CVE List - 2025 / April
Showing 1101 - 1200 of 4033 CVEs for April 2025 (Page 12 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-45552 | 2025-04-07 | Buffer Over-read in Data Network Stack & Connectivity |
| CVE-2024-45556 | 2025-04-07 | Improper Access Control for Register Interface in TZ Firmware |
| CVE-2024-45557 | 2025-04-07 | Use of Out-of-range Pointer Offset in Trust Management Engine |
| CVE-2024-49848 | 2025-04-07 | Use After Free in DSP Service |
| CVE-2025-21421 | 2025-04-07 | Buffer Over-read in Display |
| CVE-2025-21423 | 2025-04-07 | Improper Validation of Array Index in Display |
| CVE-2025-21425 | 2025-04-07 | Improper Access Control in Automotive Linux OS |
| CVE-2025-21428 | 2025-04-07 | Buffer Over-read in WLAN Host |
| CVE-2025-21429 | 2025-04-07 | Buffer Over-read in WLAN Host |
| CVE-2025-21430 | 2025-04-07 | Buffer Over-read in WLAN Host |
| CVE-2025-21431 | 2025-04-07 | Time-of-check Time-of-use (TOCTOU) Race Condition in Automotive OS Platform |
| CVE-2025-21434 | 2025-04-07 | Buffer Over-read in WLAN Host |
| CVE-2025-21435 | 2025-04-07 | Buffer Over-read in WLAN Host Communication |
| CVE-2025-21436 | 2025-04-07 | Use After Free in DSP Service |
| CVE-2025-21437 | 2025-04-07 | Use After Free in Automotive Linux OS |
| CVE-2025-21438 | 2025-04-07 | Out-of-bounds Read in Windows WLAN Host |
| CVE-2025-21439 | 2025-04-07 | Out-of-bounds Read in Windows WLAN Host |
| CVE-2025-21440 | 2025-04-07 | Out-of-bounds Read in Windows WLAN Host |
| CVE-2025-21441 | 2025-04-07 | Out-of-bounds Read in Windows WLAN Host |
| CVE-2025-21442 | 2025-04-07 | Integer Overflow to Buffer Overflow in Automotive Vehicle Networks |
| CVE-2025-21443 | 2025-04-07 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Automotive Vehicle Networks |
| CVE-2025-21447 | 2025-04-07 | Improper Validation of Array Index in Computer Vision |
| CVE-2025-21448 | 2025-04-07 | Buffer Over-read in WLAN Firmware |
| CVE-2025-3348 | 2025-04-07 | code-projects Patient Record Management System edit_dpatient.php sql injection |
| CVE-2025-3349 | 2025-04-07 | PCMan FTP Server SYST Command buffer overflow |
| CVE-2025-3350 | 2025-04-07 | PHPGurukul Old Age Home Management System view-enquiry.php sql injection |
| CVE-2025-3351 | 2025-04-07 | PHPGurukul Old Age Home Management System login.php sql injection |
| CVE-2025-0050 | 2025-04-07 | Mali GPU Userspace Driver allows an Out-of-Bounds access |
| CVE-2025-3352 | 2025-04-07 | PHPGurukul Old Age Home Management System edit-scdetails.php sql injection |
| CVE-2025-3359 | 2025-04-07 | Gnuplot: segmentation fault via io_str_init_static_internal function |
| CVE-2025-3360 | 2025-04-07 | Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601(). |
| CVE-2025-3353 | 2025-04-07 | PHPGurukul Men Salon Management System add-services.php sql injection |
| CVE-2025-27686 | 2025-04-07 | Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability.... |
| CVE-2025-30195 | 2025-04-07 | A crafted zone can lead to an illegal memory access in the PowerDNS Recursor |
| CVE-2025-3369 | 2025-04-07 | xxyopen Novel-Plus list sql injection |
| CVE-2025-3370 | 2025-04-07 | PHPGurukul Men Salon Management System admin-profile.php sql injection |
| CVE-2025-2251 | 2025-04-07 | Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code execution |
| CVE-2025-3248 | 2025-04-07 | Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code |
| CVE-2025-3371 | 2025-04-07 | PCMan FTP Server DELETE Command buffer overflow |
| CVE-2025-30373 | 2025-04-07 | Graylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has wrong value |
| CVE-2025-31138 | 2025-04-07 | tarteaucitron.js allows UI manipulation via unrestricted CSS injection |
| CVE-2025-31475 | 2025-04-07 | tarteaucitron.js allows prototype pollution via custom text injection |
| CVE-2025-31476 | 2025-04-07 | tarteaucitron.js allows url scheme injection via unfiltered inputs |
| CVE-2025-32014 | 2025-04-07 | estree-util-value-to-estree allows prototype pollution in generated ESTree |
| CVE-2025-3372 | 2025-04-07 | PCMan FTP Server MKDIR Command buffer overflow |
| CVE-2025-3373 | 2025-04-07 | PCMan FTP Server SITE CHMOD Command buffer overflow |
| CVE-2025-3424 | 2025-04-07 | 3.2.1 Arbitrary File Read in insecure .NET Remoting TCP Channel |
| CVE-2025-3374 | 2025-04-07 | PCMan FTP Server CCC Command buffer overflow |
| CVE-2025-3425 | 2025-04-07 | Unauthenticated Remote Code Execution via .NET Deserialization |
| CVE-2025-3426 | 2025-04-07 | Use of default hardcoded credentials |
| CVE-2025-3375 | 2025-04-07 | PCMan FTP Server CDUP Command buffer overflow |
| CVE-2025-3376 | 2025-04-07 | PCMan FTP Server CONF Command buffer overflow |
| CVE-2024-38797 | 2025-04-07 | Out-of-bounds Read in HashPeImageByType() |
| CVE-2025-3377 | 2025-04-07 | PCMan FTP Server ENC Command buffer overflow |
| CVE-2025-3378 | 2025-04-07 | PCMan FTP Server EPRT Command buffer overflow |
| CVE-2025-3379 | 2025-04-07 | PCMan FTP Server EPSV Command buffer overflow |
| CVE-2025-3380 | 2025-04-07 | PCMan FTP Server FEAT Command buffer overflow |
| CVE-2025-3381 | 2025-04-07 | zhangyanbo2007 youkefu File Upload WebIMController.java path traversal |
| CVE-2025-3382 | 2025-04-07 | joey-zhou xiaozhi-esp32-server-java update sql injection |
| CVE-2025-29769 | 2025-04-07 | libvips has a potential heap-based buffer overflow when attempting to convert multiband TIFF input to HEIF output |
| CVE-2025-32029 | 2025-04-07 | ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation |
| CVE-2025-3383 | 2025-04-07 | SourceCodester Web-based Pharmacy Product Management System search_sales.php sql injection |
| CVE-2025-31496 | 2025-04-07 | apollo-compiler Named Fragment Processing Vulnerability |
| CVE-2025-32030 | 2025-04-07 | Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion |
| CVE-2025-32031 | 2025-04-07 | Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass |
| CVE-2025-32032 | 2025-04-07 | Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass |
| CVE-2025-32033 | 2025-04-07 | Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow |
| CVE-2025-32034 | 2025-04-07 | Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion |
| CVE-2025-3384 | 2025-04-07 | 1000 Projects Human Resource Management System employee.php sql injection |
| CVE-2025-3385 | 2025-04-07 | LinZhaoguan pb-cms Classification Management Page cross site scripting |
| CVE-2025-0942 | 2025-04-07 | Jalios JPlatform 10 SP6 < 10.0.6 Record Chooser SQL Injection |
| CVE-2025-3386 | 2025-04-07 | LinZhaoguan pb-cms Friendship Link admin#links cross site scripting |
| CVE-2025-3387 | 2025-04-07 | renrenio renren-security JSON cross site scripting |
| CVE-2025-3388 | 2025-04-07 | hailey888 oa_system Frontend LoginsController.java loginCheck cross site scripting |
| CVE-2025-3389 | 2025-04-07 | hailey888 oa_system Backend InformManageController.java testMess cross site scripting |
| CVE-2024-55354 | 2025-04-08 | Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run... |
| CVE-2025-32406 | 2025-04-08 | An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response. |
| CVE-2025-32413 | 2025-04-08 | Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py. |
| CVE-2025-32414 | 2025-04-08 | In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and... |
| CVE-2025-3390 | 2025-04-08 | hailey888 oa_system Backend DaymanageController.java addandchangeday cross site scripting |
| CVE-2025-3391 | 2025-04-08 | hailey888 oa_system Backend AddrController. java outAddress cross site scripting |
| CVE-2025-3392 | 2025-04-08 | hailey888 oa_system Backend MailController.java save cross site scripting |
| CVE-2025-3393 | 2025-04-08 | mrcen springboot-ucan-admin Personal Settings Interface index cross site scripting |
| CVE-2025-3397 | 2025-04-08 | YzmCMS message.tpl cross site scripting |
| CVE-2025-3398 | 2025-04-08 | lenve VBlog WebSecurityConfig.java configure access control |
| CVE-2025-2526 | 2025-04-08 | Streamit <= 4.0.2 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover |
| CVE-2025-2525 | 2025-04-08 | Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-2519 | 2025-04-08 | Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Download |
| CVE-2025-3361 | 2025-04-08 | HGiga iSherlock - OS Command Injection |
| CVE-2025-3399 | 2025-04-08 | ESAFENET CDG updateNotice.jsp sql injection |
| CVE-2025-3400 | 2025-04-08 | ESAFENET CDG UnChkMailApplication.jsp sql injection |
| CVE-2025-3362 | 2025-04-08 | HGiga iSherlock - OS Command Injection |
| CVE-2025-3363 | 2025-04-08 | HGiga iSherlock - OS Command Injection |
| CVE-2025-3364 | 2025-04-08 | HGiga PowerStation - Chroot Escape |
| CVE-2025-3401 | 2025-04-08 | ESAFENET CDG getLimitIPList.jsp sql injection |
| CVE-2025-3402 | 2025-04-08 | Seeyon Zhiyuan Interconnect FE Collaborative Office Platform check.js%70 sql injection |
| CVE-2025-3403 | 2025-04-08 | Vivotek NVR ND8422P/NVR ND9525P/NVR ND9541P HTML Form sensitive information in source |
| CVE-2025-3405 | 2025-04-08 | FCJ Venture Builder appclientefiel HTTP GET Request ObterPedido resource injection |
| CVE-2025-3406 | 2025-04-08 | Nothings stb Header Array stbhw_build_tileset_from_image out-of-bounds |
| CVE-2025-3407 | 2025-04-08 | Nothings stb stbhw_build_tileset_from_image out-of-bounds |