CVE List - 2025 / April
Showing 401 - 500 of 4038 CVEs for April 2025 (Page 5 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-31461 | 2025-04-01 | WordPress NanoSupport plugin <= 0.6.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31462 | 2025-04-01 | WordPress CGM Event Calendar <= 0.8.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31525 | 2025-04-01 | WordPress WP Mobile Bottom Menu plugin <= 1.2.9 - Broken Access Control vulnerability |
| CVE-2025-31531 | 2025-04-01 | WordPress History Log by click5 plugin <= 1.0.13 - SQL Injection vulnerability |
| CVE-2025-31534 | 2025-04-01 | WordPress Shopper plugin <= 3.2.5 - SQL Injection vulnerability |
| CVE-2025-31537 | 2025-04-01 | WordPress Bulk NoIndex & NoFollow Toolkit plugin <= 2.16 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31548 | 2025-04-01 | WordPress Ultimate Push Notifications plugin <= 1.1.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31550 | 2025-04-01 | WordPress WP-LESS plugin <= 1.9.3-3 - Sensitive Data Exposure vulnerability |
| CVE-2025-31551 | 2025-04-01 | WordPress Salesmate Add-On for Gravity Forms plugin <= 2.0.3 - SQL Injection vulnerability |
| CVE-2025-31552 | 2025-04-01 | WordPress RSVPMarker plugin <= 11.4.8 - SQL Injection vulnerability |
| CVE-2025-31553 | 2025-04-01 | WordPress Advanced WooCommerce Product Sales Reporting plugin <= 3.1 - SQL Injection vulnerability |
| CVE-2025-31560 | 2025-04-01 | WordPress Salon booking system plugin <= 10.11 - Privilege Escalation vulnerability |
| CVE-2025-31561 | 2025-04-01 | WordPress Ultimate Push Notifications plugin <= 1.1.8 - SQL Injection vulnerability |
| CVE-2025-31563 | 2025-04-01 | WordPress AI Search Bar plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31564 | 2025-04-01 | ChatGPT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin <= 2.1.7 - SQL Injection vulnerability |
| CVE-2025-31568 | 2025-04-01 | WordPress LeadLab by wiredminds plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31571 | 2025-04-01 | WordPress The Logo Slider plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31578 | 2025-04-01 | WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31579 | 2025-04-01 | WordPress WP AutoKeyword plugin <= 1.0 - SQL Injection vulnerability |
| CVE-2025-31580 | 2025-04-01 | WordPress Ni WooCommerce Product Enquiry plugin <= 4.1.8 - Broken Access Control vulnerability |
| CVE-2025-31594 | 2025-04-01 | WordPress Auto scroll for reading plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31612 | 2025-04-01 | WordPress CBX Poll plugin <= 1.2.7 - PHP Object Injection vulnerability |
| CVE-2025-31619 | 2025-04-01 | WordPress Actionwear products sync plugin <= 2.3.3 - SQL Injection vulnerability |
| CVE-2025-31628 | 2025-04-01 | WordPress Sliced Invoices plugin <= 3.9.4 - Broken Access Control vulnerability |
| CVE-2025-31819 | 2025-04-01 | WordPress Nova Blocks by Pixelgrade plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31889 | 2025-04-01 | WordPress Extensions for Elementor plugin <= 2.0.40 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-13941 | 2025-04-01 | ouch-org ouch zip.rs convert_zip_date_time memory corruption |
| CVE-2025-31135 | 2025-04-01 | Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times |
| CVE-2025-30356 | 2025-04-01 | Heap Buffer Overflow via Incomplete Length Check in `Crypto_TC_ApplySecurity` |
| CVE-2024-37917 | 2025-04-02 | Pexip Infinity before 35.0 has improper input validation that allows... |
| CVE-2024-38392 | 2025-04-02 | Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during... |
| CVE-2025-22923 | 2025-04-02 | An issue in OS4ED openSIS v8.0 through v9.1 allows attackers... |
| CVE-2025-22924 | 2025-04-02 | OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability... |
| CVE-2025-22925 | 2025-04-02 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a... |
| CVE-2025-27556 | 2025-04-02 | An issue was discovered in Django 5.1 before 5.1.8 and... |
| CVE-2025-29062 | 2025-04-02 | An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to... |
| CVE-2025-29063 | 2025-04-02 | An issue in BL-AC2100 V1.0.4 and before allows a remote... |
| CVE-2025-29085 | 2025-04-02 | SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows... |
| CVE-2025-29719 | 2025-04-02 | SourceCodester (rems) Employee Management System 1.0 is vulnerable to Cross... |
| CVE-2025-30080 | 2025-04-02 | Signalling in Pexip Infinity 29 through 36.2 before 37.0 has... |
| CVE-2025-30090 | 2025-04-02 | mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows... |
| CVE-2025-29981 | 2025-04-02 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains... |
| CVE-2025-29982 | 2025-04-02 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains... |
| CVE-2025-27694 | 2025-04-02 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains... |
| CVE-2025-27693 | 2025-04-02 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains... |
| CVE-2025-27692 | 2025-04-02 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains... |
| CVE-2025-3066 | 2025-04-02 | Use after free in Site Isolation in Google Chrome prior... |
| CVE-2025-3067 | 2025-04-02 | Inappropriate implementation in Custom Tabs in Google Chrome on Android... |
| CVE-2025-3068 | 2025-04-02 | Inappropriate implementation in Intents in Google Chrome on Android prior... |
| CVE-2025-3069 | 2025-04-02 | Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52... |
| CVE-2025-3070 | 2025-04-02 | Insufficient validation of untrusted input in Extensions in Google Chrome... |
| CVE-2025-3071 | 2025-04-02 | Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52... |
| CVE-2025-3072 | 2025-04-02 | Inappropriate implementation in Custom Tabs in Google Chrome prior to... |
| CVE-2025-3073 | 2025-04-02 | Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52... |
| CVE-2025-3074 | 2025-04-02 | Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52... |
| CVE-2025-2779 | 2025-04-02 | Insert Headers and Footers Code – HT Script <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2025-25060 | 2025-04-02 | Missing authentication for critical function vulnerability exists in AssetView and... |
| CVE-2025-27244 | 2025-04-02 | AssetView and AssetView CLOUD contain an issue with acquiring sensitive... |
| CVE-2024-36465 | 2025-04-02 | SQL injection in Zabbix API |
| CVE-2024-36469 | 2025-04-02 | User enumeration via timing attack in Zabbix web interface |
| CVE-2024-42325 | 2025-04-02 | Excessive information returned by user.get |
| CVE-2024-45699 | 2025-04-02 | Reflected XSS vulnerability in /zabbix.php?action=export.valuemaps |
| CVE-2024-45700 | 2025-04-02 | DoS vulnerability due to uncontrolled resource exhaustion |
| CVE-2025-0415 | 2025-04-02 | Command Injection in NTP Setting |
| CVE-2025-0676 | 2025-04-02 | Commend Injection Leading to Privilege Escalation |
| CVE-2024-39780 | 2025-04-02 | Use of unsafe yaml load in dynparam |
| CVE-2023-40714 | 2025-04-02 | A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0... |
| CVE-2025-2005 | 2025-04-02 | Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload |
| CVE-2025-3099 | 2025-04-02 | Advanced Search by My Solr Server <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-3098 | 2025-04-02 | Video Url <= 1.0.0.3 - Reflected Cross-Site Scripting |
| CVE-2025-2513 | 2025-04-02 | Smart Icons For WordPress <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-12410 | 2025-04-02 | Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection |
| CVE-2024-13637 | 2025-04-02 | Demo Awesome <= 1.0.3 - Missing Authorization to Authenticated (Subscriber+) Plugin Activation |
| CVE-2025-2483 | 2025-04-02 | Gift Certificate Creator <= 1.1.0 - Reflected Cross-Site Scripting via receip_address Parameter |
| CVE-2025-3063 | 2025-04-02 | Shopper Approved Reviews 2.0 - 2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-3097 | 2025-04-02 | wp Time Machine <= 3.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-2786 | 2025-04-02 | Tempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operator |
| CVE-2025-2842 | 2025-04-02 | Tempo-operator: tempo operator token exposition lead to read sensitive data |
| CVE-2025-21987 | 2025-04-02 | drm/amdgpu: init return value in amdgpu_ttm_clear_buffer |
| CVE-2025-1805 | 2025-04-02 | Crypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposes |
| CVE-2025-21988 | 2025-04-02 | fs/netfs/read_collect: add to next->prev_donated |
| CVE-2025-21989 | 2025-04-02 | drm/amd/display: fix missing .is_two_pixels_per_container |
| CVE-2025-21990 | 2025-04-02 | drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags |
| CVE-2025-21991 | 2025-04-02 | x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes |
| CVE-2025-21992 | 2025-04-02 | HID: ignore non-functional sensor in HP 5MP Camera |
| CVE-2025-21993 | 2025-04-02 | iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() |
| CVE-2024-50596 | 2025-04-02 | An integer underflow vulnerability exists in the HTTP server PUT... |
| CVE-2024-50597 | 2025-04-02 | An integer underflow vulnerability exists in the HTTP server PUT... |
| CVE-2024-50594 | 2025-04-02 | An integer underflow vulnerability exists in the HTTP server PUT... |
| CVE-2024-50595 | 2025-04-02 | An integer underflow vulnerability exists in the HTTP server PUT... |
| CVE-2024-50384 | 2025-04-02 | A denial of service vulnerability exists in the NetX Component... |
| CVE-2024-50385 | 2025-04-02 | A denial of service vulnerability exists in the NetX Component... |
| CVE-2024-45064 | 2025-04-02 | A buffer overflow vulnerability exists in the FileX Internal RAM... |
| CVE-2025-21994 | 2025-04-02 | ksmbd: fix incorrect validation for num_aces field of smb_acl |
| CVE-2024-25051 | 2025-04-02 | IBM Jazz Reporting Service insufficient session expiration |
| CVE-2025-31720 | 2025-04-02 | A missing permission check in Jenkins 2.503 and earlier, LTS... |
| CVE-2025-31721 | 2025-04-02 | A missing permission check in Jenkins 2.503 and earlier, LTS... |
| CVE-2025-31722 | 2025-04-02 | In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined... |
| CVE-2025-31723 | 2025-04-02 | A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue... |
| CVE-2025-31724 | 2025-04-02 | Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager... |