CVE List - 2025 / April
Showing 1701 - 1800 of 4033 CVEs for April 2025 (Page 18 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-30647 | 2025-04-09 | Junos OS: MX Series: Subscriber login/logout activity will lead to a memory leak |
| CVE-2025-30648 | 2025-04-09 | Junos OS and Junos OS Evolved: Receipt of a specifically malformed DHCP packet causes jdhcpd process to crash |
| CVE-2025-30649 | 2025-04-09 | Junos OS: MX240, MX480, MX960 with SPC3: An attacker sending specific packets will cause a CPU utilization DoS. |
| CVE-2025-30651 | 2025-04-09 | Junos OS and Junos OS Evolved: Receipt of a specific ICMPv6 packet causes a memory overrun leading to an rpd crash |
| CVE-2025-30652 | 2025-04-09 | Junos OS and Junos OS Evolved: Executing a specific CLI command when asregex-optimized is configured causes an rpd crash |
| CVE-2025-30653 | 2025-04-09 | Junos OS and Junos OS Evolved: LSP flap in a specific MPLS scenario leads to rpd crash |
| CVE-2025-30654 | 2025-04-09 | Junos OS and Junos OS Evolved: A local, low privileged user can access sensitive information |
| CVE-2025-30655 | 2025-04-09 | Junos OS and Junos OS Evolved: A specific CLI command will cause an RPD crash when rib-sharding and update-threading is enabled |
| CVE-2025-30656 | 2025-04-09 | Junos OS: MX Series, SRX Series: Processing of specific SIP INVITE messages by the SIP ALG will lead to an FPC crash |
| CVE-2025-30657 | 2025-04-09 | Junos OS: Processing of a specific BGP update causes the SRRD process to crash |
| CVE-2025-30658 | 2025-04-09 | Junos OS: SRX Series: On devices with Anti-Virus enabled, malicious server responses will cause memory to leak ultimately causing forwarding to stop |
| CVE-2025-30659 | 2025-04-09 | Junos OS: SRX Series: A device configured for vector routing crashes when receiving malformed traffic |
| CVE-2025-30660 | 2025-04-09 | Junos OS: MX Series: Decapsulation of specific GRE packets leads to PFE reset |
| CVE-2025-24375 | 2025-04-09 | MySQL K8s charm could leak credentials for root-level user `serverconfig` |
| CVE-2025-32387 | 2025-04-09 | Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow |
| CVE-2025-32386 | 2025-04-09 | Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination |
| CVE-2024-58136 | 2025-04-10 | Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. |
| CVE-2025-27812 | 2025-04-10 | MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation. |
| CVE-2025-27813 | 2025-04-10 | MSI Center before 2.0.52.0 has Missing PE Signature Validation. |
| CVE-2025-29017 | 2025-04-10 | A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php. |
| CVE-2025-29088 | 2025-04-10 | In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a... |
| CVE-2025-29150 | 2025-04-10 | BlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter in an /publish.php?act=del request. |
| CVE-2025-32728 | 2025-04-10 | In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. |
| CVE-2025-32743 | 2025-04-10 | In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This... |
| CVE-2025-32807 | 2025-04-10 | A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via... |
| CVE-2025-29989 | 2025-04-10 | Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to BIOS upgrade... |
| CVE-2025-27690 | 2025-04-10 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of... |
| CVE-2025-26330 | 2025-04-10 | Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges... |
| CVE-2025-22471 | 2025-04-10 | Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. |
| CVE-2025-26480 | 2025-04-10 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. |
| CVE-2025-23378 | 2025-04-10 | Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to... |
| CVE-2025-26479 | 2025-04-10 | Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues. |
| CVE-2025-3489 | 2025-04-10 | Nababur Simple-User-Management-System register.php cross site scripting |
| CVE-2025-3102 | 2025-04-10 | SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation |
| CVE-2025-0539 | 2025-04-10 | In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account... |
| CVE-2024-13874 | 2025-04-10 | Feedify – Web Push Notifications < 2.4.6 - Reflected XSS |
| CVE-2024-13896 | 2025-04-10 | WP-GeSHi-Highlight <= 1.4.3 - Author+ ReDoS |
| CVE-2024-10894 | 2025-04-10 | Payment Forms for Paystack <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-2809 | 2025-04-10 | azurecurve Shortcodes in Comments <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2025-2719 | 2025-04-10 | Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2.8 - 1.4.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2025-2805 | 2025-04-10 | ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-13909 | 2025-04-10 | Accredible Certificates & Open Badges <= 1.4.9 - Authenticated (Administrator+) SQL Injection via orderby Parameter |
| CVE-2025-3417 | 2025-04-10 | Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-38865 | 2025-04-10 | Livestatus command injection in RestAPI |
| CVE-2025-32668 | 2025-04-10 | WordPress Real Estate Manager plugin <= 7.3 - Local File Inclusion vulnerability |
| CVE-2025-32687 | 2025-04-10 | WordPress Review Stars Count For WooCommerce <= 2.0 - SQL Injection Vulnerability |
| CVE-2025-30582 | 2025-04-10 | WordPress DyaPress ERP/CRM <= 18.0.2.0 - Local File Inclusion Vulnerability |
| CVE-2025-31524 | 2025-04-10 | WordPress WP User Profiles plugin <= 2.6.2 - Privilege Escalation vulnerability |
| CVE-2025-32114 | 2025-04-10 | WordPress 5sterrenspecialist plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32115 | 2025-04-10 | WordPress Popping Content Light plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32116 | 2025-04-10 | WordPress QR Master plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32119 | 2025-04-10 | WordPress CardGate Payments for WooCommerce plugin <= 3.2.1 - SQL Injection vulnerability |
| CVE-2025-32128 | 2025-04-10 | WordPress Nearby Locations Plugin <= 1.1.1 - SQL Injection vulnerability |
| CVE-2025-32139 | 2025-04-10 | WordPress Lightbox & Modal Popup WordPress Plugin – FooBox plugin <= 2.7.33 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32140 | 2025-04-10 | WordPress WP Remote Thumbnail Plugin <= 1.3.1 - Arbitrary File Upload vulnerability |
| CVE-2025-32145 | 2025-04-10 | WordPress WpEvently plugin <= 4.3.5 - PHP Object Injection vulnerability |
| CVE-2025-32158 | 2025-04-10 | WordPress aThemes Addons for Elementor plugin <= 1.0.15 - Local File Inclusion vulnerability |
| CVE-2025-32160 | 2025-04-10 | WordPress EventON plugin <= 2.3.2 - Local File Inclusion vulnerability |
| CVE-2025-32198 | 2025-04-10 | WordPress Brizy plugin <= 2.6.14 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32199 | 2025-04-10 | WordPress Contact Form Builder by vcita plugin <= 4.10.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32202 | 2025-04-10 | WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.3000000025 - Arbitrary File Upload vulnerability |
| CVE-2025-32205 | 2025-04-10 | WordPress piotnetforms plugin <=1.0.30 - Path Traversal vulnerability |
| CVE-2025-32206 | 2025-04-10 | WordPress Processing Projects Plugin <= 1.0.2 - Arbitrary File Upload vulnerability |
| CVE-2025-32208 | 2025-04-10 | WordPress Hive Support plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-32209 | 2025-04-10 | WordPress Total processing card payments for WooCommerce Plugin <= 7.1.5 - Arbitrary File Download vulnerability |
| CVE-2025-32210 | 2025-04-10 | WordPress CM Registration and Invitation Codes plugin <= 2.5.2 - Broken Access Control vulnerability |
| CVE-2025-32212 | 2025-04-10 | WordPress Specia Companion plugin <= 4.6 - Broken Access Control vulnerability |
| CVE-2025-32213 | 2025-04-10 | WordPress Flo Forms plugin <= 1.0.43 - Broken Access Control vulnerability |
| CVE-2025-32214 | 2025-04-10 | WordPress Hive Support plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32215 | 2025-04-10 | WordPress Accessibility Suite plugin <= 4.18 - Arbitrary File Upload vulnerability |
| CVE-2025-32216 | 2025-04-10 | WordPress Spider Elements – Addons for Elementor plugin <= 1.6.2 - Broken Access Control vulnerability |
| CVE-2025-32221 | 2025-04-10 | WordPress EazyDocs plugin <= 2.6.4 - Broken Access Control vulnerability |
| CVE-2025-32227 | 2025-04-10 | WordPress Asgaros Forum plugin <= 3.0.0 - File Upload Numbers Bypass vulnerability |
| CVE-2025-32228 | 2025-04-10 | WordPress Ai Image Alt Text Generator for WP plugin <= 1.0.8 - Sensitive Data Exposure vulnerability |
| CVE-2025-32230 | 2025-04-10 | WordPress Tutor LMS plugin <= 3.4.0 - HTML Injection vulnerability |
| CVE-2025-32236 | 2025-04-10 | WordPress Woocommerce Products Reorder Drag Drop Multiple Sort plugin <= 1.9 - Broken Access Control vulnerability |
| CVE-2025-32240 | 2025-04-10 | WordPress Site Notify <= 1.0 - Broken Access Control Vulnerability |
| CVE-2025-32242 | 2025-04-10 | WordPress Hive Support plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-32243 | 2025-04-10 | WordPress Internal Link Optimiser plugin <= 5.1.2 - Settings Change vulnerability |
| CVE-2025-32244 | 2025-04-10 | WordPress SEO Help plugin <= 6.6.1 - Broken Access Control vulnerability |
| CVE-2025-32259 | 2025-04-10 | WordPress WP ULike plugin <= 4.7.9.1 - Content Spoofing Vulnerability |
| CVE-2025-32260 | 2025-04-10 | WordPress DethemeKit For Elementor plugin <= 2.1.10 - Broken Access Control vulnerability |
| CVE-2025-32275 | 2025-04-10 | WordPress Survey Maker plugin <= 5.1.5.4 - Bypass vulnerability |
| CVE-2025-32282 | 2025-04-10 | WordPress ShareThis Dashboard for Google Analytics plugin <= 3.2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27081 | 2025-04-10 | HPE NonStop OSM Service Connection Suite, Denial of Service vulnerability |
| CVE-2025-22279 | 2025-04-10 | WordPress JetCompareWishlist plugin <= 1.5.9 - Local File Inclusion vulnerability |
| CVE-2025-23386 | 2025-04-10 | gerbera: Privilege escalation from user gerbera to root because of insecure %post script |
| CVE-2025-31411 | 2025-04-10 | WordPress Linet ERP-Woocommerce Integration plugin <= 3.5.12 - Arbitrary File Read/Deletion vulnerability |
| CVE-2025-27350 | 2025-04-10 | WordPress Vice Versa plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22375 | 2025-04-10 | Authentication Bypass in CyberAudit-Web |
| CVE-2025-22374 | 2025-04-10 | SSRF in CyberAudit-Web videx-legacy-ssl |
| CVE-2025-1073 | 2025-04-10 | Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device. |
| CVE-2025-32754 | 2025-04-10 | In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version... |
| CVE-2025-32755 | 2025-04-10 | In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version... |
| CVE-2025-2408 | 2025-04-10 | Insufficient Granularity of Access Control in GitLab |
| CVE-2025-1677 | 2025-04-10 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-25197 | 2025-04-10 | Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports |
| CVE-2025-30148 | 2025-04-10 | Silverstripe Framework has a XSS vulnerability in HTML editor |
| CVE-2024-11129 | 2025-04-10 | Generation of Error Message Containing Sensitive Information in GitLab |
| CVE-2025-32383 | 2025-04-10 | MaxKB has a reverse shell vulnerability in function library |