CVE List - 2025 / April
Showing 3001 - 3100 of 4038 CVEs for April 2025 (Page 31 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-23448 | 2025-04-17 | WordPress visualslider Sldier plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23443 | 2025-04-17 | WordPress Author Showcase plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-42921 | 2025-04-17 | In JetBrains Toolbox App before 2.6 host key verification was... |
| CVE-2025-43012 | 2025-04-17 | In JetBrains Toolbox App before 2.6 command injection in SSH... |
| CVE-2025-43013 | 2025-04-17 | In JetBrains Toolbox App before 2.6 unencrypted credential transmission during... |
| CVE-2025-43014 | 2025-04-17 | In JetBrains Toolbox App before 2.6 the SSH plugin established... |
| CVE-2025-43015 | 2025-04-17 | In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to... |
| CVE-2025-2947 | 2025-04-17 | IBM i privilege escalation |
| CVE-2020-36789 | 2025-04-17 | can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context |
| CVE-2021-47668 | 2025-04-17 | can: dev: can_restart: fix use after free bug |
| CVE-2021-47669 | 2025-04-17 | can: vxcan: vxcan_xmit: fix use after free bug |
| CVE-2021-47670 | 2025-04-17 | can: peak_usb: fix use after free bugs |
| CVE-2021-47671 | 2025-04-17 | can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path |
| CVE-2025-3762 | 2025-04-17 | PCMan FTP Server MPUT Command buffer overflow |
| CVE-2025-3763 | 2025-04-17 | SourceCodester Phone Management System Password main buffer overflow |
| CVE-2024-42177 | 2025-04-17 | HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities |
| CVE-2025-3764 | 2025-04-17 | SourceCodester Web-based Pharmacy Product Management System edit-product.php unrestricted upload |
| CVE-2025-3765 | 2025-04-17 | SourceCodester Web-based Pharmacy Product Management System edit-photo.php unrestricted upload |
| CVE-2024-42178 | 2025-04-17 | HCL MyXalytics is affected by a failure to restrict URL access vulnerability |
| CVE-2025-3124 | 2025-04-17 | Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names |
| CVE-2025-3509 | 2025-04-17 | Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation |
| CVE-2025-3246 | 2025-04-17 | Markdown math block sanitization bypass allows privilege escalation and unauthorized workflow triggers |
| CVE-2024-29643 | 2025-04-18 | An issue in croogo v.3.0.2 allows an attacker to perform... |
| CVE-2024-41447 | 2025-04-18 | A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0... |
| CVE-2024-46089 | 2025-04-18 | 74cms <=3.33 is vulnerable to remote code execution (RCE) in... |
| CVE-2024-53591 | 2025-04-18 | An issue in the login page of Seclore v3.27.5.0 allows... |
| CVE-2024-57493 | 2025-04-18 | An issue in redoxOS relibc before commit 98aa4ea5 allows a... |
| CVE-2025-25983 | 2025-04-18 | An issue in Macro-video Technologies Co.,Ltd V380 Pro android application... |
| CVE-2025-25984 | 2025-04-18 | An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR)... |
| CVE-2025-25985 | 2025-04-18 | An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR)... |
| CVE-2025-28059 | 2025-04-18 | An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows... |
| CVE-2025-28197 | 2025-04-18 | Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py. |
| CVE-2025-28228 | 2025-04-18 | A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium... |
| CVE-2025-28229 | 2025-04-18 | Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and... |
| CVE-2025-28230 | 2025-04-18 | Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers... |
| CVE-2025-28231 | 2025-04-18 | Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows... |
| CVE-2025-28232 | 2025-04-18 | Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150... |
| CVE-2025-28233 | 2025-04-18 | Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990)... |
| CVE-2025-28235 | 2025-04-18 | An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft... |
| CVE-2025-28236 | 2025-04-18 | Nautel VX Series transmitters VX SW v6.4.0 and below was... |
| CVE-2025-28237 | 2025-04-18 | An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows... |
| CVE-2025-28238 | 2025-04-18 | Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment... |
| CVE-2025-28242 | 2025-04-18 | Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO... |
| CVE-2025-28355 | 2025-04-18 | Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site... |
| CVE-2025-29058 | 2025-04-18 | An issue in Qimou CMS v.3.34.0 allows a remote attacker... |
| CVE-2025-29209 | 2025-04-18 | TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in... |
| CVE-2025-29512 | 2025-04-18 | Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows... |
| CVE-2025-29513 | 2025-04-18 | Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows... |
| CVE-2025-29625 | 2025-04-18 | A buffer overflow vulnerability in Astrolog v7.70 allows attackers to... |
| CVE-2025-43903 | 2025-04-18 | NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1... |
| CVE-2025-25427 | 2025-04-18 | XSS in TP-Link TL-WR841N v14/v14.6/v14.8 Upnp page |
| CVE-2025-0467 | 2025-04-18 | GPU DDK - rgxfw_hwperf_get_packet_buffer OOB write |
| CVE-2025-3520 | 2025-04-18 | Avatar <= 0.1.4 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2024-13650 | 2025-04-18 | Piotnet Addons For Elementor <= 2.4.34 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-2613 | 2025-04-18 | Login Manager – Design Login Page, View Login Activity, Limit Login Attempts <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom URL |
| CVE-2025-42599 | 2025-04-18 | Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based... |
| CVE-2025-39471 | 2025-04-18 | WordPress Modal Survey plugin <= 2.0.2.0.1 - SQL Injection vulnerability |
| CVE-2025-39470 | 2025-04-18 | WordPress Ivy School <= 1.6.0 - Local File Inclusion Vulnerability |
| CVE-2025-39469 | 2025-04-18 | WordPress Modal Survey plugin <= 2.0.2.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-3598 | 2025-04-18 | Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter |
| CVE-2025-3783 | 2025-04-18 | SourceCodester Web-based Pharmacy Product Management System add-product.php unrestricted upload |
| CVE-2025-1863 | 2025-04-18 | Insecure default settings for recorder products |
| CVE-2025-2162 | 2025-04-18 | MapPress Maps for WordPress < 2.94.10 - Admin+ Stored XSS |
| CVE-2025-37785 | 2025-04-18 | ext4: fix OOB read when checking dotdot dir |
| CVE-2025-37860 | 2025-04-18 | sfc: fix NULL dereferences in ef100_process_design_param() |
| CVE-2025-37893 | 2025-04-18 | LoongArch: BPF: Fix off-by-one error in build_prologue() |
| CVE-2025-37925 | 2025-04-18 | jfs: reject on-disk inodes of an unsupported type |
| CVE-2025-38049 | 2025-04-18 | x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors |
| CVE-2025-38104 | 2025-04-18 | drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV |
| CVE-2025-38152 | 2025-04-18 | remoteproc: core: Clear table_sz when rproc_shutdown |
| CVE-2025-38240 | 2025-04-18 | drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr |
| CVE-2025-38479 | 2025-04-18 | dmaengine: fsl-edma: free irq correctly in remove path |
| CVE-2025-38575 | 2025-04-18 | ksmbd: use aead_request_free to match aead_request_alloc |
| CVE-2025-38637 | 2025-04-18 | net_sched: skbprio: Remove overly strict queue assertions |
| CVE-2025-39688 | 2025-04-18 | nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() |
| CVE-2025-39728 | 2025-04-18 | clk: samsung: Fix UBSAN panic in samsung_clk_init() |
| CVE-2025-39735 | 2025-04-18 | jfs: fix slab-out-of-bounds read in ea_get() |
| CVE-2025-39755 | 2025-04-18 | staging: gpib: Fix cb7210 pcmcia Oops |
| CVE-2025-39778 | 2025-04-18 | objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() |
| CVE-2025-39930 | 2025-04-18 | ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai() |
| CVE-2025-39989 | 2025-04-18 | x86/mce: use is_copy_from_user() to determine copy-from-user context |
| CVE-2025-40014 | 2025-04-18 | objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() |
| CVE-2025-40114 | 2025-04-18 | iio: light: Add check for array bounds in veml6075_read_int_time_ms |
| CVE-2025-40325 | 2025-04-18 | md/raid10: wait barrier before returning discard request with REQ_NOWAIT |
| CVE-2025-3056 | 2025-04-18 | Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2025-3785 | 2025-04-18 | D-Link DWR-M961 Authorization Interface formStaticDHCP stack-based overflow |
| CVE-2025-2492 | 2025-04-18 | An improper authentication control vulnerability exists in AiCloud. This vulnerability... |
| CVE-2025-3786 | 2025-04-18 | Tenda AC15 WifiExtraSet fromSetWirelessRepeat buffer overflow |
| CVE-2025-3106 | 2025-04-18 | LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget |
| CVE-2025-3787 | 2025-04-18 | PbootCMS Image server-side request forgery |
| CVE-2025-3788 | 2025-04-18 | baseweb JSite save cross site scripting |
| CVE-2024-49808 | 2025-04-18 | IBM Sterling Connect:Direct Web Services improper authorization |
| CVE-2024-45651 | 2025-04-18 | IBM Sterling Connect:Direct Web Services session fixation |
| CVE-2025-32790 | 2025-04-18 | Dify Allows Insecure User Role Access Control for APP DSL Exporting |
| CVE-2025-3789 | 2025-04-18 | baseweb JSite save cross site scripting |
| CVE-2025-3790 | 2025-04-18 | baseweb JSite Apache Druid Monitoring Console index.html access control |
| CVE-2025-40364 | 2025-04-18 | io_uring: fix io_req_prep_async with provided buffers |
| CVE-2025-37838 | 2025-04-18 | HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition |
| CVE-2025-3791 | 2025-04-18 | symisc UnQLite unqlite.c jx9MemObjStore heap-based overflow |
| CVE-2025-2950 | 2025-04-18 | IBM i improper HTTP header neutralization |