VULNMAP - Security Vulnerabilities

CVE List - 2025 / April

Showing 901 - 1000 of 4038 CVEs for April 2025 (Page 10 of 41)

CVE ID Date Title
CVE-2025-32246 2025-04-04 WordPress 1-Click Backup & Restore Database <= 1.0.3 - Broken Access Control Vulnerability
CVE-2025-32247 2025-04-04 WordPress AI Content Creator plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32248 2025-04-04 WordPress SwiftXR (3D/AR/VR) Viewer plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32249 2025-04-04 WordPress DirectoryPress – Business Directory And Classified Ad Listing Plugin <=3.6.19 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32251 2025-04-04 WordPress Jetpack Feedback Exporter <= 1.23 - Sensitive Data Exposure Vulnerability
CVE-2025-32252 2025-04-04 WordPress WP Genealogy plugin <= 0.1.9 - Broken Access Control vulnerability
CVE-2025-32253 2025-04-04 WordPress Course Booking System Plugin <= 6.0.5 - Broken Access Control vulnerability
CVE-2025-32254 2025-04-04 WordPress WPBookit plugin <= 1.0.1 - Broken Access Control vulnerability
CVE-2025-32255 2025-04-04 WordPress StaffList plugin <= 3.2.6 - Sensitive Data Exposure vulnerability
CVE-2025-32256 2025-04-04 WordPress SurveyJS plugin <= 1.12.20 - Broken Access Control vulnerability
CVE-2025-32257 2025-04-04 WordPress 1 Click WordPress Migration Plugin <= 2.2 - Sensitive Data Exposure vulnerability
CVE-2025-32258 2025-04-04 WordPress Simple Website Logo plugin <= 1.1 - Broken Access Control vulnerability
CVE-2025-32261 2025-04-04 WordPress Advanced All in One Admin Search by WP Spotlight <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-32262 2025-04-04 WordPress RDP Wiki Embed plugin <= 1.2.20 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-32263 2025-04-04 WordPress Sequential Order Numbers for WooCommerce plugin <= 3.6.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32264 2025-04-04 WordPress UltraAddons – Elementor Addons plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32265 2025-04-04 WordPress JobWP plugin <= 2.3.9 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32266 2025-04-04 WordPress 404 Image Redirection (Replace Broken Images) plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32267 2025-04-04 WordPress WP to Hootsuite plugin <= 1.5.8 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32268 2025-04-04 WordPress QR Code Tag for WC plugin <= 1.9.36 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
CVE-2025-32269 2025-04-04 WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
CVE-2025-32270 2025-04-04 WordPress Broadstreet Plugin <= 1.51.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
CVE-2025-32271 2025-04-04 WordPress Woocommerce Role Pricing Plugin <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32272 2025-04-04 WordPress Wishlist Plugin <= 1.0.44 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32273 2025-04-04 WordPress Freetobook Responsive Widget Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32274 2025-04-04 WordPress w3all phpBB integration Plugin <= 2.9.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32276 2025-04-04 WordPress Administrator Z plugin <= 2025.03.04 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32277 2025-04-04 WordPress RepairBuddy plugin <= 3.8211 - Broken Access Control vulnerability
CVE-2025-32278 2025-04-04 WordPress Table Block by RioVizual plugin <= 2.1.7 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32280 2025-04-04 WordPress WP Project Manager plugin <= 2.6.22 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-32224 2025-04-04 WordPress Privyr CRM plugin <= 1.0.1 - Broken Access Control vulnerability
CVE-2025-32239 2025-04-04 WordPress Social Share Buttons & Analytics Plugin plugin <= 4.5 - Broken Access Control vulnerability
CVE-2025-32250 2025-04-04 WordPress Rollbar plugin <= 2.7.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32178 2025-04-04 WordPress 6Storage Rentals Plugin <= 2.18.0 - Broken Access Control vulnerability
CVE-2025-3254 2025-04-04 xujiangfei admintwo add server-side request forgery
CVE-2025-3255 2025-04-04 xujiangfei admintwo home access control
CVE-2025-3256 2025-04-04 xujiangfei admintwo updateSet access control
CVE-2025-3257 2025-04-04 xujiangfei admintwo updateSet cross-site request forgery
CVE-2025-3258 2025-04-04 PHPGurukul Old Age Home Management System search.php sql injection
CVE-2025-3259 2025-04-04 Tenda RX3 SetOnlineDevName formSetDeviceName stack-based overflow
CVE-2024-11235 2025-04-04 Reference counting in php_request_shutdown causes Use-After-Free
CVE-2025-3265 2025-04-04 PHPGurukul e-Diary Management System add-category.php sql injection
CVE-2025-3266 2025-04-04 qinguoyi TinyWebServer http_conn.cpp stack-based overflow
CVE-2025-3267 2025-04-04 qinguoyi TinyWebServer http_conn.cpp sql injection
CVE-2025-3268 2025-04-04 qinguoyi TinyWebServer http_conn.cpp improper authentication
CVE-2025-2889 2025-04-04 Link Library <= 7.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Additional Parameters
CVE-2021-47667 2025-04-05 An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3...
CVE-2025-32352 2025-04-05 A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7...
CVE-2025-32357 2025-04-05 In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge...
CVE-2025-32358 2025-04-05 In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin...
CVE-2025-32359 2025-04-05 In Zammad 6.4.x before 6.4.2, there is client-side enforcement of...
CVE-2025-32360 2025-04-05 In Zammad 6.4.x before 6.4.2, there is information exposure. Only...
CVE-2025-32364 2025-04-05 A floating-point exception in the PSStack::roll function of Poppler before...
CVE-2025-32365 2025-04-05 Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds...
CVE-2025-32366 2025-04-05 In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy...
CVE-2025-1500 2025-04-05 IBM Maximo Application Suite file upload
CVE-2025-0810 2025-04-05 Read More & Accordion <= 3.4.5 - Cross-Site Request Forgery to Local File Inclusion
CVE-2024-13604 2025-04-05 KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin <= 1.7.4 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
CVE-2025-2544 2025-04-05 AI Content Pipelines <= 1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2025-2933 2025-04-05 Email Notifications for Updates <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
CVE-2024-13776 2025-04-05 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update and Settings Manipulation
CVE-2025-0839 2025-04-05 ZoomSounds <= 6.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2025-1233 2025-04-05 Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update
CVE-2025-2789 2025-04-05 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates Deletion
CVE-2025-2941 2025-04-05 Drag and Drop Multiple File Upload for WooCommerce <= 1.1.4 - Unauthenticated Arbitrary File Move
CVE-2025-3296 2025-04-05 SourceCodester Online Eyewear Shop Users.php sql injection
CVE-2025-3297 2025-04-05 SourceCodester Online Eyewear Shop Master.php cross site scripting
CVE-2025-3298 2025-04-05 SourceCodester Online Eyewear Shop Registration Master.php access control
CVE-2025-3299 2025-04-05 PHPGurukul Men Salon Management System appointment.php sql injection
CVE-2025-30401 2025-04-05 A spoofing issue in WhatsApp for Windows prior to version...
CVE-2024-57868 2025-04-05 Web::API 2.8 and earlier for Perl uses insecure rand() function for cryptographic functions
CVE-2024-58036 2025-04-05 Net::Dropbox::API 1.9 and earlier for Perl uses insecure rand() function for cryptographic functions
CVE-2024-57835 2025-04-05 Amon2::Auth::Site::LINE versions through 0.04 for Perl uses insecure rand() function for cryptographic functions
CVE-2024-52322 2025-04-05 WebService::Xero 0.11 for Perl uses insecure rand() function for cryptographic functions
CVE-2024-56370 2025-04-05 Net::Xero 0.044 and earlier for Perl uses insecure rand() function for cryptographic functions
CVE-2025-3303 2025-04-05 code-projects Patient Record Management System birthing_record.php sql injection
CVE-2025-3304 2025-04-05 code-projects Patient Record Management System dental_not.php sql injection
CVE-2025-3305 2025-04-05 1902756969/code-projects IKUN_Library Borrow MvcConfig.java addInterceptors access control
CVE-2024-58131 2025-04-06 FISCO BCOS 3.11.0 has an issue with synchronization of the...
CVE-2024-58132 2025-04-06 In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a...
CVE-2024-58133 2025-04-06 In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates...
CVE-2025-32369 2025-04-06 Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious...
CVE-2025-32370 2025-04-06 Kentico Xperience before 13.0.178 has a specific set of allowed...
CVE-2025-3306 2025-04-06 code-projects Blood Bank Management System don.php sql injection
CVE-2025-3307 2025-04-06 code-projects Blood Bank Management System reset.php sql injection
CVE-2025-3308 2025-04-06 code-projects Blood Bank Management System viewrequest.php sql injection
CVE-2025-1264 2025-04-06 Broken Link Checker by AIOSEO <= 1.2.3 - Authenticated (Contributor+) SQL Injection
CVE-2025-3309 2025-04-06 code-projects Blood Bank Management System campsdetails.php sql injection
CVE-2025-3310 2025-04-06 code-projects Blood Bank Management System delete.php sql injection
CVE-2025-3311 2025-04-06 PHPGurukul Men Salon Management System about-us.php sql injection
CVE-2025-3312 2025-04-06 PHPGurukul Men Salon Management System add-customer-services.php sql injection
CVE-2025-3313 2025-04-06 PHPGurukul Men Salon Management System add-customer.php sql injection
CVE-2025-3314 2025-04-06 SourceCodester Apartment Visitor Management System forgotpw.php sql injection
CVE-2025-3315 2025-04-06 SourceCodester Apartment Visitor Management System view-report.php sql injection
CVE-2025-3316 2025-04-06 PHPGurukul Men Salon Management System search-invoices.php sql injection
CVE-2025-3317 2025-04-06 fumiao opencms dataPage.jsp path traversal
CVE-2025-3318 2025-04-06 Kenj_Frog 肯尼基蛙 company-financial-management 公司财务管理系统 ShangpinleixingController.java page sql injection
CVE-2025-2258 2025-04-06 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow
CVE-2025-2260 2025-04-06 Eclipse ThreadX NetX Duo HTTP component server denial of service
CVE-2025-2259 2025-04-06 Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow