CVE-2024-55017 | 2025-09-30 | Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirect_uri parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts. |
| CVE-2025-28016 | 2025-09-30 | A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary... |
| CVE-2025-52043 | 2025-09-30 | In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accounts/doctype/chart_of_accounts_importer/chart_of_accounts_importer.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL query into... |
| CVE-2025-52047 | 2025-09-30 | In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into... |
| CVE-2025-52049 | 2025-09-30 | In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into the... |
| CVE-2025-52050 | 2025-09-30 | In Frappe ERPNext 15.57.5, the function get_loyalty_program_details_with_points() at erpnext/accounts/doctype/loyalty_program/loyalty_program.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into... |
| CVE-2025-55797 | 2025-09-30 | An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed. |
| CVE-2025-56018 | 2025-09-30 | SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field. |
| CVE-2025-56132 | 2025-09-30 | LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to... |
| CVE-2025-56200 | 2025-09-30 | A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This... |
| CVE-2025-56207 | 2025-09-30 | A security flaw in the '_transfer' function of a smart contract implementation for Money Making Opportunity (MMO), an Ethereum ERC721 Non-Fungible Token (NFT) project, allows users or attackers to transfer... |
| CVE-2025-56301 | 2025-09-30 | An issue was discovered in Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 (2025-01-29) allowing attackers to corrupt exception handling and privilege state transitions via a flawed interaction between exception handling and MRET return... |
| CVE-2025-56392 | 2025-09-30 | An Insecure Direct Object Reference (IDOR) in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request. |
| CVE-2025-56513 | 2025-09-30 | NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack... |
| CVE-2025-56520 | 2025-09-30 | Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720. |
| CVE-2025-56571 | 2025-09-30 | Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls... |
| CVE-2025-56572 | 2025-09-30 | An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter. |
| CVE-2025-56675 | 2025-09-30 | The EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1084_20230531 periodically sends debug logs to the EKEN cloud servers with sensitive information such as the Wi-Fi SSID and password. |
| CVE-2025-56676 | 2025-09-30 | TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as... |
| CVE-2025-57254 | 2025-09-30 | An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System (HMS) 1.0 allows remote attackers to execute arbitrary SQL queries via the username and password POST parameters.... |
| CVE-2025-61792 | 2025-09-30 | Quadient DS-700 iQ devices through 2025-09-30 might have a race condition during the quick clicking of (in order) the Question Mark button, the Help Button, the About button, and the... |
| CVE-2025-10991 | 2025-09-30 | Root Access via UART |
| CVE-2025-61584 | 2025-09-30 | serverless-dns is vulnerable to Command Injection through pr.yml GitHub Action Workflow |
| CVE-2025-8566 | 2025-09-30 | GutenBee – Gutenberg Blocks <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-10179 | 2025-09-30 | My AskAI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-8625 | 2025-09-30 | Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution |
| CVE-2025-10130 | 2025-09-30 | Layers <= 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-10000 | 2025-09-30 | Qyrr – simply and modern QR-Code creation <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2025-8560 | 2025-09-30 | FancyTabs <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter |
| CVE-2025-9852 | 2025-09-30 | Yoga Schedule Momoyoga <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-9993 | 2025-09-30 | Bei Fen – WordPress Backup Plugin <= 1.4.2 - Authenticated (Subscriber+) Local File Inclusion |
| CVE-2025-10131 | 2025-09-30 | All Social Share Options <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-9762 | 2025-09-30 | Post By Email <= 1.0.4b - Unauthenticated Arbitrary File Upload via Email Attachments |
| CVE-2025-8623 | 2025-09-30 | WeedMaps Menu for WordPress <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via weedmaps_menu Shortcode |
| CVE-2025-10191 | 2025-09-30 | Big Post Shipping for WooCommerce <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-8624 | 2025-09-30 | Nexa Blocks <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Google Maps Widget |
| CVE-2025-8559 | 2025-09-30 | All in One Music Player <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter |
| CVE-2025-10182 | 2025-09-30 | dbview <= 0.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-9948 | 2025-09-30 | Chat by Chatwee <= 2.1.3 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-10168 | 2025-09-30 | Any News Ticker <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-9991 | 2025-09-30 | Tiny Bootstrap Elements Light <= 4.3.34 - Unauthenticated Local File Inclusion |
| CVE-2025-10189 | 2025-09-30 | BP Direct Menus <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-8608 | 2025-09-30 | Mihdan: Elementor Yandex Maps <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marker Pins |
| CVE-2025-10128 | 2025-09-30 | Eulerpool Research Systems <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-8214 | 2025-09-30 | The Pack Elementor addon <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typing Letter Widget |
| CVE-2025-9946 | 2025-09-30 | LockerPress – WordPress Security Plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-10196 | 2025-09-30 | SurveyAnyplace Plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-8777 | 2025-09-30 | planetcalc <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via language Parameter |
| CVE-2025-59668 | 2025-09-30 | Multiple versions of Central Monitor CNS-6201 contain a NULL pointer dereference vulnerability. When processing a crafted certain UDP packet, the affected device may abnormally terminate. |
| CVE-2025-6815 | 2025-09-30 | LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2025-6941 | 2025-09-30 | LatePoint <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-7038 | 2025-09-30 | LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function |
| CVE-2025-7052 | 2025-09-30 | LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function |
| CVE-2025-11148 | 2025-09-30 | All versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in... |
| CVE-2025-11149 | 2025-09-30 | This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers... |
| CVE-2025-11163 | 2025-09-30 | SmartCrawl SEO checker, analyzer & optimizer <= 3.14.3 - Missing Authorization to Plugin Settings Update |
| CVE-2025-8877 | 2025-09-30 | AffiliateWP <= 2.28.2 - Unauthenticated SQL Injection |
| CVE-2025-7063 | 2025-09-30 | Remote Code Execution via Unrestricted File Upload in PAD CMS |
| CVE-2025-7065 | 2025-09-30 | Remote Code Execution via Unrestricted File Upload in PAD CMS |
| CVE-2025-8116 | 2025-09-30 | Reflected XSS in PAD CMS |
| CVE-2025-8117 | 2025-09-30 | Account Takeover via Reset Password Functionality in PAD CMS |
| CVE-2025-8118 | 2025-09-30 | Bruteforce Protection Bypass in PAD CMS |
| CVE-2025-8119 | 2025-09-30 | Cross-Site Request Forgery in PAD CMS |
| CVE-2025-8120 | 2025-09-30 | Remote Code Execution via Unrestricted File Upload in PAD CMS |
| CVE-2025-8121 | 2025-09-30 | Blind SQL Injection in PAD CMS |
| CVE-2025-8122 | 2025-09-30 | Blind SQL Injection in PAD CMS |
| CVE-2025-41091 | 2025-09-30 | Insecure Direct Object Reference in GPS BOLD Workplanner |
| CVE-2025-41092 | 2025-09-30 | Insecure Direct Object Reference in GPS BOLD Workplanner |
| CVE-2025-41093 | 2025-09-30 | Insecure Direct Object Reference in GPS BOLD Workplanner |
| CVE-2025-41094 | 2025-09-30 | Insecure Direct Object Reference in GPS BOLD Workplanner |
| CVE-2025-41095 | 2025-09-30 | Insecure Direct Object Reference in GPS BOLD Workplanner |
| CVE-2025-41096 | 2025-09-30 | Insecure Direct Object Reference in GPS BOLD Workplanner |
| CVE-2025-41097 | 2025-09-30 | Insecure Direct Object Reference in GPS BOLD Workplanner |
| CVE-2025-41099 | 2025-09-30 | Insecure Direct Object Reference in GPS BOLD Workplanner |
| CVE-2025-41098 | 2025-09-30 | Insecure Direct Object Reference in GPS BOLD Workplanner |
| CVE-2025-10217 | 2025-09-30 | A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out... |
| CVE-2025-11152 | 2025-09-30 | Sandbox escape due to integer overflow in the Graphics: Canvas2D component |
| CVE-2025-11153 | 2025-09-30 | JIT miscompilation in the JavaScript Engine: JIT component |
| CVE-2025-10859 | 2025-09-30 | Data stored in cookies for non-HTML content while browsing Incognito could be viewed after closing private tabs |
| CVE-2025-34217 | 2025-09-30 | Vasion Print (formerly PrinterLogic) Undocumented Hardcoded SSH Key |
| CVE-2025-9230 | 2025-09-30 | Out-of-bounds read & write in RFC 3211 KEK Unwrap |
| CVE-2025-9231 | 2025-09-30 | Timing side-channel in SM2 algorithm on 64 bit ARM |