CVE List - 2025 / April
Showing 3901 - 4000 of 4038 CVEs for April 2025 (Page 40 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-23178 | 2025-04-29 | Ribbon Communications - CWE-923: Improper Restriction of Communication Channel to Intended Endpoints |
| CVE-2025-23179 | 2025-04-29 | Ribbon Communications - CWE-798: Use of Hard-coded Credentials |
| CVE-2025-23180 | 2025-04-29 | Ribbon Communications - CWE-250: Execution with Unnecessary Privileges |
| CVE-2025-23181 | 2025-04-29 | Ribbon Communications - CWE-250: Execution with Unnecessary Privileges |
| CVE-2025-0716 | 2025-04-29 | AngularJS improper sanitization in SVG '<image>' element |
| CVE-2025-4072 | 2025-04-29 | PHPGurukul Online Nurse Hiring System edit-nurse.php sql injection |
| CVE-2025-4073 | 2025-04-29 | PHPGurukul Student Record System change-password.php sql injection |
| CVE-2025-46347 | 2025-04-29 | YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution |
| CVE-2025-46349 | 2025-04-29 | YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting |
| CVE-2025-46350 | 2025-04-29 | Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting |
| CVE-2025-4095 | 2025-04-29 | Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile |
| CVE-2025-3911 | 2025-04-29 | Exposure in Docker Desktop logs of environment variables configured for running containers |
| CVE-2025-4074 | 2025-04-29 | PHPGurukul Curfew e-Pass Management System pass-bwdates-report.php sql injection |
| CVE-2025-4075 | 2025-04-29 | VMSMan login.php cross site scripting |
| CVE-2025-4076 | 2025-04-29 | LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection |
| CVE-2025-4077 | 2025-04-29 | code-projects School Billing System searchrec stack-based overflow |
| CVE-2025-4079 | 2025-04-29 | PCMan FTP Server RENAME Command buffer overflow |
| CVE-2025-4080 | 2025-04-29 | PHPGurukul Online Nurse Hiring System view-request.php sql injection |
| CVE-2025-0520 | 2025-04-29 | ShowDoc Unauthenticated File Upload Remote Code Execution |
| CVE-2025-4078 | 2025-04-29 | Wangshen SecGate 3600 g=log_export_file path traversal |
| CVE-2025-46348 | 2025-04-29 | YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download |
| CVE-2025-46549 | 2025-04-29 | Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting |
| CVE-2025-46550 | 2025-04-29 | Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting |
| CVE-2025-46344 | 2025-04-29 | Auth0 NextJS SDK v4 Missing Session Invalidation |
| CVE-2025-3501 | 2025-04-29 | Org.keycloak.protocol.services: keycloak hostname verification |
| CVE-2025-3910 | 2025-04-29 | Org.keycloak.authentication: two factor authentication bypass |
| CVE-2025-46552 | 2025-04-29 | KHC-INVITATION-AUTOMATION Sensitive User Information Leakage in Invitation Automation |
| CVE-2025-29906 | 2025-04-29 | Finit bundled getty can bypass /bin/login |
| CVE-2025-44192 | 2025-04-30 | SourceCodester Simple Barangay Management System v1.0 has a SQL injection... |
| CVE-2025-44193 | 2025-04-30 | SourceCodester Simple Barangay Management System v1.0 has a SQL injection... |
| CVE-2025-44194 | 2025-04-30 | SourceCodester Simple Barangay Management System v1.0 has a SQL injection... |
| CVE-2025-45007 | 2025-04-30 | A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the... |
| CVE-2025-45009 | 2025-04-30 | A HTML Injection vulnerability was discovered in the normal-search.php file... |
| CVE-2025-45010 | 2025-04-30 | A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file... |
| CVE-2025-45011 | 2025-04-30 | A HTML Injection vulnerability was discovered in the foreigner-search.php file... |
| CVE-2025-45015 | 2025-04-30 | A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.php... |
| CVE-2025-45017 | 2025-04-30 | A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul... |
| CVE-2025-45018 | 2025-04-30 | A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file... |
| CVE-2025-45019 | 2025-04-30 | A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of... |
| CVE-2025-45020 | 2025-04-30 | A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file... |
| CVE-2025-45021 | 2025-04-30 | A SQL Injection vulnerability was identified in the admin/edit-directory.php file... |
| CVE-2025-46619 | 2025-04-30 | A security issue has been discovered in Couchbase Server before... |
| CVE-2025-30202 | 2025-04-30 | Data exposure via ZeroMQ on multi-node vLLM deployment |
| CVE-2025-46560 | 2025-04-30 | vLLM phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service |
| CVE-2025-32444 | 2025-04-30 | vLLM Vulnerable to Remote Code Execution via Mooncake Integration |
| CVE-2025-3953 | 2025-04-30 | WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update |
| CVE-2025-3471 | 2025-04-30 | SureForms < 1.4.4 - Contributor+ Settings Update |
| CVE-2025-22882 | 2025-04-30 | ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-22883 | 2025-04-30 | ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-22884 | 2025-04-30 | ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-4124 | 2025-04-30 | ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-4125 | 2025-04-30 | ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-2890 | 2025-04-30 | tagDiv Opt-In Builder <= 1.7 - Authenticated (Subscriber+) SQL Injection via subscriptionCouponId Parameter |
| CVE-2025-4108 | 2025-04-30 | PHPGurukul Student Record System add-subject.php sql injection |
| CVE-2025-4109 | 2025-04-30 | PHPGurukul Pre-School Enrollment System edit-subadmin.php sql injection |
| CVE-2025-4110 | 2025-04-30 | PHPGurukul Pre-School Enrollment System edit-teacher.php sql injection |
| CVE-2025-4111 | 2025-04-30 | PHPGurukul Pre-School Enrollment System visitor-details.php sql injection |
| CVE-2025-24338 | 2025-04-30 | A vulnerability in the “Manages app data” functionality of the... |
| CVE-2025-24339 | 2025-04-30 | A vulnerability in the web application of ctrlX OS allows... |
| CVE-2025-24340 | 2025-04-30 | A vulnerability in the users configuration file of ctrlX OS... |
| CVE-2025-4112 | 2025-04-30 | PHPGurukul Student Record System add-course.php sql injection |
| CVE-2025-4113 | 2025-04-30 | PHPGurukul Curfew e-Pass Management System edit-pass-detail.php sql injection |
| CVE-2025-24341 | 2025-04-30 | A vulnerability in the web application of ctrlX OS allows... |
| CVE-2025-24342 | 2025-04-30 | A vulnerability in the login functionality of the web application... |
| CVE-2025-24343 | 2025-04-30 | A vulnerability in the “Manages app data” functionality of the... |
| CVE-2025-24344 | 2025-04-30 | A vulnerability in the error notification messages of the web... |
| CVE-2025-24345 | 2025-04-30 | A vulnerability in the “Hosts” functionality of the web application... |
| CVE-2025-24346 | 2025-04-30 | A vulnerability in the “Proxy” functionality of the web application... |
| CVE-2025-24347 | 2025-04-30 | A vulnerability in the “Network Interfaces” functionality of the web... |
| CVE-2025-24348 | 2025-04-30 | A vulnerability in the “Network Interfaces” functionality of the web... |
| CVE-2025-24349 | 2025-04-30 | A vulnerability in the “Network Interfaces” functionality of the web... |
| CVE-2025-24350 | 2025-04-30 | A vulnerability in the “Certificates and Keys” functionality of the... |
| CVE-2025-24351 | 2025-04-30 | A vulnerability in the “Remote Logging” functionality of the web... |
| CVE-2025-27532 | 2025-04-30 | A vulnerability in the “Backup & Restore” functionality of the... |
| CVE-2025-4114 | 2025-04-30 | Netgear JWNR2000v2 check_language_file buffer overflow |
| CVE-2025-4115 | 2025-04-30 | Netgear JWNR2000v2 default_version_is_new buffer overflow |
| CVE-2025-4116 | 2025-04-30 | Netgear JWNR2000v2 get_cur_lang_ver buffer overflow |
| CVE-2025-3394 | 2025-04-30 | Vulnerability in user management of Automation Builder |
| CVE-2025-3395 | 2025-04-30 | Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive... |
| CVE-2025-4117 | 2025-04-30 | Netgear JWNR2000v2 sub_41A914 buffer overflow |
| CVE-2025-4118 | 2025-04-30 | Weitong Mall Product History historyList access control |
| CVE-2025-4119 | 2025-04-30 | Weitong Mall Product Statistics queryTotal access control |
| CVE-2025-4120 | 2025-04-30 | Netgear JWNR2000v2 sub_4238E8 buffer overflow |
| CVE-2025-4121 | 2025-04-30 | Netgear JWNR2000v2 cmd_wireless command injection |
| CVE-2025-4122 | 2025-04-30 | Netgear JWNR2000v2 sub_435E04 command injection |
| CVE-2025-32970 | 2025-04-30 | org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability |
| CVE-2025-32971 | 2025-04-30 | XWiki Solr script service doesn't take dropped programming right into account |
| CVE-2025-32972 | 2025-04-30 | The lesscss script service allows cache clearing without programming right |
| CVE-2025-32974 | 2025-04-30 | org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type |
| CVE-2025-32973 | 2025-04-30 | org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right |
| CVE-2025-27409 | 2025-04-30 | Joplin Server Vulnerable to Path Traversal |
| CVE-2025-27134 | 2025-04-30 | Privilege escalation in Joplin server via user patch endpoint |
| CVE-2025-46342 | 2025-04-30 | Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements |
| CVE-2025-32376 | 2025-04-30 | Discourse DM limits aren’t always properly enforced |
| CVE-2025-3859 | 2025-04-30 | Websites directing users to long URLs that caused eliding to... |
| CVE-2025-3599 | 2025-04-30 | Symantec Endpoint Protection Elevation of Privilege |
| CVE-2025-30391 | 2025-04-30 | Microsoft Dynamics Information Disclosure Vulnerability |
| CVE-2025-30389 | 2025-04-30 | Azure Bot Framework SDK Elevation of Privilege Vulnerability |
| CVE-2025-33074 | 2025-04-30 | Azure Functions Remote Code Execution Vulnerability |
| CVE-2025-30390 | 2025-04-30 | Azure ML Compute Elevation of Privilege Vulnerability |