CVE List - 2025 / April
Showing 2701 - 2800 of 4038 CVEs for April 2025 (Page 28 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-24909 | 2025-04-16 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2025-24910 | 2025-04-16 | Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference |
| CVE-2025-24911 | 2025-04-16 | Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference |
| CVE-2025-24907 | 2025-04-16 | Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal |
| CVE-2025-1566 | 2025-04-16 | DNS Leak in Native System VPN in Google ChromeOS Dev... |
| CVE-2025-1704 | 2025-04-16 | ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks... |
| CVE-2025-2073 | 2025-04-16 | Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15,... |
| CVE-2025-1568 | 2025-04-16 | Access Control Vulnerability in Gerrit chromiumos project configuration in Google... |
| CVE-2024-40124 | 2025-04-17 | Pydio Core <= 8.2.5 is vulnerable to Cross Site Scripting... |
| CVE-2024-53924 | 2025-04-17 | Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows... |
| CVE-2024-55211 | 2025-04-17 | An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to... |
| CVE-2024-55238 | 2025-04-17 | OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can... |
| CVE-2024-56518 | 2025-04-17 | Hazelcast Management Center through 6.0 allows remote code execution via... |
| CVE-2025-25454 | 2025-04-17 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan... |
| CVE-2025-25455 | 2025-04-17 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan... |
| CVE-2025-25457 | 2025-04-17 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan... |
| CVE-2025-26268 | 2025-04-17 | DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a... |
| CVE-2025-26269 | 2025-04-17 | DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users... |
| CVE-2025-28009 | 2025-04-17 | A SQL Injection vulnerability exists in the `u` parameter of... |
| CVE-2025-28101 | 2025-04-17 | An arbitrary file deletion vulnerability in the /post/{postTitle} component of... |
| CVE-2025-29015 | 2025-04-17 | Code Astro Internet Banking System 2.0.0 is vulnerable to Cross... |
| CVE-2025-29039 | 2025-04-17 | An issue in dlink DIR 832x 240802 allows a remote... |
| CVE-2025-29040 | 2025-04-17 | An issue in dlink DIR 823x 240802 allows a remote... |
| CVE-2025-29041 | 2025-04-17 | An issue in dlink DIR 823x 240802 allows a remote... |
| CVE-2025-29042 | 2025-04-17 | An issue in dlink DIR 832x 240802 allows a remote... |
| CVE-2025-29043 | 2025-04-17 | An issue in dlink DIR 832x 240802 allows a remote... |
| CVE-2025-29044 | 2025-04-17 | Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a... |
| CVE-2025-29045 | 2025-04-17 | Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to... |
| CVE-2025-29046 | 2025-04-17 | Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a... |
| CVE-2025-29047 | 2025-04-17 | Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a... |
| CVE-2025-29180 | 2025-04-17 | In FOXCMS <=1.25, the installdb.php file has a time -... |
| CVE-2025-29181 | 2025-04-17 | FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title']... |
| CVE-2025-29316 | 2025-04-17 | An issue in DataPatrol Screenshot watermark, printing watermark agent v.3.5.2.0... |
| CVE-2025-29449 | 2025-04-17 | An issue in twonav v.2.1.18-20241105 allows a remote attacker to... |
| CVE-2025-29450 | 2025-04-17 | An issue in twonav v.2.1.18-20241105 allows a remote attacker to... |
| CVE-2025-29451 | 2025-04-17 | An issue in Seo Panel 4.11.0 allows a remote attacker... |
| CVE-2025-29452 | 2025-04-17 | An issue in Seo Panel 4.11.0 allows a remote attacker... |
| CVE-2025-29453 | 2025-04-17 | An issue in personal-management-system Personal Management System 1.4.65 allows a... |
| CVE-2025-29454 | 2025-04-17 | An issue in personal-management-system Personal Management System 1.4.65 allows a... |
| CVE-2025-29455 | 2025-04-17 | An issue in personal-management-system Personal Management System 1.4.65 allows a... |
| CVE-2025-29456 | 2025-04-17 | An issue in personal-management-system Personal Management System 1.4.65 allows a... |
| CVE-2025-29457 | 2025-04-17 | An issue in MyBB 1.8.38 allows a remote attacker to... |
| CVE-2025-29458 | 2025-04-17 | An issue in MyBB 1.8.38 allows a remote attacker to... |
| CVE-2025-29459 | 2025-04-17 | An issue in MyBB 1.8.38 allows a remote attacker to... |
| CVE-2025-29460 | 2025-04-17 | An issue in MyBB 1.8.38 allows a remote attacker to... |
| CVE-2025-29461 | 2025-04-17 | An issue in a-blogcms 3.1.15 allows a remote attacker to... |
| CVE-2025-29661 | 2025-04-17 | Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run. |
| CVE-2025-29662 | 2025-04-17 | A RCE vulnerability in the core application in LandChat 3.25.12.18... |
| CVE-2025-29722 | 2025-04-17 | A CSRF vulnerability in Commercify v1.0 allows remote attackers to... |
| CVE-2025-32415 | 2025-04-17 | In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in... |
| CVE-2025-43708 | 2025-04-17 | VisiCut 2.1 allows stack consumption via an XML document with... |
| CVE-2025-43715 | 2025-04-17 | Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows... |
| CVE-2025-43717 | 2025-04-17 | In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests... |
| CVE-2025-1290 | 2025-04-17 | A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function... |
| CVE-2025-31340 | 2025-04-17 | Wisdom Master Pro - Improper Control of Filename for Include/Require Statement in PHP Program |
| CVE-2025-31339 | 2025-04-17 | Wisdom Master Pro - Unrestricted Upload of File with Dangerous Type |
| CVE-2025-31338 | 2025-04-17 | Wisdom Master Pro - Missing Authorization |
| CVE-2025-3295 | 2025-04-17 | WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read |
| CVE-2025-3294 | 2025-04-17 | WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update |
| CVE-2024-11924 | 2025-04-17 | Email Subscribers < 5.7.52 - Admin+ Stored XSS |
| CVE-2024-13925 | 2025-04-17 | Klarna Checkout for WooCommerce < 2.13.5 - DoS via Excessive Logging |
| CVE-2025-1523 | 2025-04-17 | Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS |
| CVE-2025-1524 | 2025-04-17 | Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS |
| CVE-2025-1525 | 2025-04-17 | Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS |
| CVE-2025-3113 | 2025-04-17 | Improper Access Control in Delphix Masking Engine |
| CVE-2025-2903 | 2025-04-17 | Privilege Chaining in Delphix |
| CVE-2025-3615 | 2025-04-17 | Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-2197 | 2025-04-17 | Type Confusion Vulnerability in Browser |
| CVE-2025-2188 | 2025-04-17 | Whitelist bypass Vulnerability in GameCenter |
| CVE-2025-1532 | 2025-04-17 | Code Injection Vulnerability in Phoneservice |
| CVE-2025-29931 | 2025-04-17 | A vulnerability has been identified in TeleControl Server Basic (All... |
| CVE-2025-3453 | 2025-04-17 | Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure |
| CVE-2025-3487 | 2025-04-17 | Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit' |
| CVE-2025-3479 | 2025-04-17 | Forminator <= 1.42.0 - Order Replay Vulnerability |
| CVE-2025-26478 | 2025-04-17 | Dell ECS version 3.8.1.4 and prior contain an Improper Certificate... |
| CVE-2025-26477 | 2025-04-17 | Dell ECS version 3.8.1.4 and prior contain an Improper Input... |
| CVE-2025-3760 | 2025-04-17 | A stored cross-site scripting (XSS) vulnerability exists with radio button... |
| CVE-2022-26323 | 2025-04-17 | Incorrect Use of Privileged vulnerability has been discovered on OpenText™ UCMDB and Operation Bridge Manager product. |
| CVE-2025-3651 | 2025-04-17 | Command Injection in iManage Work Desktop for Mac's Agent Service |
| CVE-2025-25234 | 2025-04-17 | Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability.... |
| CVE-2025-39464 | 2025-04-17 | WordPress AdminQuickbar plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39462 | 2025-04-17 | WordPress Smart Agreements plugin <= 1.0.3 - Local File Inclusion vulnerability |
| CVE-2025-39461 | 2025-04-17 | WordPress Docket Cache plugin <= 24.07.02 - Local File Inclusion vulnerability |
| CVE-2025-39457 | 2025-04-17 | WordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerability |
| CVE-2025-39456 | 2025-04-17 | WordPress WP Logger plugin <= 2.2 - Broken Access Control vulnerability |
| CVE-2025-39455 | 2025-04-17 | WordPress IP2Location Variables plugin <= 2.9.5 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39453 | 2025-04-17 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.9.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-39452 | 2025-04-17 | WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability |
| CVE-2025-39443 | 2025-04-17 | WordPress Verge3D plugin <= 4.9.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39444 | 2025-04-17 | WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39442 | 2025-04-17 | WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39441 | 2025-04-17 | WordPress Dashboard Notepads plugin <= 1.2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-39440 | 2025-04-17 | WordPress Broken Links Remover plugin <= 1.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-39439 | 2025-04-17 | WordPress wpLike2Get plugin <= 1.2.9 - Sensitive Data Exposure vulnerability |
| CVE-2025-39438 | 2025-04-17 | WordPress Theme Changer plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39437 | 2025-04-17 | WordPress Anthologize plugin <= 0.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39436 | 2025-04-17 | WordPress I Draw <= 1.0 - Arbitrary File Upload Vulnerability |
| CVE-2025-39435 | 2025-04-17 | WordPress My Marginalia plugin <= 1.0.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-39434 | 2025-04-17 | WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2025-39433 | 2025-04-17 | WordPress Bknewsticker plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability |