CVE List - 2025 / April
Showing 2601 - 2700 of 4033 CVEs for April 2025 (Page 27 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-39472 | 2025-04-16 | WordPress WooCommerce Social Login plugin < 2.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27495 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow... |
| CVE-2025-27539 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'VerifyUser' method. This could allow... |
| CVE-2025-27540 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow... |
| CVE-2025-29905 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'RestoreFromBackup' method. This could allow... |
| CVE-2025-30002 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariables' method. This could allow... |
| CVE-2025-30003 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectConnections' method. This could allow... |
| CVE-2025-30030 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportDatabase' method. This could allow... |
| CVE-2025-30031 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateUsers' method. This could allow... |
| CVE-2025-30032 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateDatabaseSettings' method. This could allow... |
| CVE-2025-31343 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateTcmSettings' method. This could allow... |
| CVE-2025-31349 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateSmtpSettings' method. This could allow... |
| CVE-2025-31350 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateBufferingSettings' method. This could allow... |
| CVE-2025-31351 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateProject' method. This could allow... |
| CVE-2025-31352 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateGateways' method. This could allow... |
| CVE-2025-31353 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateOpcSettings' method. This could allow... |
| CVE-2025-32475 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProject' method. This could allow... |
| CVE-2025-32822 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'DeleteProject' method. This could allow... |
| CVE-2025-32823 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProject' method. This could allow... |
| CVE-2025-32824 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow... |
| CVE-2025-32825 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetProjects' method. This could allow... |
| CVE-2025-32826 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetActiveProjects' method. This could allow... |
| CVE-2025-32827 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ActivateProject' method. This could allow... |
| CVE-2025-32828 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectCrossCommunications' method. This could allow... |
| CVE-2025-32829 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow... |
| CVE-2025-32830 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow... |
| CVE-2025-32831 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectUserRights' method. This could allow... |
| CVE-2025-32832 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectUserRights' method. This could allow... |
| CVE-2025-32833 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProjectUserRights' method. This could allow... |
| CVE-2025-32834 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariablesWithImport' method. This could allow... |
| CVE-2025-32835 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariableArchivingBuffering' method. This could allow... |
| CVE-2025-32836 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetConnectionVariables' method. This could allow... |
| CVE-2025-32837 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetActiveConnectionVariables' method. This could allow... |
| CVE-2025-32838 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportConnectionVariables' method. This could allow... |
| CVE-2025-32839 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetGateways' method. This could allow... |
| CVE-2025-32840 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockGateway' method. This could allow... |
| CVE-2025-32841 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockGateway' method. This could allow... |
| CVE-2025-32842 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetUsers' method. This could allow... |
| CVE-2025-32843 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockUser' method. This could allow... |
| CVE-2025-32844 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockUser' method. This could allow... |
| CVE-2025-32845 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateGeneralSettings' method. This could allow... |
| CVE-2025-32846 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockGeneralSettings' method. This could allow... |
| CVE-2025-32847 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockGeneralSettings' method. This could allow... |
| CVE-2025-32848 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockSmtpSettings' method. This could allow... |
| CVE-2025-32849 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockSmtpSettings' method. This could allow... |
| CVE-2025-32850 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockTcmSettings' method. This could allow... |
| CVE-2025-32851 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockTcmSettings' method. This could allow... |
| CVE-2025-32852 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockDatabaseSettings' method. This could allow... |
| CVE-2025-32853 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockDatabaseSettings' method. This could allow... |
| CVE-2025-32854 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockOpcSettings' method. This could allow... |
| CVE-2025-32855 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockOpcSettings' method. This could allow... |
| CVE-2025-32856 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockBufferingSettings' method. This could allow... |
| CVE-2025-32857 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockBufferingSettings' method. This could allow... |
| CVE-2025-32858 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateWebServerGatewaySettings' method. This could allow... |
| CVE-2025-32859 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockWebServerGatewaySettings' method. This could allow... |
| CVE-2025-32860 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockWebServerGatewaySettings' method. This could allow... |
| CVE-2025-32861 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateTraceLevelSettings' method. This could allow... |
| CVE-2025-32862 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockTraceLevelSettings' method. This could allow... |
| CVE-2025-32863 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockTraceLevelSettings' method. This could allow... |
| CVE-2025-32864 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetSettings' method. This could allow... |
| CVE-2025-32865 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateLog' method. This could allow... |
| CVE-2025-32866 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetLogs' method. This could allow... |
| CVE-2025-32867 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateBackup' method. This could allow... |
| CVE-2025-32868 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ExportCertificate' method. This could allow... |
| CVE-2025-32869 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow... |
| CVE-2025-32870 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetTraces' method. This could allow... |
| CVE-2025-32871 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'MigrateDatabase' method. This could allow... |
| CVE-2025-32872 | 2025-04-16 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow... |
| CVE-2025-2291 | 2025-04-16 | PgBouncer default auth_query does not take Postgres password expiry into account |
| CVE-2025-31201 | 2025-04-16 | This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with... |
| CVE-2025-31200 | 2025-04-16 | A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an... |
| CVE-2025-32817 | 2025-04-16 | A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or... |
| CVE-2025-3723 | 2025-04-16 | PCMan FTP Server MDTM Command buffer overflow |
| CVE-2025-3724 | 2025-04-16 | PCMan FTP Server DIR Command buffer overflow |
| CVE-2025-3725 | 2025-04-16 | PCMan FTP Server MIC Command buffer overflow |
| CVE-2025-3726 | 2025-04-16 | PCMan FTP Server CD Command buffer overflow |
| CVE-2025-3727 | 2025-04-16 | PCMan FTP Server STATUS Command buffer overflow |
| CVE-2025-3728 | 2025-04-16 | SourceCodester Simple Hotel Booking System login buffer overflow |
| CVE-2025-3619 | 2025-04-16 | Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2025-3620 | 2025-04-16 | Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-3729 | 2025-04-16 | SourceCodester Web-based Pharmacy Product Management System Database Backup backup.php os command injection |
| CVE-2025-3730 | 2025-04-16 | PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service |
| CVE-2025-31478 | 2025-04-16 | Zulip Authentication Backend Configuration Bypass |
| CVE-2025-25230 | 2025-04-16 | Omnissa Horizon Client for Windows contains an LPE Vulnerability. A malicious actor with local access where Horizon Client for Windows is installed may be able to elevate privileges. |
| CVE-2025-32433 | 2025-04-16 | Erlang/OTP SSH Vulnerable to Pre-Authentication RCE |
| CVE-2025-32783 | 2025-04-16 | XWiki allows unregistered users to see "public" messages from a closed wiki via notifications from a different wiki |
| CVE-2025-32787 | 2025-04-16 | SoftEtherVPN Affected by NULL dereference in DeleteIPv6DefaultRouterInRA |
| CVE-2025-32789 | 2025-04-16 | EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function |
| CVE-2025-32791 | 2025-04-16 | Permission policy information leakage in Backstage permission system |
| CVE-2025-0758 | 2025-04-16 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource |
| CVE-2025-0757 | 2025-04-16 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2025-0756 | 2025-04-16 | Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection') |
| CVE-2025-24908 | 2025-04-16 | Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal |
| CVE-2025-24909 | 2025-04-16 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2025-24910 | 2025-04-16 | Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference |
| CVE-2025-24911 | 2025-04-16 | Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference |
| CVE-2025-24907 | 2025-04-16 | Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal |
| CVE-2025-1566 | 2025-04-16 | DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during... |
| CVE-2025-1704 | 2025-04-16 | ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted... |
| CVE-2025-2073 | 2025-04-16 | Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure |