CVE List - 2025 / April
Showing 1901 - 2000 of 4038 CVEs for April 2025 (Page 20 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-32671 | 2025-04-11 | WordPress Print Science Designer plugin <= 1.3.155 - Arbitrary File Download vulnerability |
| CVE-2025-32672 | 2025-04-11 | WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.9 - Local File Inclusion Vulnerability |
| CVE-2025-32681 | 2025-04-11 | WordPress Error Log Viewer By WP Guru plugin <= 1.0.5 - SQL Injection vulnerability |
| CVE-2025-2128 | 2025-04-11 | Cost Calculator Builder <= 3.2.67 - Authenticated (Subscriber+) SQL Injection via order_ids Parameter |
| CVE-2025-31362 | 2025-04-11 | Use of hard-coded cryptographic key issue exists in BizRobo! all... |
| CVE-2025-31932 | 2025-04-11 | Deserialization of untrusted data issue exists in BizRobo! all versions.... |
| CVE-2025-23391 | 2025-04-11 | Rancher: Restricted Administrator can change Administrator's passwords |
| CVE-2025-23389 | 2025-04-11 | Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login |
| CVE-2025-23388 | 2025-04-11 | Unauthenticated stack overflow in /v3-public/authproviders API |
| CVE-2025-23387 | 2025-04-11 | Rancher's SAML-based login via CLI can be denied by unauthenticated users |
| CVE-2024-52282 | 2025-04-11 | Rancher Helm Applications may have sensitive values leaked |
| CVE-2025-2541 | 2025-04-11 | WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2025-2575 | 2025-04-11 | Z Companion <= 1.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-52280 | 2025-04-11 | Users can issue watch commands for arbitrary resources |
| CVE-2024-13861 | 2025-04-11 | A code injection vulnerability in the Debian package component of... |
| CVE-2025-3439 | 2025-04-11 | Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection |
| CVE-2025-3422 | 2025-04-11 | Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution |
| CVE-2025-3421 | 2025-04-11 | Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting |
| CVE-2025-32427 | 2025-04-11 | Formie has a XSS vulnerability for importing forms |
| CVE-2025-32426 | 2025-04-11 | Formie has a XSS vulnerability for email notification content for preview |
| CVE-2023-42981 | 2025-04-11 | Processing a file may lead to a denial-of-service or potentially... |
| CVE-2023-42973 | 2025-04-11 | Private Browsing tabs may be accessed without authentication. This issue... |
| CVE-2023-41076 | 2025-04-11 | An app may be able to elevate privileges. This issue... |
| CVE-2023-42969 | 2025-04-11 | An app may be able to break out of its... |
| CVE-2023-42875 | 2025-04-11 | Processing web content may lead to arbitrary code execution. This... |
| CVE-2023-38614 | 2025-04-11 | A permissions issue was addressed with additional restrictions. This issue... |
| CVE-2023-42970 | 2025-04-11 | A use-after-free issue was addressed with improved memory management. This... |
| CVE-2023-42982 | 2025-04-11 | Processing a file may lead to a denial-of-service or potentially... |
| CVE-2023-42961 | 2025-04-11 | A path handling issue was addressed with improved validation. This... |
| CVE-2023-42977 | 2025-04-11 | A path handling issue was addressed with improved validation. This... |
| CVE-2023-42983 | 2025-04-11 | Processing a file may lead to a denial-of-service or potentially... |
| CVE-2025-31354 | 2025-04-11 | Subnet Solutions PowerSYSTEM Center Out-of-Bounds Read |
| CVE-2025-31935 | 2025-04-11 | Subnet Solutions PowerSYSTEM Center Deserialization of Untrusted Data |
| CVE-2025-32071 | 2025-04-11 | Wikibase CommonsInlineImageFormatter: i18n XSS |
| CVE-2025-32070 | 2025-04-11 | XSSes in AJAXPoll |
| CVE-2025-32069 | 2025-04-11 | Wikitext stored XSS on filepages due to dangerous WBMI serialization |
| CVE-2025-32068 | 2025-04-11 | Revoking authorization of OAuth2 consumer does not invalidate refresh tokens |
| CVE-2025-32067 | 2025-04-11 | i18n XSS vulnerability in message growthexperiments |
| CVE-2025-32075 | 2025-04-11 | IP and user agent leaks in Extension:Tabs |
| CVE-2025-32074 | 2025-04-11 | XSSes in Extension:ConfirmAccount |
| CVE-2025-32073 | 2025-04-11 | System message XSS in HTMLTags |
| CVE-2025-32072 | 2025-04-11 | HTML injection in feed output from i18n message |
| CVE-2025-32076 | 2025-04-11 | Evil regex used to process user-provided data in VisualData |
| CVE-2025-32080 | 2025-04-11 | Cross-origin data leak in mobilefrontend via lazy load images |
| CVE-2025-32079 | 2025-04-11 | Saving the right content to MediaWiki:GrowthMentors.json can take down the site |
| CVE-2025-32078 | 2025-04-11 | XSSes and potential RCE in Special:VersionCompare |
| CVE-2025-32077 | 2025-04-11 | XSSes in Extension:SimpleCalendar |
| CVE-2025-0119 | 2025-04-11 | Cortex XDR Broker VM: Authenticated Command Injection Vulnerability in Broker VM |
| CVE-2025-0123 | 2025-04-11 | PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures |
| CVE-2024-11679 | 2025-04-11 | An input validation weakness was reported in the TpmSetup module... |
| CVE-2025-0129 | 2025-04-11 | Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser |
| CVE-2025-2269 | 2025-04-11 | Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.34 Reflected Cross-Site Scripting via 'image_id' Parameter |
| CVE-2025-29803 | 2025-04-12 | Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability |
| CVE-2025-32726 | 2025-04-12 | Visual Studio Code Elevation of Privilege Vulnerability |
| CVE-2025-29834 | 2025-04-12 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2025-2841 | 2025-04-12 | Cart66 Cloud <= 2.3.7 - Unauthenticated Information Exposure |
| CVE-2025-2881 | 2025-04-12 | Developer Toolbar <= 1.0.3 - Unauthenticated Information Exposure |
| CVE-2025-2871 | 2025-04-12 | WordPress Mega Menu – QuadMenu <= 3.2.0 - Cross-Site Request Forgery to Limited User Meta Update |
| CVE-2025-3292 | 2025-04-12 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update |
| CVE-2025-3418 | 2025-04-12 | WPC Admin Columns 2.0.6 - 2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update |
| CVE-2025-3282 | 2025-04-12 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification |
| CVE-2024-13337 | 2025-04-12 | Webcraftic Clearfy – WordPress optimization plugin <= 2.3.2 - Cross-Site Request Forgery to Plugin Settings Update via 'setup-wbcr_clearfy' |
| CVE-2025-3276 | 2025-04-12 | SKT Blocks – Gutenberg based Page Builder <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13338 | 2025-04-12 | Webcraftic Clearfy – WordPress optimization plugin <= 2.3.1 - Cross-Site Request Forgery to Clear Cache |
| CVE-2025-1455 | 2025-04-12 | Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-1456 | 2025-04-12 | Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-2814 | 2025-04-12 | Crypt::CBC versions between 1.21 and 3.04 for Perl may use insecure rand() function for cryptographic functions |
| CVE-2025-3531 | 2025-04-13 | YouDianCMS index.html cross site scripting |
| CVE-2025-3532 | 2025-04-13 | YouDianCMS index.html.Attackers cross site scripting |
| CVE-2025-3533 | 2025-04-13 | YouDianCMS index.html.Attackers cross site scripting |
| CVE-2025-3534 | 2025-04-13 | PowerCreator CMS OpenPublicCourse.aspx sql injection |
| CVE-2025-3535 | 2025-04-13 | shuanx BurpAPIFinder BurpApiFinder.db denial of service |
| CVE-2025-3536 | 2025-04-13 | Tutorials-Website Employee Management System delete-user.php improper authorization |
| CVE-2025-3423 | 2025-04-13 | IBM Aspera Faspex 5 cross-site scripting |
| CVE-2025-3537 | 2025-04-13 | Tutorials-Website Employee Management System update-user.php improper authorization |
| CVE-2024-56406 | 2025-04-13 | Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes |
| CVE-2025-3538 | 2025-04-13 | D-Link DI-8100 jhttpd auth.asp auth_asp stack-based overflow |
| CVE-2025-3539 | 2025-04-13 | H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection |
| CVE-2025-3445 | 2025-04-13 | A Path Traversal "Zip Slip" vulnerability has been identified in... |
| CVE-2025-3540 | 2025-04-13 | H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardProtoProcess command injection |
| CVE-2025-3541 | 2025-04-13 | H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoProcess command injection |
| CVE-2025-3542 | 2025-04-13 | H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection |
| CVE-2025-29720 | 2025-04-14 | Dify v1.0 was discovered to contain a Server-Side Request Forgery... |
| CVE-2025-32931 | 2025-04-14 | DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later... |
| CVE-2025-3543 | 2025-04-14 | H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection |
| CVE-2025-3544 | 2025-04-14 | H3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injection |
| CVE-2025-3545 | 2025-04-14 | H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection |
| CVE-2025-3546 | 2025-04-14 | H3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injection |
| CVE-2025-3572 | 2025-04-14 | INTUMIT SmartRobot - Server-Side Request Forgery |
| CVE-2025-3547 | 2025-04-14 | frdel Agent-Zero get_work_dir_files path traversal |
| CVE-2025-3548 | 2025-04-14 | Open Asset Import Library Assimp File types.h Set heap-based overflow |
| CVE-2025-3549 | 2025-04-14 | Open Asset Import Library Assimp File MD3Loader.cpp ValidateSurfaceHeaderOffsets heap-based overflow |
| CVE-2025-3550 | 2025-04-14 | wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System detail improper authorization |
| CVE-2024-9230 | 2025-04-14 | PowerPress Podcasting < 11.9.18 - Author+ XSS via Podcast URL |
| CVE-2025-2563 | 2025-04-14 | User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation |
| CVE-2025-3553 | 2025-04-14 | phpshe admin.php pe_delete sql injection |
| CVE-2025-3554 | 2025-04-14 | phpshe api.php cross site scripting |
| CVE-2025-30516 | 2025-04-14 | Unauthorized Notification Exposure in Mobile App Under Specific Conditions |
| CVE-2025-32093 | 2025-04-14 | Syatem admin profile modification by delegated granular administration role |
| CVE-2025-3555 | 2025-04-14 | ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication |