CVE List - 2025 / April
Showing 1001 - 1100 of 4033 CVEs for April 2025 (Page 11 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-31492 | 2025-04-06 | mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data |
| CVE-2025-32013 | 2025-04-06 | Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment System |
| CVE-2025-3323 | 2025-04-06 | godcheese/code-projects Nimrod ViewMenuCategoryRestController.java searchAllByName sql injection |
| CVE-2025-3324 | 2025-04-06 | godcheese/code-projects Nimrod FileRestController.java unrestricted upload |
| CVE-2025-3325 | 2025-04-06 | iteaj iboot 物联网网关 Admin Password pwd access control |
| CVE-2025-3326 | 2025-04-06 | iteaj iboot 物联网网关 File Upload upload cross site scripting |
| CVE-2024-46494 | 2025-04-07 | A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an... |
| CVE-2025-28400 | 2025-04-07 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method |
| CVE-2025-28401 | 2025-04-07 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter |
| CVE-2025-28402 | 2025-04-07 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter |
| CVE-2025-28403 | 2025-04-07 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications... |
| CVE-2025-28405 | 2025-04-07 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method |
| CVE-2025-28406 | 2025-04-07 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter |
| CVE-2025-28407 | 2025-04-07 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission... |
| CVE-2025-28408 | 2025-04-07 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter |
| CVE-2025-28409 | 2025-04-07 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission... |
| CVE-2025-28410 | 2025-04-07 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges |
| CVE-2025-28411 | 2025-04-07 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave |
| CVE-2025-28412 | 2025-04-07 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController |
| CVE-2025-28413 | 2025-04-07 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component |
| CVE-2025-29087 | 2025-04-07 | In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled... |
| CVE-2025-29478 | 2025-04-07 | An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165. |
| CVE-2025-29480 | 2025-04-07 | Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and... |
| CVE-2025-29481 | 2025-04-07 | Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. |
| CVE-2025-29482 | 2025-04-07 | Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265. |
| CVE-2025-29594 | 2025-04-07 | A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed. Specifically, the $_GET['errorcode'] parameter can be manipulated to access... |
| CVE-2025-32409 | 2025-04-07 | Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed... |
| CVE-2025-3327 | 2025-04-07 | iteaj iboot 物联网网关 File Upload batch cross site scripting |
| CVE-2025-3328 | 2025-04-07 | Tenda AC1206 fast_setting_wifi_set form_fast_setting_wifi_set buffer overflow |
| CVE-2025-3329 | 2025-04-07 | Consumer Comanda Mobile Restaurant Order cleartext transmission |
| CVE-2025-3330 | 2025-04-07 | codeprojects Online Restaurant Management System reservation_save.php sql injection |
| CVE-2025-3331 | 2025-04-07 | codeprojects Online Restaurant Management System payment_save.php sql injection |
| CVE-2025-3332 | 2025-04-07 | codeprojects Online Restaurant Management System menu_save.php sql injection |
| CVE-2025-20102 | 2025-04-07 | arkcompiler_ets_runtime has an out-of-bounds read vulnerability |
| CVE-2025-22452 | 2025-04-07 | arkcompiler_ets_runtime has an out-of-bounds read vulnerability |
| CVE-2025-22842 | 2025-04-07 | arkcompiler_ets_runtime has an out-of-bounds read vulnerability |
| CVE-2025-22851 | 2025-04-07 | Liteos_A has an integer overflow vulnerability |
| CVE-2025-24304 | 2025-04-07 | arkcompiler_ets_runtime has an out-of-bounds write vulnerability |
| CVE-2025-25057 | 2025-04-07 | third_party_NuttX has a memory leak vulnerability |
| CVE-2025-27534 | 2025-04-07 | arkcompiler_ets_runtime has an out-of-bounds read vulnerability |
| CVE-2025-3333 | 2025-04-07 | codeprojects Online Restaurant Management System menu_update.php sql injection |
| CVE-2025-20654 | 2025-04-07 | In wlan service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed.... |
| CVE-2025-20655 | 2025-04-07 | In keymaster, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained... |
| CVE-2025-20656 | 2025-04-07 | In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access... |
| CVE-2025-20657 | 2025-04-07 | In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System... |
| CVE-2025-20658 | 2025-04-07 | In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device,... |
| CVE-2025-20659 | 2025-04-07 | In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base... |
| CVE-2025-20660 | 2025-04-07 | In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has... |
| CVE-2025-20661 | 2025-04-07 | In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has... |
| CVE-2025-20662 | 2025-04-07 | In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has... |
| CVE-2025-20663 | 2025-04-07 | In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User... |
| CVE-2025-20664 | 2025-04-07 | In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User... |
| CVE-2025-3334 | 2025-04-07 | codeprojects Online Restaurant Management System category_save.php sql injection |
| CVE-2024-58106 | 2025-04-07 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-58107 | 2025-04-07 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-58108 | 2025-04-07 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-58109 | 2025-04-07 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-58110 | 2025-04-07 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-58111 | 2025-04-07 | Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-58112 | 2025-04-07 | Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-58113 | 2025-04-07 | Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-58115 | 2025-04-07 | Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-58116 | 2025-04-07 | Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-58124 | 2025-04-07 | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. |
| CVE-2024-58125 | 2025-04-07 | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. |
| CVE-2024-58126 | 2025-04-07 | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. |
| CVE-2024-58127 | 2025-04-07 | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. |
| CVE-2025-31170 | 2025-04-07 | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. |
| CVE-2025-31171 | 2025-04-07 | File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-31172 | 2025-04-07 | Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-31173 | 2025-04-07 | Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-31174 | 2025-04-07 | Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-31175 | 2025-04-07 | Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2025-3335 | 2025-04-07 | codeprojects Online Restaurant Management System category_update.php sql injection |
| CVE-2025-3336 | 2025-04-07 | codeprojects Online Restaurant Management System member_save.php sql injection |
| CVE-2025-3337 | 2025-04-07 | codeprojects Online Restaurant Management System member_update.php sql injection |
| CVE-2025-3338 | 2025-04-07 | codeprojects Online Restaurant Management System user_save.php sql injection |
| CVE-2025-3339 | 2025-04-07 | codeprojects Online Restaurant Management System user_update.php sql injection |
| CVE-2024-11071 | 2025-04-07 | Improper Access Control In DestinyECM |
| CVE-2025-3340 | 2025-04-07 | codeprojects Online Restaurant Management System combo_update.php sql injection |
| CVE-2025-3341 | 2025-04-07 | codeprojects Online Restaurant Management System reservation_view.php sql injection |
| CVE-2025-3342 | 2025-04-07 | codeprojects Online Restaurant Management System payment_save.php sql injection |
| CVE-2025-3343 | 2025-04-07 | codeprojects Online Restaurant Management System reservation_update.php sql injection |
| CVE-2024-11859 | 2025-04-07 | DLL Search Order Hijacking in ESET products for Windows |
| CVE-2025-3344 | 2025-04-07 | codeprojects Online Restaurant Management System assign_save.php sql injection |
| CVE-2025-30473 | 2025-04-07 | Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection |
| CVE-2025-3345 | 2025-04-07 | codeprojects Online Restaurant Management System combo.php sql injection |
| CVE-2025-3346 | 2025-04-07 | Tenda AC7 SetPptpServerCfg formSetPPTPServer buffer overflow |
| CVE-2025-3347 | 2025-04-07 | code-projects Patient Record Management System dental_pending.php sql injection |
| CVE-2024-33058 | 2025-04-07 | Insufficient Granularity of Access Control in Core |
| CVE-2024-43046 | 2025-04-07 | Information Exposure in TZ Secure OS |
| CVE-2024-43058 | 2025-04-07 | Incorrect Type Conversion or Cast in Multimedia Frameworks |
| CVE-2024-43065 | 2025-04-07 | Exposed Dangerous Method or Function in HLOS |
| CVE-2024-43066 | 2025-04-07 | Use After Free in HLOS |
| CVE-2024-43067 | 2025-04-07 | Time-of-check Time-of-use (TOCTOU) Race Condition in Camera |
| CVE-2024-45540 | 2025-04-07 | Use After Free in HLOS |
| CVE-2024-45543 | 2025-04-07 | Out-of-bounds Write in Audio |
| CVE-2024-45544 | 2025-04-07 | Use After Free in Data Network Stack & Connectivity |
| CVE-2024-45549 | 2025-04-07 | Exposure of Sensitive System Information to an Unauthorized Control Sphere in KERNEL |
| CVE-2024-45551 | 2025-04-07 | Weak Authentication in HLOS |