Lista CVE 2025/27xxx

CVE nel gruppo: 27xxx

CVE-2025-27138 (N/A)

CVE-2025-27139 (DataEase has an improper authentication vulnerability)

CVE-2025-27140 (Combodo iTop vulnerable to stored self Cross-site Scripting in preferences)

CVE-2025-27141 (WeGIA vulnerable to OS Command Injection at endpoint ‘importar_dump.php’ parameter ‘import’ (RCE))

CVE-2025-27142 (Metabase Enterprise Edition allows cached questions to leak data to impersonated users)

CVE-2025-27143 (LocalSend path traversal vulnerability in the file upload endpoint allows nearby devices to execute arbitrary commands)

CVE-2025-27144 (Beter Auth has an Open Redirect via Scheme-Less Callback Parameter)

CVE-2025-27145 (Go JOSE’s Parsing Vulnerable to Denial of Service)

CVE-2025-27146 (copyparty renders unsanitized filenames as HTML when user uploads empty files)

CVE-2025-27147 (Matrix IRC Bridge allows IRC command injection to own puppeted user)

CVE-2025-27148 (GLPI Inventory plugin has Improper Access Control Vulnerability)

CVE-2025-27149 (Gradle vulnerable to local privilege escalation through system temporary directory)

CVE-2025-27150 (Zulip exports can leak private data)

CVE-2025-27152 (Tuleap dumps the Redis password into the generated troubleshooting archives)

CVE-2025-27154 (Possible SSRF and Credential Leakage via Absolute URL in axios Requests)

CVE-2025-27155 (Spotipy’s cache file, containing spotify auth token, is created with overly broad permissions)

CVE-2025-27156 (In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim)

CVE-2025-27157 (Tuleap allows content injection via emails sent by the mass emailing features)

CVE-2025-27158 (Mastodon’s rate-limits are missing on `/auth/setup`)

CVE-2025-27159 (Acrobat Reader | Access of Uninitialized Pointer (CWE-824))

CVE-2025-27160 (Acrobat Reader | Use After Free (CWE-416))

CVE-2025-27161 (Acrobat Reader | Use After Free (CWE-416))

CVE-2025-27162 (Acrobat Reader | Out-of-bounds Read (CWE-125))

CVE-2025-27163 (Acrobat Reader | Access of Uninitialized Pointer (CWE-824))

CVE-2025-27164 (Acrobat Reader | Out-of-bounds Read (CWE-125))

CVE-2025-27166 (Acrobat Reader | Out-of-bounds Read (CWE-125))

CVE-2025-27167 (InDesign Desktop | Out-of-bounds Write (CWE-787))

CVE-2025-27168 (Illustrator | Untrusted Search Path (CWE-426))

CVE-2025-27169 (Illustrator | Stack-based Buffer Overflow (CWE-121))

CVE-2025-27170 (Illustrator | Out-of-bounds Write (CWE-787))

CVE-2025-27171 (Illustrator | NULL Pointer Dereference (CWE-476))

CVE-2025-27172 (InDesign Desktop | Heap-based Buffer Overflow (CWE-122))

CVE-2025-27173 (Substance3D – Designer | Out-of-bounds Write (CWE-787))

CVE-2025-27174 (Substance3D – Modeler | Heap-based Buffer Overflow (CWE-122))

CVE-2025-27175 (Acrobat Reader | Use After Free (CWE-416))

CVE-2025-27176 (InDesign Desktop | Out-of-bounds Write (CWE-787))

CVE-2025-27177 (InDesign Desktop | NULL Pointer Dereference (CWE-476))

CVE-2025-27178 (InDesign Desktop | Heap-based Buffer Overflow (CWE-122))

CVE-2025-27179 (InDesign Desktop | Out-of-bounds Write (CWE-787))

CVE-2025-27180 (InDesign Desktop | NULL Pointer Dereference (CWE-476))

CVE-2025-27181 (Substance3D – Modeler | Out-of-bounds Read (CWE-125))

CVE-2025-27218 (Substance3D – Modeler | Use After Free (CWE-416))

CVE-2025-27219 (N/A)

CVE-2025-27220 (N/A)

CVE-2025-27221 (N/A)

CVE-2025-27253 (N/A)

CVE-2025-27254 (N/A)

CVE-2025-27255 (N/A)

CVE-2025-27256 (N/A)

CVE-2025-27257 (N/A)

CVE-2025-27263 (N/A)

CVE-2025-27264 (WordPress Doctor Appointment Booking Plugin <= 1.0.0 - SQL Injection vulnerability)

CVE-2025-27265 (WordPress Doctor Appointment Booking Plugin <= 1.0.0 - Local File Inclusion vulnerability)

CVE-2025-27266 (WordPress Google Maps for WordPress plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-27267 (WordPress Hover Image Button plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-27268 (WordPress Random Quotes Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-27269 (WordPress Small Package Quotes – Worldwide Express Edition Plugin <= 5.2.18 - SQL Injection vulnerability)

CVE-2025-27270 (WordPress .htaccess Login block Plugin <= 0.9a - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-27271 (WordPress Residential Address Detection Plugin <= 2.5.4 - Arbitrary Option Update to Privilege Escalation vulnerability)

CVE-2025-27272 (WordPress DB Tables Import/Export Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability)