VULNMAP - Security Vulnerabilities

CVE List - 2025 / April

Showing 1801 - 1900 of 4038 CVEs for April 2025 (Page 19 of 41)

CVE ID Date Title
CVE-2025-32383 2025-04-10 MaxKB has a reverse shell vulnerability in function library
CVE-2025-32391 2025-04-10 HedgeDoc allows XSS possibility through malicious SVG uploads
CVE-2023-43037 2025-04-10 IBM Maximo Application Suite improper access control
CVE-2023-42007 2025-04-10 IBM Sterling Control Center cross-site scripting
CVE-2025-32395 2025-04-10 Vite has an `server.fs.deny` bypass with an invalid `request-target`
CVE-2023-43035 2025-04-10 IBM Sterling Control Center information disclosure
CVE-2025-2469 2025-04-10 Debug Messages Revealing Unnecessary Information in GitLab
CVE-2025-0362 2025-04-10 Improper Restriction of Rendered UI Layers or Frames in GitLab
CVE-2025-32027 2025-04-10 Yii does not prevent XSS in scenarios where fallback error renderer is used
CVE-2025-32382 2025-04-10 Snowflake credentials logged by the Metabase backend
CVE-2025-24866 2025-04-10 Unauthorized Access to User Activity Logs API by delegated granular administration roles
CVE-2025-22232 2025-04-10 Spring Cloud Config Server May Not Use Vault Token Sent By Clients
CVE-2025-3469 2025-04-10 i18n XSS vulnerability in HTMLMultiSelectField when sections are used
CVE-2025-32696 2025-04-10 "reupload-own" restriction can be bypassed by reverting file
CVE-2025-32697 2025-04-10 Cascading protection is not preventing file reversions
CVE-2025-32698 2025-04-10 LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions
CVE-2025-32699 2025-04-10 Potential javascript injection attack enabled by Unicode normalization in Action API
CVE-2025-32700 2025-04-10 AbuseFilter log interfaces expose global private and hidden filters when central DB is not available
CVE-2025-23008 2025-04-10 An improper privilege management vulnerability in the SonicWall NetExtender Windows...
CVE-2025-23009 2025-04-10 A local privilege escalation vulnerability in SonicWall NetExtender Windows (32...
CVE-2025-23010 2025-04-10 An Improper Link Resolution Before File Access ('Link Following') vulnerability...
CVE-2025-29915 2025-04-10 Suricata af-packet: defrag option can lead to truncated packets affecting visibility
CVE-2025-29916 2025-04-10 Suricata datasets: ruleset declared settings can lead to resource starvation
CVE-2025-29917 2025-04-10 Suricata decode_base64: signature can do large memory allocation
CVE-2025-29918 2025-04-10 Suricata pcre: negated pcr can cause infinite loop
CVE-2025-32367 2025-04-11 The Oz Forensics face recognition application before 4.0.8 late 2023...
CVE-2025-32808 2025-04-11 W. W. Norton InQuizitive through 2025-04-08 allows students to insert...
CVE-2025-32809 2025-04-11 W. W. Norton InQuizitive through 2025-04-08 allows students to conduct...
CVE-2025-32816 2025-04-11 CodeLit CourseLit before 0.57.5 allows Parameter Tampering via a payment...
CVE-2024-51461 2025-04-11 IBM QRadar WinCollect Agent denial of service
CVE-2025-26335 2025-04-11 Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an...
CVE-2025-0120 2025-04-11 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
CVE-2025-0121 2025-04-11 Cortex XDR Agent: Local Windows User Can Crash the Agent
CVE-2025-0122 2025-04-11 Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through Burst of Crafted Packets
CVE-2025-0124 2025-04-11 PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface
CVE-2025-0125 2025-04-11 PAN-OS: Improper Neutralization of Input in the Management Web Interface
CVE-2025-0126 2025-04-11 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login
CVE-2025-0127 2025-04-11 PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series
CVE-2025-0128 2025-04-11 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet
CVE-2025-2636 2025-04-11 InstaWP Connect <= 0.1.0.85 - Unauthenticated Local PHP File Inclusion
CVE-2025-1386 2025-04-11 Query smuggling in ch-go library
CVE-2025-3512 2025-04-11 Buffer overflow in QTextMarkdownImporter
CVE-2025-32107 2025-04-11 OS command injection vulnerability exists in Deco BE65 Pro firmware...
CVE-2025-3434 2025-04-11 SMTP for Amazon SES – YaySMTP <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs
CVE-2025-31014 2025-04-11 WordPress Material Dashboard <= 1.4.5 - Local File Inclusion Vulnerability
CVE-2025-31015 2025-04-11 WordPress WordPress SMTP Service, Email Delivery Solved! — MailHawk <= 1.3.1 - Local File Inclusion Vulnerability
CVE-2025-31021 2025-04-11 WordPress Mobile Smart plugin <= v1.3.16 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31028 2025-04-11 WordPress WP Hide Categories <= 1.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-31040 2025-04-11 WordPress WP Food ordering and Restaurant Menu <= 1.1 - Local File Inclusion Vulnerability
CVE-2025-31041 2025-04-11 WordPress AnyTrack Affiliate Link Manager <= 1.0.4 - Broken Access Control Vulnerability
CVE-2025-31378 2025-04-11 WordPress Oppso Unit Converter plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31379 2025-04-11 WordPress Insert HTML Here plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31565 2025-04-11 WordPress WPSmartContracts plugin <= 2.0.10 - SQL Injection vulnerability
CVE-2025-31599 2025-04-11 WordPress Bulk Product Sync plugin <= 8.6 - SQL Injection vulnerability
CVE-2025-32143 2025-04-11 WordPress Accordion plugin <= 2.3.10 - PHP Object Injection vulnerability
CVE-2025-32144 2025-04-11 WordPress Job Board Manager Plugin <= 2.1.60 - PHP Object Injection vulnerability
CVE-2025-32491 2025-04-11 WordPress Rankology SEO – On-site SEO <= 2.2.3 - Privilege Escalation Vulnerability
CVE-2025-32509 2025-04-11 WordPress Simple WP Events plugin <= 1.8.17 - Arbitrary File Deletion vulnerability
CVE-2025-32517 2025-04-11 WordPress MultiMailer plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32519 2025-04-11 WordPress IDonate plugin <= 2.1.8 - Local File Inclusion vulnerability
CVE-2025-32523 2025-04-11 WordPress WooCommerce – Payphone Gateway plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32524 2025-04-11 WordPress MyWorks WooCommerce Sync for QuickBooks Online plugin <= 2.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32525 2025-04-11 WordPress Interactive Geo Maps plugin <= 1.6.24 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32534 2025-04-11 WordPress Workbox Video from Vimeo & Youtube Plugin Plugin <= 3.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32536 2025-04-11 WordPress HTML5 Video Player with Playlist Plugin <= 2.50 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32537 2025-04-11 WordPress Lock Your Updates Plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32538 2025-04-11 WordPress Easy Post Duplicator Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32539 2025-04-11 WordPress WooCommerce – Store Exporter plugin <= 2.7.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-32541 2025-04-11 WordPress WooCommerce Sales MIS Report Plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32542 2025-04-11 WordPress Eazy Plugin Manager plugin <= 4.3.0 - Broken Access Control vulnerability
CVE-2025-32551 2025-04-11 WordPress Connector to CiviCRM with CiviMcRestFace plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32553 2025-04-11 WordPress RestroPres Plugin <= 3.1.8.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32558 2025-04-11 WordPress Duplicate Title Checker Plugin <= 1.2 - SQL Injection vulnerability
CVE-2025-32565 2025-04-11 WordPress Neon Product Designer Plugin <= 2.1.1 - Unauthenticated SQL Injection vulnerability
CVE-2025-32567 2025-04-11 WordPress Easy Post Duplicator Plugin <= 1.0.1 - SQL Injection vulnerability
CVE-2025-32568 2025-04-11 WordPress EmpikPlace for Woocommerce Plugin <= 1.4.2 - PHP Object Injection vulnerability
CVE-2025-32569 2025-04-11 WordPress TableOn Plugin <= 1.0.2 - PHP Object Injection vulnerability
CVE-2025-32577 2025-04-11 WordPress Build App Online Plugin <= 1.0.23 - Local File Inclusion vulnerability
CVE-2025-32579 2025-04-11 WordPress Sync Posts Plugin <= 1.0 - Arbitrary File Upload vulnerability
CVE-2025-32585 2025-04-11 WordPress Shop Products Filter Plugin <= 1.2 - Local File Inclusion vulnerability
CVE-2025-32586 2025-04-11 WordPress ABA PayWay Payment Gateway for WooCommerce Plugin <= 2.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32587 2025-04-11 WordPress WooCommerce Pickupp Plugin <= 2.4.0 - Local File Inclusion vulnerability
CVE-2025-32589 2025-04-11 WordPress Flexi – Guest Submit Plugin <= 4.28 - Local File Inclusion vulnerability
CVE-2025-32598 2025-04-11 WordPress WP Table Builder plugin <= 2.0.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-32599 2025-04-11 WordPress Task Scheduler Plugin <= 1.6.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32600 2025-04-11 WordPress Tournamatch Plugin <= 4.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32601 2025-04-11 WordPress Twispay Credit Card Payments Plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32603 2025-04-11 WordPress WP Online Users Stats plugin <= 1.0.0 - SQL Injection vulnerability
CVE-2025-32607 2025-04-11 WordPress WpBookingly plugin <= 1.2.0 - PHP Object Injection vulnerability
CVE-2025-32614 2025-04-11 WordPress EventON plugin <= 2.3.2 - Local File Inclusion vulnerability
CVE-2025-32618 2025-04-11 WordPress Wishlist plugin <= 1.0.43 - SQL Injection vulnerability
CVE-2025-32627 2025-04-11 WordPress JS Job Manager plugin <= 2.0.2 - Local File Inclusion vulnerability
CVE-2025-32629 2025-04-11 WordPress WP-BusinessDirectory Plugin <= 3.1.2 - Arbitrary File Deletion vulnerability
CVE-2025-32631 2025-04-11 WordPress Oxygen MyData for WooCommerce plugin <= 1.0.63 - Arbitrary File Deletion vulnerability
CVE-2025-32632 2025-04-11 WordPress Automatic Ban IP Plugin <= 1.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32633 2025-04-11 WordPress Database Toolset Plugin <= 1.8.4 - Arbitrary File Deletion vulnerability
CVE-2025-32650 2025-04-11 WordPress Accessibility Suite by Ability, Inc plugin <= 4.18 - SQL Injection vulnerability
CVE-2025-32654 2025-04-11 WordPress Motors plugin <= 1.4.65 - Local File Inclusion vulnerability
CVE-2025-32656 2025-04-11 WordPress Testimonial Slider and Showcase Pro plugin <= 2.3.15 - Local File Inclusion vulnerability
CVE-2025-32663 2025-04-11 WordPress FAT Cooming Soon plugin <= 1.1 - Local File Inclusion vulnerability