CVE List - 2025 / April
Showing 1 - 100 of 4038 CVEs for April 2025 (Page 1 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2003-20001 | 2025-04-01 | An issue was discovered on Mitel ICP VoIP 3100 devices.... |
| CVE-2023-46988 | 2025-04-01 | Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows... |
| CVE-2025-26054 | 2025-04-01 | Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting... |
| CVE-2025-26055 | 2025-04-01 | An OS Command Injection vulnerability exists in the Infinxt iEdge... |
| CVE-2025-26056 | 2025-04-01 | A command injection vulnerability exists in the Infinxt iEdge 100... |
| CVE-2025-27829 | 2025-04-01 | An issue was discovered in Stormshield Network Security (SNS) 4.3.x... |
| CVE-2025-28131 | 2025-04-01 | A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3... |
| CVE-2025-28132 | 2025-04-01 | A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows... |
| CVE-2025-28395 | 2025-04-01 | D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the... |
| CVE-2025-28398 | 2025-04-01 | D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the... |
| CVE-2025-29033 | 2025-04-01 | An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker... |
| CVE-2025-29036 | 2025-04-01 | An issue in hackathon-starter v.8.1.0 allows a remote attacker to... |
| CVE-2025-29049 | 2025-04-01 | Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and... |
| CVE-2025-29069 | 2025-04-01 | A heap buffer overflow vulnerability has been identified in the... |
| CVE-2025-29070 | 2025-04-01 | A heap buffer overflow vulnerability has been identified in thesmooth2()... |
| CVE-2025-29208 | 2025-04-01 | CodeZips Gym Management System v1.0 is vulnerable to SQL injection... |
| CVE-2025-3042 | 2025-04-01 | Project Worlds Online Time Table Generator updateprofile.php unrestricted upload |
| CVE-2025-3043 | 2025-04-01 | GuoMinJim PersonManage login preHandle path traversal |
| CVE-2025-3045 | 2025-04-01 | oretnom23/SourceCodester Apartment Visitor Management System remove-apartment.php sql injection |
| CVE-2025-21384 | 2025-04-01 | Azure Health Bot Elevation of Privilege Vulnerability |
| CVE-2025-30672 | 2025-04-01 | Mite for Perl generates code with an untrusted search path vulnerability |
| CVE-2025-30673 | 2025-04-01 | Sub::HandlesVia for Perl allows untrusted code to be included from the current working directory |
| CVE-2025-3051 | 2025-04-01 | Linux::Statm::Tiny for Perl allows untrusted code to be included from the current working directory |
| CVE-2025-1534 | 2025-04-01 | Cross-site Scripting (Stored) |
| CVE-2025-0418 | 2025-04-01 | Valmet DNA user passwords in plain text |
| CVE-2025-0417 | 2025-04-01 | Valmet DNA Lack of protection against brute force attacks |
| CVE-2025-0416 | 2025-04-01 | Valmet DNA Local privilege escalation through insecure DCOM configuration |
| CVE-2025-2007 | 2025-04-01 | Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2025-2008 | 2025-04-01 | Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-13567 | 2025-04-01 | Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory |
| CVE-2025-1665 | 2025-04-01 | Avada Builder <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-30520 | 2025-04-01 | WordPress Breezing Forms plugin <= 1.2.8.11 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30544 | 2025-04-01 | WordPress OK Poster Group plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30547 | 2025-04-01 | WordPress WP Cards plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30548 | 2025-04-01 | WordPress Advanced Post Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30559 | 2025-04-01 | WordPress Kento WordPress Stats plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30563 | 2025-04-01 | WordPress Tidekey plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30579 | 2025-04-01 | WordPress Pesapal Gateway for Woocommerce plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30589 | 2025-04-01 | WordPress Flickr set slideshows plugin <= 0.9 - SQL Injection Vulnerability |
| CVE-2025-30594 | 2025-04-01 | WordPress Include URL <= 0.3.5 Arbitrary File Download Vulnerability |
| CVE-2025-30607 | 2025-04-01 | WordPress Quick Localization plugin <= 0.1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30613 | 2025-04-01 | WordPress Nmedia MailChimp plugin <= 5.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30614 | 2025-04-01 | WordPress Google Font Fix plugin <= 2.3.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30622 | 2025-04-01 | WordPress PostMash <= 1.0.3 - SQL Injection Vulnerability |
| CVE-2025-30774 | 2025-04-01 | WordPress Quiz Maker plugin <= 6.6.8.7 - SQL Injection vulnerability |
| CVE-2025-30782 | 2025-04-01 | WordPress Subscribe to Download Lite plugin <= 1.2.9 - Local File Inclusion vulnerability |
| CVE-2025-30793 | 2025-04-01 | WordPress Houzez Property Feed plugin <= 2.5.4 - Arbitrary File Download Vulnerability |
| CVE-2025-30794 | 2025-04-01 | WordPress Event Tickets plugin <= 5.20.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30796 | 2025-04-01 | WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30797 | 2025-04-01 | WordPress Greek Multi Tool – Fix peralinks, accents, auto create menus and more plugin <= 2.3.1 - Broken Access Control Vulnerability |
| CVE-2025-30798 | 2025-04-01 | WordPress Better WishList API plugin <= 1.1.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30802 | 2025-04-01 | WordPress Our Team Members plugin <= 2.2 - Sensitive Data Exposure vulnerability |
| CVE-2025-30808 | 2025-04-01 | WordPress About Author plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30827 | 2025-04-01 | WordPress WP2LEADS plugin <= 3.4.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30834 | 2025-04-01 | WordPress Bit Assist plugin <= 1.5.4 - Path Traversal vulnerability |
| CVE-2025-30837 | 2025-04-01 | WordPress WooCommerce Fattureincloud plugin <= 2.6.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30840 | 2025-04-01 | WordPress xili-dictionary plugin <= 2.12.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30848 | 2025-04-01 | WordPress Hostel plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30849 | 2025-04-01 | WordPress Essential Real Estate plugin <= 5.2.0 - Local File Inclusion Vulnerability |
| CVE-2025-30869 | 2025-04-01 | WordPress Image Wall plugin <= 3.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30870 | 2025-04-01 | WordPress WP Travel Engine plugin <= 6.3.5 - Local File Inclusion vulnerability |
| CVE-2025-30876 | 2025-04-01 | WordPress Ads by WPQuads plugin <= 2.0.87.1 - SQL Injection Vulnerability |
| CVE-2025-30878 | 2025-04-01 | WordPress JS Help Desk plugin <= 2.9.2 - Arbitrary File Deletion vulnerability |
| CVE-2025-30880 | 2025-04-01 | WordPress JS Help Desk plugin <= 2.9.2 - Broken Access Control vulnerability |
| CVE-2025-30882 | 2025-04-01 | WordPress JS Help Desk plugin <= 2.9.1 - Arbitrary File Download vulnerability |
| CVE-2025-30886 | 2025-04-01 | WordPress JS Help Desk plugin <= 2.9.2 - SQL Injection vulnerability |
| CVE-2025-30901 | 2025-04-01 | WordPress JS Help Desk plugin <= 2.9.2 - Local File Inclusion vulnerability |
| CVE-2025-30902 | 2025-04-01 | WordPress AEC Kiosque plugin <= 1.9.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30910 | 2025-04-01 | WordPress CM Download Manager plugin <= 2.9.6 - Arbitrary File Deletion vulnerability |
| CVE-2025-30911 | 2025-04-01 | WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability |
| CVE-2025-30917 | 2025-04-01 | WordPress SKU Generator for WooCommerce plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30924 | 2025-04-01 | WordPress Primer MyData for Woocommerce plugin < 4.2.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30926 | 2025-04-01 | WordPress King Addons for Elementor plugin <= 24.12.58 - Broken Access Control Vulnerability |
| CVE-2025-31074 | 2025-04-01 | WordPress MDJM Event Management plugin <= 1.7.5.2 - PHP Object Injection vulnerability |
| CVE-2025-31084 | 2025-04-01 | WordPress Sunshine Photo Cart <= 3.4.10 - PHP Object Injection Vulnerability |
| CVE-2025-31087 | 2025-04-01 | WordPress Multiple Shipping And Billing Address For Woocommerce <= 1.5 - PHP Object Injection Vulnerability |
| CVE-2025-31095 | 2025-04-01 | WordPress Material Dashboard <= 1.4.5 - Privilege Escalation Vulnerability |
| CVE-2025-31415 | 2025-04-01 | WordPress YayExtra <= 1.5.2 - Broken Access Control Vulnerability |
| CVE-2025-22277 | 2025-04-01 | WordPress Vitepos plugin <= 3.1.4 - Broken Authentication vulnerability |
| CVE-2025-30971 | 2025-04-01 | WordPress XV Random Quotes plugin <= 1.40 - SQL Injection vulnerability |
| CVE-2025-31001 | 2025-04-01 | WordPress GTM Kit plugin <= 2.3.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-31024 | 2025-04-01 | WordPress RJ Quickcharts plugin <= 0.6.1 - SQL Injection vulnerability |
| CVE-2025-31409 | 2025-04-01 | WordPress Bridge Core plugin < 3.3.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-1986 | 2025-04-01 | Gutentor < 3.4.7 - Admin+ SQL Injection |
| CVE-2025-2048 | 2025-04-01 | Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal |
| CVE-2024-12278 | 2025-04-01 | Booster for WooCommerce <= 7.2.5 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-12189 | 2025-04-01 | WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-1267 | 2025-04-01 | Groundhogg <= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter |
| CVE-2025-1512 | 2025-04-01 | PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-27427 | 2025-04-01 | Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission |
| CVE-2025-2891 | 2025-04-01 | WP Pro Real Estate 7 <= 3.5.4 - Authenticated (Custom) Arbitrary File Upload |
| CVE-2025-30065 | 2025-04-01 | Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata |
| CVE-2025-29868 | 2025-04-01 | Apache Answer: Using externally referenced images can leak user privacy. |
| CVE-2025-27130 | 2025-04-01 | Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data... |
| CVE-2024-56325 | 2025-04-01 | Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required |
| CVE-2025-3082 | 2025-04-01 | User may override a view's collation and gain unauthorized access to underlying data |
| CVE-2025-2906 | 2025-04-01 | Contempo Real Estate Core <= 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-13553 | 2025-04-01 | SMS Alert Order Notifications – WooCommerce <= 3.7.9 - Unauthenticated Account Takeover/Privilege Escalation |
| CVE-2025-2237 | 2025-04-01 | WP RealEstate <= 1.6.26 - Authentication Bypass via 'process_register' |
| CVE-2025-3083 | 2025-04-01 | Malformed MongoDB wire protocol messages may cause mongos to crash |