VULNMAP - Security Vulnerabilities

CVE List - 2025 / April

Showing 1501 - 1600 of 4038 CVEs for April 2025 (Page 16 of 41)

CVE ID Date Title
CVE-2025-30286 2025-04-08 ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
CVE-2025-30285 2025-04-08 ColdFusion | Deserialization of Untrusted Data (CWE-502)
CVE-2025-30291 2025-04-08 ColdFusion | Information Exposure (CWE-200)
CVE-2025-30281 2025-04-08 ColdFusion | Improper Access Control (CWE-284)
CVE-2025-24447 2025-04-08 ColdFusion | Deserialization of Untrusted Data (CWE-502)
CVE-2025-24446 2025-04-08 ColdFusion | Improper Input Validation (CWE-20)
CVE-2025-30288 2025-04-08 ColdFusion | Improper Access Control (CWE-284)
CVE-2025-30289 2025-04-08 ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
CVE-2025-30294 2025-04-08 ColdFusion | Improper Input Validation (CWE-20)
CVE-2025-30284 2025-04-08 ColdFusion | Deserialization of Untrusted Data (CWE-502)
CVE-2025-30282 2025-04-08 ColdFusion | Improper Authentication (CWE-287)
CVE-2025-30290 2025-04-08 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
CVE-2025-30292 2025-04-08 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2025-30293 2025-04-08 ColdFusion | Improper Input Validation (CWE-20)
CVE-2025-30287 2025-04-08 ColdFusion | Improper Authentication (CWE-287)
CVE-2024-12556 2025-04-08 Kibana Prototype Pollution can lead to code injection
CVE-2025-22871 2025-04-08 Request smuggling due to acceptance of invalid chunked data in net/http
CVE-2025-27189 2025-04-08 Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)
CVE-2025-27188 2025-04-08 Adobe Commerce | Incorrect Authorization (CWE-863)
CVE-2025-27192 2025-04-08 Adobe Commerce | Insufficiently Protected Credentials (CWE-522)
CVE-2025-27191 2025-04-08 Adobe Commerce | Improper Access Control (CWE-284)
CVE-2025-27190 2025-04-08 Adobe Commerce | Improper Access Control (CWE-284)
CVE-2025-25013 2025-04-08 Elastic Defend Insertion of Sensitive Information into Log Files
CVE-2024-55210 2025-04-09 An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers...
CVE-2025-29018 2025-04-09 A Stored Cross-Site Scripting (XSS) vulnerability exists in the name...
CVE-2025-29189 2025-04-09 Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName...
CVE-2025-29389 2025-04-09 PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2#tab=t2.
CVE-2025-29390 2025-04-09 jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the...
CVE-2025-29391 2025-04-09 horvey Library-Manager v1.0 is vulnerable to SQL Injection in Admin/Controller/BookController.class.php.
CVE-2025-29394 2025-04-09 An insecure permissions vulnerability in verydows v2.0 allows a remote...
CVE-2025-32460 2025-04-09 GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage...
CVE-2025-32461 2025-04-09 wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to...
CVE-2025-32464 2025-04-09 HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a...
CVE-2025-29988 2025-04-09 Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability....
CVE-2025-3100 2025-04-09 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-6857 2025-04-09 WP MultiTasking <= 0.1.12 - Header/Footer/Body Script Update via CSRF
CVE-2024-6860 2025-04-09 WP MultiTasking <= 0.1.12 - Permalink Suffix Update via CSRF
CVE-2024-8243 2025-04-09 Plugin Upgrade Time Out <= 1.0 - Stored XSS via CSRF
CVE-2025-3442 2025-04-09 Information Disclosure Vulnerability in TP-Link Tapo IoT Smart Hub
CVE-2025-20952 2025-04-09 Improper access control in Mdecservice prior to SMR Apr-2025 Release...
CVE-2025-23407 2025-04-09 Incorrect privilege assignment vulnerability in the WEB UI (the setting...
CVE-2025-25053 2025-04-09 OS command injection vulnerability in the WEB UI (the setting...
CVE-2025-25056 2025-04-09 Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac...
CVE-2025-25213 2025-04-09 Improper restriction of rendered UI layers or frames issue exists...
CVE-2025-27722 2025-04-09 Cleartext transmission of sensitive information issue exists in Wi-Fi AP...
CVE-2025-27797 2025-04-09 OS command injection vulnerability in the specific service exists in...
CVE-2025-27934 2025-04-09 Information disclosure of authentication information in the specific service vulnerability...
CVE-2025-29870 2025-04-09 Missing authentication for critical function vulnerability exists in Wi-Fi AP...
CVE-2025-2222 2025-04-09 CWE-552: Files or Directories Accessible to External Parties vulnerability over...
CVE-2025-2223 2025-04-09 CWE-20: Improper Input Validation vulnerability exists that could cause a...
CVE-2025-2440 2025-04-09 CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could...
CVE-2025-2441 2025-04-09 CWE-1188: Initialization of a Resource with an Insecure Default vulnerability...
CVE-2025-2442 2025-04-09 CWE-1188: Initialization of a Resource with an Insecure Default vulnerability...
CVE-2017-20197 2025-04-09 propanetank Roommate-Bill-Tracking login.php sql injection
CVE-2025-30677 2025-04-09 Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors
CVE-2025-31672 2025-04-09 Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names
CVE-2025-1968 2025-04-09 Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under...
CVE-2023-33844 2025-04-09 IBM Security Verify Governance cross-site scripting
CVE-2025-25023 2025-04-09 IBM Security Guardium information disclosure
CVE-2025-27391 2025-04-09 Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log
CVE-2025-32371 2025-04-09 Unexpected external content may be displayed in DNN ImageHandler
CVE-2025-32372 2025-04-09 Server-Side Request Forgery (SSRF) in DotNetNuke.Core
CVE-2025-32373 2025-04-09 DNN allows a registered user to enumerate and access files they should not have access to
CVE-2025-32374 2025-04-09 Possible Denial of Service (DoS) in DNN.PLATFORM registration
CVE-2025-32375 2025-04-09 Insecure Deserialization leads to RCE in BentoML's runner server
CVE-2025-32378 2025-04-09 Shopware's default newsletter opt-in settings allow for mass sign-up abuse
CVE-2025-32016 2025-04-09 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
CVE-2025-32379 2025-04-09 XSS at ctx.redirect() function in Koajs
CVE-2025-32381 2025-04-09 Denial of Service by abusing xgrammar unbounded cache in memory
CVE-2025-32380 2025-04-09 Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing
CVE-2025-32694 2025-04-09 WordPress Ultimate WP Mail <= 1.3.2 - Open Redirection Vulnerability
CVE-2025-32693 2025-04-09 WordPress WebinarPress <= 1.33.27 - Open Redirection Vulnerability
CVE-2025-32692 2025-04-09 WordPress WP Subscription Forms <= 1.2.4 - Local File Inclusion Vulnerability
CVE-2025-32691 2025-04-09 WordPress PowerPress Podcasting <= 11.12.4 - Server Side Request Forgery (SSRF) Vulnerability
CVE-2025-32690 2025-04-09 WordPress PowerPress Podcasting <= 11.12.5 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-32685 2025-04-09 WordPress WP Inquiries <= 0.2.1 - SQL Injection Vulnerability
CVE-2025-32684 2025-04-09 WordPress MapSVG Lite plugin <= 8.5.32 - Broken Access Control Vulnerability
CVE-2025-32683 2025-04-09 WordPress MapSVG Lite plugin <= 8.5.32 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-32680 2025-04-09 WordPress Review Stream plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-32679 2025-04-09 WordPress User Registration Using Contact Form 7 plugin <= 2.2 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-32678 2025-04-09 WordPress WP Show Stats plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-32677 2025-04-09 WordPress WP Social Stream Designer plugin <= 1.3 - SQL Injection vulnerability
CVE-2025-32676 2025-04-09 WordPress Verowa Connect plugin <= 3.0.5 - SQL Injection vulnerability
CVE-2025-32675 2025-04-09 WordPress SEO Help plugin <= 6.6.0 - Server Side Request Forgery (SSRF) vulnerability
CVE-2025-32673 2025-04-09 WordPress Epeken All Kurir plugin <= 1.4.6.2 - CSRF to Stored XSS vulnerability
CVE-2025-32669 2025-04-09 WordPress Mergado Pack plugin <= 4.1.1 - CSRF to Stored XSS vulnerability
CVE-2025-32667 2025-04-09 WordPress Doppler Forms plugin <= 2.4.5 - CSRF to Stored XSS vulnerability
CVE-2025-32664 2025-04-09 WordPress Nepali Date Utilities plugin <= 1.0.13 - CSRF to Stored XSS vulnerability
CVE-2025-32661 2025-04-09 WordPress Interactive US Map plugin <= 2.7 - CSRF to Stored XSS vulnerability
CVE-2025-32659 2025-04-09 WordPress FraudLabs Pro for WooCommerce plugin <= 2.22.7 - CSRF to Stored XSS vulnerability
CVE-2025-32645 2025-04-09 WordPress Custom Posts Order Plugin <= 4.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-32644 2025-04-09 WordPress IP2Location World Clock Plugin <= 1.1.9 - CSRF to Stored XSS vulnerability
CVE-2025-32642 2025-04-09 WordPress Vite Coupon plugin <= 1.0.7 - CSRF to Remote Code Execution (RCE) vulnerability
CVE-2025-32641 2025-04-09 WordPress Anant Addons for Elementor plugin <= 1.1.5 - CSRF to Arbitrary Plugin Installation vulnerability
CVE-2025-32640 2025-04-09 WordPress One Click Accessibility plugin <= 3.1.0 - Cross-Site Scripting (XSS) vulnerability
CVE-2025-32624 2025-04-09 WordPress Czater.pl – live chat i telefon plugin <= 1.0.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-32623 2025-04-09 WordPress PlainInventory plugin <= 3.1.9 - CSRF to Stored XSS vulnerability
CVE-2025-32621 2025-04-09 WordPress WP Map Route Planner plugin <= 1.0.0 - CSRF to Stored XSS vulnerability
CVE-2025-32619 2025-04-09 WordPress KeyCAPTCHA plugin <= 2.5.1 - CSRF to Stored XSS vulnerability
CVE-2025-32617 2025-04-09 WordPress Multiple Location Google Map plugin <= 1.1 - CSRF to Stored XSS vulnerability