CVE List - 2025 / September
Showing 401 - 500 of 4322 CVEs for September 2025 (Page 5 of 44)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-9928 | 2025-09-03 | projectworlds Travel Management System viewcategory.php sql injection |
| CVE-2025-9929 | 2025-09-03 | code-projects Responsive Blog Site blogs_view.php cross site scripting |
| CVE-2025-9930 | 2025-09-03 | 1000projects Beauty Parlour Management System contact-us.php sql injection |
| CVE-2025-58057 | 2025-09-03 | Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack |
| CVE-2025-9931 | 2025-09-03 | Jinher OA POST Request login!changePassWord.action cross site scripting |
| CVE-2025-9932 | 2025-09-03 | PHPGurukul Beauty Parlour Management System update-image.php sql injection |
| CVE-2025-58064 | 2025-09-03 | CKEditor is susceptible to Cross-Site Scripting (XSS) through its clipboard package |
| CVE-2025-9933 | 2025-09-03 | PHPGurukul Beauty Parlour Management System view-appointment.php sql injection |
| CVE-2025-9934 | 2025-09-03 | TOTOLINK X5000R cstecgi.cgi sub_410C34 command injection |
| CVE-2025-9935 | 2025-09-03 | TOTOLINK N600R cstecgi.cgi sub_4159F8 command injection |
| CVE-2025-9936 | 2025-09-03 | fuyang_lipengjun platform queryAll AdController improper authorization |
| CVE-2025-9937 | 2025-09-03 | elunez eladmin LocalStorageController deleteFile improper authorization |
| CVE-2025-9938 | 2025-09-03 | D-Link DI-8400 yyxz.asp yyxz_dlink_asp stack-based overflow |
| CVE-2025-58355 | 2025-09-03 | Soft Serve is vulnerable to arbitrary file writing through its SSH API |
| CVE-2025-57263 | 2025-09-04 | An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php admin panel. |
| CVE-2025-57576 | 2025-09-04 | PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) in /admin/updateorder.php. |
| CVE-2025-9939 | 2025-09-04 | CodeAstro Real Estate Management System propertyview.php cross site scripting |
| CVE-2025-9940 | 2025-09-04 | CodeAstro Real Estate Management System feature.php cross site scripting |
| CVE-2025-58357 | 2025-09-04 | 5ire Chat Message XSS Vulnerability Enables Remote Code Execution |
| CVE-2025-9941 | 2025-09-04 | CodeAstro Real Estate Management System register.php unrestricted upload |
| CVE-2025-9942 | 2025-09-04 | CodeAstro Real Estate Management System submitproperty.php unrestricted upload |
| CVE-2025-58358 | 2025-09-04 | Markdownify is vulnerable to command injection through pptx-to-markdown tool |
| CVE-2025-43772 | 2025-09-04 | Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request... |
| CVE-2025-9518 | 2025-09-04 | atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Deletion |
| CVE-2025-9516 | 2025-09-04 | atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read |
| CVE-2025-9517 | 2025-09-04 | atec Debug <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution |
| CVE-2025-9519 | 2025-09-04 | Easy Timer <= 4.2.1 - Authenticated (Editor+) Remote Code Execution via Shortcode |
| CVE-2025-36890 | 2025-09-04 | Elevation of Privilege |
| CVE-2025-36891 | 2025-09-04 | Elevation of privilege |
| CVE-2025-36892 | 2025-09-04 | Denial of service |
| CVE-2025-36893 | 2025-09-04 | In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2025-36894 | 2025-09-04 | In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User... |
| CVE-2025-36895 | 2025-09-04 | Information disclosure |
| CVE-2025-36896 | 2025-09-04 | WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106. |
| CVE-2025-36897 | 2025-09-04 | In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2025-36898 | 2025-09-04 | There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2025-36899 | 2025-09-04 | There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution privileges needed.... |
| CVE-2025-36900 | 2025-09-04 | In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2025-36901 | 2025-09-04 | WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223. |
| CVE-2025-36902 | 2025-09-04 | In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2025-36903 | 2025-09-04 | In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... |
| CVE-2025-36904 | 2025-09-04 | WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384. |
| CVE-2025-36905 | 2025-09-04 | In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-36906 | 2025-09-04 | In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-36907 | 2025-09-04 | In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after... |
| CVE-2025-36908 | 2025-09-04 | In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2025-36909 | 2025-09-04 | Information disclosure |
| CVE-2024-56189 | 2025-09-04 | In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with no additional... |
| CVE-2024-56190 | 2025-09-04 | In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2025-36887 | 2025-09-04 | In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-9467 | 2025-09-04 | Possibility to bypass file upload validation on the server-side |
| CVE-2024-13071 | 2025-09-04 | XSS in Akinsoft's e-Mutabakat |
| CVE-2025-2417 | 2025-09-04 | OTP Bypass in Akinsoft's e-Mutabakat |
| CVE-2025-6984 | 2025-09-04 | Sensitive Information Disclosure Due to Insecure XML Parsing in langchain-ai/langchain |
| CVE-2024-13073 | 2025-09-04 | XSS in Akinsoft's TaskPano |
| CVE-2025-2411 | 2025-09-04 | OTP Bypass in Akinsoft's TaskPano |
| CVE-2025-9616 | 2025-09-04 | PopAd <= 1.0.4 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-6085 | 2025-09-04 | Make Connector <= 1.5.10 - Authenticated (Administrator+) Arbitrary File Upload |
| CVE-2022-39888 | 2025-09-04 | Improper access control vulnerability in retrieveExternalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to access to Proxy information. |
| CVE-2024-34598 | 2025-09-04 | Improper export of component in GoodLock prior to version 2.2.04.95 allows local attackers to install arbitrary applications from Galaxy Store. |
| CVE-2025-41032 | 2025-09-04 | SQL injection vulnerability in appRain CMF |
| CVE-2025-41033 | 2025-09-04 | SQL injection vulnerability in appRain CMF |
| CVE-2025-41034 | 2025-09-04 | SQL injection vulnerability in appRain CMF |
| CVE-2025-41035 | 2025-09-04 | Path Traversal vulnerability in appRain CMF |
| CVE-2025-41036 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41037 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41038 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41039 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41040 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41041 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41042 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41043 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41044 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41045 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41046 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41047 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41048 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41049 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41050 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41051 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41052 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41053 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41054 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41055 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41056 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41057 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41058 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41059 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41060 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41061 | 2025-09-04 | Stored Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41062 | 2025-09-04 | Reflected Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-41063 | 2025-09-04 | Reflected Cross-Site Scripting vulnerability in appRain CMF |
| CVE-2025-7385 | 2025-09-04 | SQL Injection in GOV CMS |
| CVE-2025-7388 | 2025-09-04 | Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface |
| CVE-2025-8311 | 2025-09-04 | dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers... |
| CVE-2025-6785 | 2025-09-04 | Tesla Model 3 Physical CAN Bus Injection |
| CVE-2025-2694 | 2025-09-04 | IBM Sterling B2B Integrator cross-site scripting |
| CVE-2025-2667 | 2025-09-04 | IBM Sterling B2B Integrator information disclosure |
| CVE-2024-43184 | 2025-09-04 | IBM Jazz Foundation cross-site scripting |
| CVE-2025-25048 | 2025-09-04 | IBM Jazz Foundation path traversal |