CVE List - 2025 / April
Showing 2001 - 2100 of 4038 CVEs for April 2025 (Page 21 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-3556 | 2025-04-14 | ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication |
| CVE-2025-31344 | 2025-04-14 | The giflib open-source component has a buffer overflow vulnerability |
| CVE-2025-3557 | 2025-04-14 | ScriptAndTools eCommerce-website-in-PHP cross-site request forgery |
| CVE-2025-24859 | 2025-04-14 | Apache Roller: Insufficient Session Expiration on Password Change |
| CVE-2025-3558 | 2025-04-14 | ghostxbh uzy-ssm-mall uploadUserHeadImage unrestricted upload |
| CVE-2025-3559 | 2025-04-14 | ghostxbh uzy-ssm-mall 20 ForeProductListController sql injection |
| CVE-2025-3560 | 2025-04-14 | ghostxbh uzy-ssm-mall product cross site scripting |
| CVE-2025-3561 | 2025-04-14 | ghostxbh uzy-ssm-mall cross-site request forgery |
| CVE-2025-3562 | 2025-04-14 | Yonyou YonBIP userfile FileInputStream path traversal |
| CVE-2025-3563 | 2025-04-14 | WuzhiCMS Setting index.php set code injection |
| CVE-2025-27009 | 2025-04-14 | WordPress My auctions allegro plugin <= 3.6.20 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-3564 | 2025-04-14 | huanfenz/code-projects StudentManager Teacher String improper authorization |
| CVE-2025-3565 | 2025-04-14 | huanfenz/code-projects StudentManager Announcement Management Section uploadArticle.do unrestricted upload |
| CVE-2024-10087 | 2025-04-14 | XSS in iKSORIS |
| CVE-2024-10088 | 2025-04-14 | XSS in iKSORIS |
| CVE-2024-10089 | 2025-04-14 | XSS in iKSORIS |
| CVE-2024-10090 | 2025-04-14 | XSS in iKSORIS |
| CVE-2024-13597 | 2025-04-14 | XSS in iKSORIS |
| CVE-2024-13598 | 2025-04-14 | XSS in iKSORIS |
| CVE-2024-49705 | 2025-04-14 | XSS in iKSORIS |
| CVE-2024-49706 | 2025-04-14 | XSS in iKSORIS |
| CVE-2024-49707 | 2025-04-14 | XSS in iKSORIS |
| CVE-2024-49708 | 2025-04-14 | XSS in iKSORIS |
| CVE-2024-49709 | 2025-04-14 | XSS in iKSORIS |
| CVE-2025-3566 | 2025-04-14 | veal98 小牛肉 Echo 开源社区系统 uploadMdPic unrestricted upload |
| CVE-2025-3567 | 2025-04-14 | veal98 小牛肉 Echo 开源社区系统 Ticket LoginTicketInterceptor.java preHandle improper authorization |
| CVE-2025-3568 | 2025-04-14 | Webkul Krayin CRM SVG File edit cross site scripting |
| CVE-2025-32913 | 2025-04-14 | Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header |
| CVE-2025-32906 | 2025-04-14 | Libsoup: out of bounds reads in soup_headers_parse_request() |
| CVE-2025-3569 | 2025-04-14 | JamesZBL/code-projects db-hospital-drug ShiroConfig.java improper authorization |
| CVE-2025-32907 | 2025-04-14 | Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header |
| CVE-2025-32908 | 2025-04-14 | Libsoup: denial of service on libsoup through http/2 server |
| CVE-2025-2160 | 2025-04-14 | Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by... |
| CVE-2025-2161 | 2025-04-14 | Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by... |
| CVE-2025-3570 | 2025-04-14 | JamesZBL/code-projects db-hospital-drug ContentController.java save cross site scripting |
| CVE-2025-32909 | 2025-04-14 | Libsoup: null pointer dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c |
| CVE-2025-32910 | 2025-04-14 | Libsoup: null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an unauthorized response with digest authentication |
| CVE-2025-32912 | 2025-04-14 | Libsoup: null pointer dereference in client when server omits the "nonce" parameter in an unauthorized response with digest authentication |
| CVE-2025-32914 | 2025-04-14 | Libsoup: oob read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process |
| CVE-2025-2424 | 2025-04-14 | Leaked Metadata of Deleted Files via Bookmark Creation |
| CVE-2025-2475 | 2025-04-14 | Unauthorized Bot Login Using Credentials |
| CVE-2024-49825 | 2025-04-14 | IBM Robotic Process Automation session fixation |
| CVE-2025-3571 | 2025-04-14 | Fannuo Enterprise Content Management System 凡诺企业网站管理系统 cms_chip.php sql injection |
| CVE-2025-22372 | 2025-04-14 | Insecure password storage in SicommNet BASEC |
| CVE-2025-22373 | 2025-04-14 | XSS, HTML and Style injection on login page |
| CVE-2025-22371 | 2025-04-14 | SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC |
| CVE-2025-2572 | 2025-04-14 | WhatsUp Gold NmConfigurationManager.exe database manipulation vulnerability |
| CVE-2025-3277 | 2025-04-14 | An integer overflow can be triggered in SQLite’s `concat_ws()` function.... |
| CVE-2025-3585 | 2025-04-14 | westboy CicadasCMS JSP Parser upload unrestricted upload |
| CVE-2025-3587 | 2025-04-14 | ZeroWdd/code-projects studentmanager getTeacherList improper authorization |
| CVE-2022-43847 | 2025-04-14 | IBM Aspera Console HTTP header injection |
| CVE-2025-3588 | 2025-04-14 | joelittlejohn jsonschema2pojo JSON File SchemaRule.java apply stack-based overflow |
| CVE-2022-43852 | 2025-04-14 | IBM Aspera Console information disclosure |
| CVE-2023-27272 | 2025-04-14 | IBM Aspera Console weak password requirements |
| CVE-2022-43851 | 2025-04-14 | IBM Aspera Console information disclosure |
| CVE-2022-43840 | 2025-04-14 | IBM Aspera Console XPath injection |
| CVE-2022-43850 | 2025-04-14 | IBM Aspera Console cross-site scripting |
| CVE-2025-3589 | 2025-04-14 | SourceCodester Music Class Enrollment System manage_class.php sql injection |
| CVE-2025-3590 | 2025-04-14 | Adianti Framework deserialization |
| CVE-2025-3591 | 2025-04-14 | ZHENFENG13/code-projects My-Blog-layui edit cross site scripting |
| CVE-2025-3592 | 2025-04-14 | ZHENFENG13/code-projects My-Blog-layui edit cross site scripting |
| CVE-2025-3593 | 2025-04-14 | ZHENFENG13/code-projects My-Blog-layui authorImg upload unrestricted upload |
| CVE-2025-31490 | 2025-04-14 | AutoGPT allows SSRF due to DNS Rebinding in requests wrapper |
| CVE-2025-31491 | 2025-04-14 | AutoGPT allows leakage of cross-domain cookies and protected headers in requests redirect |
| CVE-2025-31494 | 2025-04-14 | AutoGPT allows cross-user sharing of node execution results through WebSockets API |
| CVE-2025-24797 | 2025-04-14 | Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow |
| CVE-2025-32428 | 2025-04-14 | Jupyter Remote Desktop Proxy makes TigerVNC accessible via the network and not just via a UNIX socket as intended |
| CVE-2020-18243 | 2025-04-15 | SQL injection vulnerability found in Enricozab CMS v.1.0 allows a... |
| CVE-2021-27289 | 2025-04-15 | A replay attack vulnerability was discovered in a Zigbee smart... |
| CVE-2024-36842 | 2025-04-15 | An issue in Oncord+ Android Infotainment Systems OS Android 12,... |
| CVE-2024-44843 | 2025-04-15 | An issue in the web socket handshake process of SteVe... |
| CVE-2024-49200 | 2025-04-15 | An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde... |
| CVE-2024-50960 | 2025-04-15 | A command injection vulnerability in the Nmap diagnostic tool in... |
| CVE-2025-22900 | 2025-04-15 | Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow... |
| CVE-2025-22903 | 2025-04-15 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow... |
| CVE-2025-22911 | 2025-04-15 | RE11S v1.11 was discovered to contain a stack overflow via... |
| CVE-2025-24948 | 2025-04-15 | In JotUrl 2.0, passwords are sent via HTTP GET-type requests,... |
| CVE-2025-24949 | 2025-04-15 | In JotUrl 2.0, is possible to bypass security requirements during... |
| CVE-2025-25453 | 2025-04-15 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan... |
| CVE-2025-25456 | 2025-04-15 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan... |
| CVE-2025-25458 | 2025-04-15 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan... |
| CVE-2025-27892 | 2025-04-15 | Shopware prior to version 6.5.8.13 is affected by a SQL... |
| CVE-2025-27980 | 2025-04-15 | cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=. |
| CVE-2025-28100 | 2025-04-15 | A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker... |
| CVE-2025-28136 | 2025-04-15 | TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow... |
| CVE-2025-28137 | 2025-04-15 | The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth... |
| CVE-2025-28142 | 2025-04-15 | Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was... |
| CVE-2025-28143 | 2025-04-15 | Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was... |
| CVE-2025-28144 | 2025-04-15 | Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15... |
| CVE-2025-28145 | 2025-04-15 | Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15... |
| CVE-2025-28198 | 2025-04-15 | A SQL injection vulnerability in Hitout car sale 1.0 allows... |
| CVE-2025-28399 | 2025-04-15 | An issue in Erick xmall v.1.1 and before allows a... |
| CVE-2025-29213 | 2025-04-15 | A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS... |
| CVE-2025-29280 | 2025-04-15 | Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the... |
| CVE-2025-29281 | 2025-04-15 | In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary... |
| CVE-2025-29471 | 2025-04-15 | Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows... |
| CVE-2025-29705 | 2025-04-15 | code-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project... |
| CVE-2025-32102 | 2025-04-15 | CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1... |
| CVE-2025-32103 | 2025-04-15 | CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1... |
| CVE-2025-32987 | 2025-04-15 | Arctera eDiscovery Platform before 10.3.2, when Enterprise Vault Collection Module... |