CVE List - 2025 / April
Showing 1201 - 1300 of 4038 CVEs for April 2025 (Page 13 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-3407 | 2025-04-08 | Nothings stb stbhw_build_tileset_from_image out-of-bounds |
| CVE-2025-3408 | 2025-04-08 | Nothings stb stb_dupreplace integer overflow |
| CVE-2024-13820 | 2025-04-08 | Melhor Envio <= 2.15.9 - Unauthenticated Sensitive Information Exposure via Hardcoded Hash |
| CVE-2025-2004 | 2025-04-08 | Simple WP Events <= 1.8.17 - Unauthenticated Arbitrary File Deletion |
| CVE-2025-3409 | 2025-04-08 | Nothings stb stb_include_string stack-based overflow |
| CVE-2025-20934 | 2025-04-08 | Improper access control in Sticker Center prior to SMR Apr-2025... |
| CVE-2025-20935 | 2025-04-08 | Improper handling of insufficient permission or privileges in ClipboardService prior... |
| CVE-2025-20936 | 2025-04-08 | Improper access control in HDCP trustlet prior to SMR Apr-2025... |
| CVE-2025-20938 | 2025-04-08 | Improper access control in SamsungContacts prior to SMR Apr-2025 Release... |
| CVE-2025-20940 | 2025-04-08 | Improper handling of insufficient permission in Samsung Device Health Manager... |
| CVE-2025-20941 | 2025-04-08 | Improper access control in InputManager to SMR Apr-2025 Release 1... |
| CVE-2025-20942 | 2025-04-08 | Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior... |
| CVE-2025-20943 | 2025-04-08 | Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release... |
| CVE-2025-20944 | 2025-04-08 | Out-of-bounds read in parsing audio data in libsavsac.so prior to... |
| CVE-2025-20945 | 2025-04-08 | Improper access control in Galaxy Watch prior to SMR Apr-2025... |
| CVE-2025-20947 | 2025-04-08 | Improper handling of insufficient permission or privileges in ClipboardService prior... |
| CVE-2025-20948 | 2025-04-08 | Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior... |
| CVE-2025-20950 | 2025-04-08 | Use of implicit intent for sensitive communication in SamsungNotes prior... |
| CVE-2025-20951 | 2025-04-08 | Improper verification of intent by broadcast receiver vulnerability in Galaxy... |
| CVE-2025-20939 | 2025-04-08 | Improper authorization in wireless download protocol in Galaxy Watch prior... |
| CVE-2025-20946 | 2025-04-08 | Improper handling of exceptional conditions in pairing specific bluetooth devices... |
| CVE-2025-3410 | 2025-04-08 | mymagicpower AIAS LocalStorageController.java unrestricted upload |
| CVE-2025-3411 | 2025-04-08 | mymagicpower AIAS AsrController.java server-side request forgery |
| CVE-2025-3412 | 2025-04-08 | mymagicpower AIAS InferController.java server-side request forgery |
| CVE-2024-47261 | 2025-04-08 | 51l3nc3, a member of the AXIS OS Bug Bounty Program,... |
| CVE-2025-0361 | 2025-04-08 | During an annual penetration test conducted on behalf of Axis... |
| CVE-2025-3413 | 2025-04-08 | opplus springboot-admin SysGeneratorController.java code deserialization |
| CVE-2025-3427 | 2025-04-08 | 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'infill_text' |
| CVE-2025-3429 | 2025-04-08 | 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text' |
| CVE-2025-3430 | 2025-04-08 | 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'printer_text' |
| CVE-2019-25223 | 2025-04-08 | Team Circle Image Slider With Lightbox <= 1.0.4 - Authenticated (Admin+) SQL Injection |
| CVE-2025-3428 | 2025-04-08 | 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'coating_text' |
| CVE-2025-23186 | 2025-04-08 | Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP |
| CVE-2025-26653 | 2025-04-08 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) |
| CVE-2025-26654 | 2025-04-08 | Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud) |
| CVE-2025-26657 | 2025-04-08 | Information Disclosure vulnerability in SAP KMC WPC |
| CVE-2025-27428 | 2025-04-08 | Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection) |
| CVE-2025-27429 | 2025-04-08 | Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise) |
| CVE-2025-27435 | 2025-04-08 | Information Disclosure Vulnerability in SAP Commerce Cloud |
| CVE-2025-27437 | 2025-04-08 | Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface) |
| CVE-2025-30013 | 2025-04-08 | Code Injection vulnerability in SAP ERP BW Business Content |
| CVE-2025-30014 | 2025-04-08 | Directory Traversal vulnerability in SAP Capital Yield Tax Management |
| CVE-2025-30015 | 2025-04-08 | Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP) |
| CVE-2025-30016 | 2025-04-08 | Authentication Bypass Vulnerability in SAP Financial Consolidation |
| CVE-2025-30017 | 2025-04-08 | Missing Authorization check in SAP Solution Manager |
| CVE-2025-31330 | 2025-04-08 | Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform) |
| CVE-2025-31331 | 2025-04-08 | Authorization Bypass vulnerability in SAP NetWeaver |
| CVE-2025-31332 | 2025-04-08 | Insecure File permissions vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2025-31333 | 2025-04-08 | Odata meta-data tampering in SAP S4CORE entity |
| CVE-2025-3431 | 2025-04-08 | ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download |
| CVE-2025-2882 | 2025-04-08 | GreenPay(tm) by Green.Money 3.0.0 - 3.0.9 - Unauthenticated Information Exposure |
| CVE-2025-22008 | 2025-04-08 | regulator: check that dummy regulator has been probed before using it |
| CVE-2025-22009 | 2025-04-08 | regulator: dummy: force synchronous probing |
| CVE-2025-22010 | 2025-04-08 | RDMA/hns: Fix soft lockup during bt pages loop |
| CVE-2025-22011 | 2025-04-08 | ARM: dts: bcm2711: Fix xHCI power-domain |
| CVE-2025-22012 | 2025-04-08 | Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu" |
| CVE-2025-22013 | 2025-04-08 | KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state |
| CVE-2025-22014 | 2025-04-08 | soc: qcom: pdr: Fix the potential deadlock |
| CVE-2025-22015 | 2025-04-08 | mm/migrate: fix shmem xarray update during migration |
| CVE-2025-22016 | 2025-04-08 | dpll: fix xa_alloc_cyclic() error handling |
| CVE-2025-22017 | 2025-04-08 | devlink: fix xa_alloc_cyclic() error handling |
| CVE-2024-41788 | 2025-04-08 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data... |
| CVE-2024-41789 | 2025-04-08 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data... |
| CVE-2024-41790 | 2025-04-08 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data... |
| CVE-2024-41791 | 2025-04-08 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data... |
| CVE-2025-3432 | 2025-04-08 | AAWEP Obfuscator <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2024-41792 | 2025-04-08 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data... |
| CVE-2025-3433 | 2025-04-08 | Advanced Advertising System <= 1.3.1 - Open Redirect |
| CVE-2025-3436 | 2025-04-08 | coreActivity: Activity Logging for WordPress <= 2.7 - Authenticated (Subscriber+) SQL Injection |
| CVE-2025-3064 | 2025-04-08 | WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function |
| CVE-2024-41793 | 2025-04-08 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data... |
| CVE-2024-41794 | 2025-04-08 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data... |
| CVE-2024-41795 | 2025-04-08 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data... |
| CVE-2024-41796 | 2025-04-08 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data... |
| CVE-2024-54092 | 2025-04-08 | A vulnerability has been identified in Industrial Edge Device Kit... |
| CVE-2025-29999 | 2025-04-08 | A vulnerability has been identified in Siemens License Server (SLS)... |
| CVE-2025-30000 | 2025-04-08 | A vulnerability has been identified in Siemens License Server (SLS)... |
| CVE-2025-30280 | 2025-04-08 | A vulnerability has been identified in Mendix Runtime V10 (All... |
| CVE-2025-2807 | 2025-04-08 | Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation |
| CVE-2025-2808 | 2025-04-08 | Motors – Car Dealership & Classified Listings Plugin <= 1.4.63 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2025-3437 | 2025-04-08 | Motors – Car Dealership & Classified Listings Plugin <= 1.4.66 - Missing Authorization to Authenticated (Subscriber+) Wizard Set-up |
| CVE-2025-2883 | 2025-04-08 | Accept SagePay Payments Using Contact Form 7 <= 2.0 - Unauthenticated Information Exposure |
| CVE-2025-29986 | 2025-04-08 | Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper... |
| CVE-2025-29985 | 2025-04-08 | Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization... |
| CVE-2025-30166 | 2025-04-08 | Pimcore's Admin Classic Bundle allows HTML Injection |
| CVE-2025-2568 | 2025-04-08 | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update |
| CVE-2025-2876 | 2025-04-08 | MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion |
| CVE-2025-30151 | 2025-04-08 | Shopware allows Denial Of Service via password length |
| CVE-2025-30150 | 2025-04-08 | Shopware 6 allows attackers to check for registered accounts through the store-api |
| CVE-2025-31498 | 2025-04-08 | c-ares has a use-after-free in read_answers() |
| CVE-2025-22855 | 2025-04-08 | An improper neutralization of input during web page generation ('Cross-site... |
| CVE-2025-25254 | 2025-04-08 | An Improper Limitation of a Pathname to a Restricted Directory... |
| CVE-2024-54025 | 2025-04-08 | An improper neutralization of special elements used in an OS... |
| CVE-2024-54024 | 2025-04-08 | An improper neutralization of special elements used in an OS... |
| CVE-2024-32122 | 2025-04-08 | A storing passwords in a recoverable format in Fortinet FortiOS... |
| CVE-2024-46671 | 2025-04-08 | An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2... |
| CVE-2024-52962 | 2025-04-08 | An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer... |
| CVE-2023-37930 | 2025-04-08 | Multiple issues including the use of uninitialized ressources [CWE-908] and... |
| CVE-2024-26013 | 2025-04-08 | A improper restriction of communication channel to intended endpoints vulnerability... |
| CVE-2024-50565 | 2025-04-08 | A improper restriction of communication channel to intended endpoints vulnerability... |