CVE List - 2025 / April
Showing 2301 - 2400 of 4038 CVEs for April 2025 (Page 24 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-26906 | 2025-04-15 | WordPress WP Delete User Accounts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26908 | 2025-04-15 | WordPress Kargo Entegratör plugin <= 1.1.14 - SQL Injection vulnerability |
| CVE-2025-26919 | 2025-04-15 | WordPress Tainá plugin <= 0.2.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26927 | 2025-04-15 | WordPress AI Hub plugin <= 1.3.3 - Arbitrary File Upload vulnerability |
| CVE-2025-26930 | 2025-04-15 | WordPress Home Services plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26934 | 2025-04-15 | WordPress Glossy Blog theme <= 1.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26950 | 2025-04-15 | WordPress Nepali Date Converter plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26951 | 2025-04-15 | WordPress C9 Blocks plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26953 | 2025-04-15 | WordPress JetMenu <= 2.4.9 - Broken Access Control Vulnerability |
| CVE-2025-26996 | 2025-04-15 | WordPress Sign-up Sheets plugin <= 2.3.0.1 - Shortcode Injection vulnerability |
| CVE-2025-30257 | 2025-04-15 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key |
| CVE-2025-26998 | 2025-04-15 | WordPress SKT Blocks – Gutenberg based Page Builder plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27008 | 2025-04-15 | WordPress Unlimited Timeline < 1.6.1 - Broken Access Control Vulnerability |
| CVE-2025-27011 | 2025-04-15 | WordPress Booking and Rental Manager plugin <= 2.2.8 - Local File Inclusion vulnerability |
| CVE-2025-30966 | 2025-04-15 | WordPress WPJobBoard plugin < 5.11.1 - Path Traversal vulnerability |
| CVE-2025-30967 | 2025-04-15 | WordPress WPJobBoard plugin < 5.11.1 - CSRF to Remote Code Execution (RCE) vulnerability |
| CVE-2025-30970 | 2025-04-15 | WordPress Easy Contact plugin <= 0.1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30982 | 2025-04-15 | WordPress MyBookProgress by Stormhill Media plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30984 | 2025-04-15 | WordPress SEO Tools plugin <= 4.0.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32923 | 2025-04-15 | WordPress Tourmaster plugin < 5.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27561 | 2025-04-15 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key |
| CVE-2025-32784 | 2025-04-15 | conda-forge-webservices has an Unauthorized Artifact Modification Race Condition |
| CVE-2025-24315 | 2025-04-15 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key |
| CVE-2025-27929 | 2025-04-15 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key |
| CVE-2025-32782 | 2025-04-15 | Ash Authentication email link auto-click account confirmation vulnerability |
| CVE-2025-32435 | 2025-04-15 | Hydra no restricted eval after nix-eval-jobs migration |
| CVE-2025-32388 | 2025-04-15 | SvelteKit allows XSS via tracked search_params |
| CVE-2025-32385 | 2025-04-15 | EspoCRM allows unrestricted Embedding in Iframe dashlet |
| CVE-2025-30215 | 2025-04-15 | NATS-Server Fails to Authorize Certain Jetstream Admin APIs |
| CVE-2024-40068 | 2025-04-16 | Sourcecodester Online ID Generator System 1.0 was discovered to contain... |
| CVE-2024-40069 | 2025-04-16 | Sourcecodester Online ID Generator System 1.0 was discovered to contain... |
| CVE-2024-40070 | 2025-04-16 | Sourcecodester Online ID Generator System 1.0 was discovered to contain... |
| CVE-2024-40071 | 2025-04-16 | Sourcecodester Online ID Generator System 1.0 was discovered to contain... |
| CVE-2024-40072 | 2025-04-16 | Sourcecodester Online ID Generator System 1.0 was discovered to contain... |
| CVE-2024-40073 | 2025-04-16 | Sourcecodester Online ID Generator System 1.0 was discovered to contain... |
| CVE-2024-40074 | 2025-04-16 | Sourcecodester Online ID Generator System 1.0 was discovered to contain... |
| CVE-2024-53303 | 2025-04-16 | A remote code execution (RCE) vulnerability in the upload_file function... |
| CVE-2024-53304 | 2025-04-16 | An issue in LRQA Nettitude PoshC2 after commit 09ee2cf allows... |
| CVE-2024-53305 | 2025-04-16 | An issue in the component /models/config.py of Whoogle search v0.9.0... |
| CVE-2024-55371 | 2025-04-16 | Wallos <= 2.38.2 has a file upload vulnerability in the... |
| CVE-2024-55372 | 2025-04-16 | Wallos <=2.38.2 has a file upload vulnerability in the restore... |
| CVE-2024-58248 | 2025-04-16 | nopCommerce before 4.80.0 does not offer locking for order placement.... |
| CVE-2024-58249 | 2025-04-16 | In wxWidgets before 3.2.7, a crash can be triggered in... |
| CVE-2025-26153 | 2025-04-16 | A Stored XSS vulnerability exists in the message compose feature... |
| CVE-2025-28072 | 2025-04-16 | PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in... |
| CVE-2025-29648 | 2025-04-16 | SQL Injection vulnerability exists in the TP-Link EAP120 router s... |
| CVE-2025-29649 | 2025-04-16 | SQL Injection vulnerability exists in the TP-Link TL-WR840N router s... |
| CVE-2025-29650 | 2025-04-16 | SQL Injection vulnerability exists in the TP-Link M7200 4G LTE... |
| CVE-2025-29651 | 2025-04-16 | SQL Injection vulnerability exists in the TP-Link M7650 4G LTE... |
| CVE-2025-29652 | 2025-04-16 | SQL Injection vulnerability exists in the TP-Link M7000 4G LTE... |
| CVE-2025-29653 | 2025-04-16 | SQL Injection vulnerability exists in the TP-Link M7450 4G LTE... |
| CVE-2025-29708 | 2025-04-16 | SourceCodester Company Website CMS 1.0 contains a file upload vulnerability... |
| CVE-2025-29709 | 2025-04-16 | SourceCodester Company Website CMS 1.0 has a File upload vulnerability... |
| CVE-2025-29710 | 2025-04-16 | SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site... |
| CVE-2025-43703 | 2025-04-16 | An issue was discovered in Ankitects Anki through 25.02. A... |
| CVE-2025-43704 | 2025-04-16 | Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when... |
| CVE-2025-30100 | 2025-04-16 | Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain... |
| CVE-2025-2314 | 2025-04-16 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-13452 | 2025-04-16 | Contact Form by Supsystic <= 1.7.29 - Cross-Site Request Forgery to Stored Cross-Site Scripting via saveAsCopy AJAX Action |
| CVE-2025-3698 | 2025-04-16 | Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead... |
| CVE-2025-3663 | 2025-04-16 | TOTOLINK A3700R Password cstecgi.cgi setWiFiEasyGuestCfg access control |
| CVE-2025-3664 | 2025-04-16 | TOTOLINK A3700R cstecgi.cgi setWiFiEasyGuestCfg access control |
| CVE-2025-3665 | 2025-04-16 | TOTOLINK A3700R cstecgi.cgi setSmartQosCfg access control |
| CVE-2025-3495 | 2025-04-16 | COMMGR - Insufficient Randomization Authentication Bypass |
| CVE-2025-3666 | 2025-04-16 | TOTOLINK A3700R cstecgi.cgi setDdnsCfg access control |
| CVE-2025-3667 | 2025-04-16 | TOTOLINK A3700R cstecgi.cgi setUPnPCfg access control |
| CVE-2025-3668 | 2025-04-16 | TOTOLINK A3700R cstecgi.cgi setScheduleCfg access control |
| CVE-2025-22018 | 2025-04-16 | atm: Fix NULL pointer dereference |
| CVE-2025-3247 | 2025-04-16 | Contact Form 7 <= 6.0.5 - Order Replay Vulnerability |
| CVE-2024-10680 | 2025-04-16 | Form Maker by 10Web < 1.15.32 - Admin+ Stored XSS |
| CVE-2025-3674 | 2025-04-16 | TOTOLINK A3700R cstecgi.cgi setUrlFilterRules access control |
| CVE-2025-3675 | 2025-04-16 | TOTOLINK A3700R cstecgi.cgi setL2tpServerCfg access control |
| CVE-2025-0101 | 2025-04-16 | WAGO: Year 2038 problem |
| CVE-2025-3077 | 2025-04-16 | Betheme <= 28.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-24839 | 2025-04-16 | Unauthorized AI bot activation via Wrangler plugin |
| CVE-2025-27538 | 2025-04-16 | MFA Enforcement Bypass Allows Unauthorized Removal of MFA for Other Users |
| CVE-2025-27571 | 2025-04-16 | Channel metadata visible in archived channels despite configuration setting |
| CVE-2025-3676 | 2025-04-16 | xxyopen Novel-Plus books sql injection |
| CVE-2025-3104 | 2025-04-16 | WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function |
| CVE-2025-3677 | 2025-04-16 | lm-sys fastchat apply_delta.py apply_delta_low_cpu_mem deserialization |
| CVE-2024-52281 | 2025-04-16 | Stored Cross-site Scripting vulnerability in Rancher UI |
| CVE-2024-22036 | 2025-04-16 | Rancher Remote Code Execution via Cluster/Node Drivers |
| CVE-2023-32197 | 2025-04-16 | Rancher's External RoleTemplates can lead to privilege escalation |
| CVE-2025-3678 | 2025-04-16 | PCMan FTP Server HELP Command buffer overflow |
| CVE-2025-31363 | 2025-04-16 | Data exfiltration via AI plugin Jira tool |
| CVE-2025-27936 | 2025-04-16 | Webhook Secret Exposure via Timing attack in MSteams plugin |
| CVE-2025-3679 | 2025-04-16 | PCMan FTP Server HOST Command buffer overflow |
| CVE-2025-3680 | 2025-04-16 | PCMan FTP Server LANG Command buffer overflow |
| CVE-2025-3681 | 2025-04-16 | PCMan FTP Server MODE Command buffer overflow |
| CVE-2025-22019 | 2025-04-16 | bcachefs: bch2_ioctl_subvolume_destroy() fixes |
| CVE-2025-22020 | 2025-04-16 | memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove |
| CVE-2025-22021 | 2025-04-16 | netfilter: socket: Lookup orig tuple for IPv6 SNAT |
| CVE-2025-22022 | 2025-04-16 | usb: xhci: Apply the link chain quirk on NEC isoc endpoints |
| CVE-2025-22023 | 2025-04-16 | usb: xhci: Don't skip on Stopped - Length Invalid |
| CVE-2025-30960 | 2025-04-16 | WordPress FS Poster plugin <= 6.5.8 - Subscriber+ Site Wide Broken Access Control vulnerability |
| CVE-2024-58092 | 2025-04-16 | nfsd: fix legacy client tracking initialization |
| CVE-2025-3682 | 2025-04-16 | PCMan FTP Server PASV Command buffer overflow |
| CVE-2025-3683 | 2025-04-16 | PCMan FTP Server SIZE Command buffer overflow |
| CVE-2025-3684 | 2025-04-16 | Xianqi Kindergarten Management System Child Management stu_list.php sql injection |
| CVE-2025-3685 | 2025-04-16 | code-projects Patient Record Management System edit_fpatient.php sql injection |