CVE List - 2025 / April
Showing 501 - 600 of 4038 CVEs for April 2025 (Page 6 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-31725 | 2025-04-02 | Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml... |
| CVE-2025-31726 | 2025-04-02 | Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer... |
| CVE-2025-31727 | 2025-04-02 | Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys... |
| CVE-2025-31728 | 2025-04-02 | Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite... |
| CVE-2024-56341 | 2025-04-02 | IBM Content Navigator cross-site scripting |
| CVE-2025-0154 | 2025-04-02 | IBM TXSeries for Multiplatforms information disclosure |
| CVE-2024-56474 | 2025-04-02 | IBM TXSeries for Multiplatforms cross-site request forgery |
| CVE-2024-56475 | 2025-04-02 | IBM TXSeries for Multiplatforms cross-site scripting |
| CVE-2024-56476 | 2025-04-02 | IBM TXSeries for Multiplatforms information disclosure |
| CVE-2025-0014 | 2025-04-02 | Incorrect default permissions on the AMD Ryzen(TM) AI installation folder... |
| CVE-2025-20212 | 2025-04-02 | A vulnerability in the Cisco AnyConnect VPN server of Cisco... |
| CVE-2025-20139 | 2025-04-02 | A vulnerability in chat messaging features of Cisco Enterprise Chat... |
| CVE-2024-36337 | 2025-04-02 | Integer overflow within AMD NPU Driver could allow a local... |
| CVE-2025-20120 | 2025-04-02 | A vulnerability in the web-based management interface of Cisco Evolved... |
| CVE-2025-20203 | 2025-04-02 | A vulnerability in the web-based management interface of Cisco Evolved... |
| CVE-2024-36328 | 2025-04-02 | Integer overflow within AMD NPU Driver could allow a local... |
| CVE-2024-36336 | 2025-04-02 | Integer overflow within the AMD NPU Driver could allow a... |
| CVE-2025-31282 | 2025-04-02 | A broken access control vulnerability previously discovered in the Trend... |
| CVE-2025-31283 | 2025-04-02 | A broken access control vulnerability previously discovered in the Trend... |
| CVE-2025-31284 | 2025-04-02 | A broken access control vulnerability previously discovered in the Trend... |
| CVE-2025-31285 | 2025-04-02 | A broken access control vulnerability previously discovered in the Trend... |
| CVE-2025-31286 | 2025-04-02 | An HTML injection vulnerability previously discovered in Trend Vision One... |
| CVE-2025-3118 | 2025-04-02 | SourceCodester Online Tutor Portal view_course.php sql injection |
| CVE-2025-2704 | 2025-04-02 | OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2... |
| CVE-2025-27608 | 2025-04-02 | Self Cross-Site Scripting in Arduino IDE |
| CVE-2025-31479 | 2025-04-02 | canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output |
| CVE-2025-31477 | 2025-04-02 | Improper Scope Validation in the open Endpoint of tauri-plugin-shell |
| CVE-2025-3129 | 2025-04-02 | Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028 |
| CVE-2025-3130 | 2025-04-02 | Obfuscate - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-029 |
| CVE-2025-30218 | 2025-04-02 | Next.js may leak x-middleware-subrequest-id to external hosts |
| CVE-2025-3119 | 2025-04-02 | SourceCodester Online Tutor Portal manage_course.php sql injection |
| CVE-2025-3120 | 2025-04-02 | SourceCodester Apartment Visitors Management System add-apartment.php sql injection |
| CVE-2025-31484 | 2025-04-02 | conda-forge infrastructure uses a bad token for Azure's cf-staging access |
| CVE-2025-3121 | 2025-04-02 | PyTorch torch.jit.jit_module_from_flatbuffer memory corruption |
| CVE-2025-3122 | 2025-04-02 | WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference |
| CVE-2025-0257 | 2025-04-02 | HCL DevOps Deploy / HCL Launch is susceptible to unauthorized access to other services |
| CVE-2025-3154 | 2025-04-02 | Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05 |
| CVE-2025-3123 | 2025-04-02 | WonderCMS Theme Installation/Plugin Installation installUpdateModuleAction unrestricted upload |
| CVE-2024-22611 | 2025-04-03 | OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php... |
| CVE-2024-45198 | 2025-04-03 | insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability.... |
| CVE-2024-45199 | 2025-04-03 | insightsoftware Hive JDBC through 2.6.13 has a remote code execution... |
| CVE-2024-47212 | 2025-04-03 | An issue was discovered in Iglu Server 0.13.0 and below.... |
| CVE-2024-47213 | 2025-04-03 | An issue was discovered affecting Enrich 5.1.0 and below. It... |
| CVE-2024-47214 | 2025-04-03 | An issue was discovered in Iglu Server 0.13.0 and below.... |
| CVE-2024-47215 | 2025-04-03 | An issue was discovered in Snowbridge setups sending data to... |
| CVE-2024-47217 | 2025-04-03 | An issue was discovered in Iglu Server 0.13.0 and below.... |
| CVE-2024-56528 | 2025-04-03 | This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s... |
| CVE-2025-22926 | 2025-04-03 | An issue in OS4ED openSIS v8.0 through v9.1 allows attackers... |
| CVE-2025-22927 | 2025-04-03 | An issue in OS4ED openSIS v8.0 through v9.1 allows attackers... |
| CVE-2025-22928 | 2025-04-03 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a... |
| CVE-2025-22929 | 2025-04-03 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a... |
| CVE-2025-22930 | 2025-04-03 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a... |
| CVE-2025-22931 | 2025-04-03 | An insecure direct object reference (IDOR) in the component /assets/stafffiles... |
| CVE-2025-26817 | 2025-04-03 | Netwrix Password Secure 9.2.0.32454 allows OS command injection. |
| CVE-2025-26818 | 2025-04-03 | Netwrix Password Secure through 9.2 allows command injection. |
| CVE-2025-29064 | 2025-04-03 | An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker... |
| CVE-2025-29369 | 2025-04-03 | Code-Projects Matrimonial Site V1.0 is vulnerable to SQL Injection in... |
| CVE-2025-29462 | 2025-04-03 | A buffer overflow vulnerability has been discovered in Tenda Ac15... |
| CVE-2025-29504 | 2025-04-03 | Insecure Permission vulnerability in student-manage 1 allows a local attacker... |
| CVE-2025-29570 | 2025-04-03 | An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2... |
| CVE-2025-29647 | 2025-04-03 | SeaCMS v13.3 has a SQL injection vulnerability in the component... |
| CVE-2025-29991 | 2025-04-03 | Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect... |
| CVE-2025-30406 | 2025-04-03 | Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization... |
| CVE-2025-31161 | 2025-04-03 | CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication... |
| CVE-2025-3153 | 2025-04-03 | Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attribute |
| CVE-2025-3134 | 2025-04-03 | code-projects Payroll Management System add_overtime.php sql injection |
| CVE-2025-3135 | 2025-04-03 | fcba_zzm ics-park Smart Park Management System update sql injection |
| CVE-2025-2784 | 2025-04-03 | Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content |
| CVE-2025-3136 | 2025-04-03 | PyTorch CUDACachingAllocator.cpp torch.cuda.memory.caching_allocator_delete memory corruption |
| CVE-2025-3137 | 2025-04-03 | PHPGurukul Online Security Guards Hiring System changeimage.php sql injection |
| CVE-2025-3138 | 2025-04-03 | PHPGurukul Online Security Guards Hiring System edit-guard-detail.php sql injection |
| CVE-2025-3139 | 2025-04-03 | code-projects Bus Reservation System Login Form login buffer overflow |
| CVE-2025-3140 | 2025-04-03 | SourceCodester Online Medicine Ordering System view_category.php sql injection |
| CVE-2025-3141 | 2025-04-03 | SourceCodester Online Medicine Ordering System manage_category.php sql injection |
| CVE-2025-31334 | 2025-04-03 | Issue that bypasses the "Mark of the Web" security warning... |
| CVE-2025-3142 | 2025-04-03 | SourceCodester Apartment Visitor Management System add-apartment.php sql injection |
| CVE-2025-2055 | 2025-04-03 | MapPress Maps for WordPress < 2.94.9 - Contributor+ Stored XSS |
| CVE-2025-3143 | 2025-04-03 | SourceCodester Apartment Visitor Management System visitor-entry.php sql injection |
| CVE-2025-3144 | 2025-04-03 | MindSpore mindspore.numpy.fft.hfftn memory corruption |
| CVE-2025-30485 | 2025-04-03 | UNIX symbolic link (Symlink) following issue exists in FutureNet NXR... |
| CVE-2025-3145 | 2025-04-03 | MindSpore mindspore.numpy.fft.rfft2 memory corruption |
| CVE-2025-3146 | 2025-04-03 | PHPGurukul Bus Pass Management System view-pass-detail.php sql injection |
| CVE-2025-3147 | 2025-04-03 | PHPGurukul Boat Booking System add-subadmin.php sql injection |
| CVE-2025-3148 | 2025-04-03 | codeprojects Product Management System Login buffer overflow |
| CVE-2025-21995 | 2025-04-03 | drm/sched: Fix fence reference count leak |
| CVE-2025-21996 | 2025-04-03 | drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() |
| CVE-2025-21997 | 2025-04-03 | xsk: fix an integer overflow in xp_create_and_assign_umem() |
| CVE-2025-21998 | 2025-04-03 | firmware: qcom: uefisecapp: fix efivars registration race |
| CVE-2025-21999 | 2025-04-03 | proc: fix UAF in proc_get_inode() |
| CVE-2025-22000 | 2025-04-03 | mm/huge_memory: drop beyond-EOF folios with the right number of refs |
| CVE-2025-22001 | 2025-04-03 | accel/qaic: Fix integer overflow in qaic_validate_req() |
| CVE-2025-22002 | 2025-04-03 | netfs: Call `invalidate_cache` only if implemented |
| CVE-2025-22003 | 2025-04-03 | can: ucan: fix out of bound read in strscpy() source |
| CVE-2025-22004 | 2025-04-03 | net: atm: fix use after free in lec_send() |
| CVE-2025-22005 | 2025-04-03 | ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). |
| CVE-2025-22006 | 2025-04-03 | net: ethernet: ti: am65-cpsw: Fix NAPI registration sequence |
| CVE-2025-22007 | 2025-04-03 | Bluetooth: Fix error code in chan_alloc_skb_cb() |
| CVE-2024-13673 | 2025-04-03 | Big Boom Directory <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-2874 | 2025-04-03 | User Submitted Posts <= 20241026 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-1663 | 2025-04-03 | Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting |