CVE List - 2025 / April
Showing 3101 - 3200 of 4038 CVEs for April 2025 (Page 32 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-3792 | 2025-04-18 | SeaCMS admin_link.php sql injection |
| CVE-2025-29953 | 2025-04-18 | Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass |
| CVE-2025-32434 | 2025-04-18 | PyTorch: `torch.load` with `weights_only=True` leads to remote code execution |
| CVE-2025-27599 | 2025-04-18 | Element X Android vulnerable to loading malicious web pages via received intent |
| CVE-2025-29784 | 2025-04-18 | NamelessMC Has Lack of Length Validation for s Parameter in GET Requests |
| CVE-2025-30158 | 2025-04-18 | NamelessMC Forum iframe width/height abuse causing UI-based Denial of Service |
| CVE-2025-30357 | 2025-04-18 | NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion |
| CVE-2025-31118 | 2025-04-18 | NamelessMC Has Forum Reply Submission Time Limit Bypass |
| CVE-2025-31120 | 2025-04-18 | NamelessMC Vulnerable to Cookie-Based View Count Manipulation |
| CVE-2025-32389 | 2025-04-18 | NamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports Pages |
| CVE-2025-32442 | 2025-04-18 | Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass |
| CVE-2025-32792 | 2025-04-18 | ses's global contour bindings leak into Compartment lexical scope |
| CVE-2025-32795 | 2025-04-18 | Dify Allows Insecure User Role Access Control for APP Editing |
| CVE-2025-32796 | 2025-04-18 | Dify Allows Unauthorized APP Enable/Disable via API |
| CVE-2025-1697 | 2025-04-18 | HP Touchpoint Analytics Service – Potential Escalation of Privilege |
| CVE-2025-24914 | 2025-04-18 | Local Priviledge Escalation |
| CVE-2025-36625 | 2025-04-18 | Log Poisoning in Nessus |
| CVE-2025-32377 | 2025-04-18 | Rasa Pro Missing Authentication For Voice Connector APIs |
| CVE-2025-3795 | 2025-04-18 | DaiCuo SEO Optimization Settings Section cross site scripting |
| CVE-2025-32953 | 2025-04-18 | z80pack Vulnerable to Exposure of the GITHUB_TOKEN in Workflow Run Artifact |
| CVE-2025-3796 | 2025-04-18 | PHPGurukul Men Salon Management System contact-us.php sql injection |
| CVE-2022-47111 | 2025-04-19 | 7-Zip 22.01 does not report an error for certain invalid... |
| CVE-2022-47112 | 2025-04-19 | 7-Zip 22.01 does not report an error for certain invalid... |
| CVE-2023-26819 | 2025-04-19 | cJSON 1.7.15 might allow a denial of service via a... |
| CVE-2023-30421 | 2025-04-19 | mystrtod in mjson 1.2.7 requires more than a billion iterations... |
| CVE-2025-43917 | 2025-04-19 | In Pritunl Client before 1.3.4220.57, an administrator with access to... |
| CVE-2025-43918 | 2025-04-19 | SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used,... |
| CVE-2025-3284 | 2025-04-19 | User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion |
| CVE-2025-3278 | 2025-04-19 | UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation |
| CVE-2025-2010 | 2025-04-19 | JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin <= 2.3.9 - Unauthenticated SQL Injection |
| CVE-2025-1093 | 2025-04-19 | AIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_image |
| CVE-2025-3275 | 2025-04-19 | Themesflat Addons For Elementor <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-1457 | 2025-04-19 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2025-3103 | 2025-04-19 | CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File Read |
| CVE-2025-2111 | 2025-04-19 | WP Headers And Footers <= 3.1.1 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2025-3809 | 2025-04-19 | Debug Log Manager <= 2.3.4 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-13926 | 2025-04-19 | WP-Syntax <= 1.2 - Author+ Potential ReDoS |
| CVE-2025-3797 | 2025-04-19 | SeaCMS admin_topic.php sql injection |
| CVE-2021-4455 | 2025-04-19 | Wordpress Plugin Smart Product Review <= 1.0.4 - Unauthenticated Arbitrary File Upload |
| CVE-2025-3404 | 2025-04-19 | Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion |
| CVE-2025-3661 | 2025-04-19 | SB Chart block <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter |
| CVE-2025-3798 | 2025-04-19 | WCMS Advertisement Image AdvadminController.php sub unrestricted upload |
| CVE-2025-3799 | 2025-04-19 | WCMS AnonymousController.php sql injection |
| CVE-2025-3800 | 2025-04-19 | WCMS AnonymousController.php sql injection |
| CVE-2025-3801 | 2025-04-19 | songquanpeng one-api System Setting cross site scripting |
| CVE-2025-3802 | 2025-04-19 | Tenda W12/i24 httpd cgiPingSet stack-based overflow |
| CVE-2025-3803 | 2025-04-19 | Tenda W12/i24 httpd cgiSysScheduleRebootSet stack-based overflow |
| CVE-2025-3804 | 2025-04-19 | thautwarm vscode-diana Jinja2 Template Gen.py injection |
| CVE-2025-3805 | 2025-04-19 | sarrionandia tournatrack Jinja2 Template check_id.py injection |
| CVE-2025-3806 | 2025-04-19 | dazhouda lecms Edit Profile admin cross site scripting |
| CVE-2025-3807 | 2025-04-19 | zhenfeng13 My-BBS Endpoint UploadController.java upload unrestricted upload |
| CVE-2025-3808 | 2025-04-19 | zhenfeng13 My-BBS cross-site request forgery |
| CVE-2025-3816 | 2025-04-19 | westboy CicadasCMS Scheduled Task save os command injection |
| CVE-2025-3817 | 2025-04-19 | SourceCodester Online Eyewear Shop Master.php sql injection |
| CVE-2025-3818 | 2025-04-19 | webpy web.py db.py PostgresDB._process_insert_query sql injection |
| CVE-2025-3819 | 2025-04-19 | PHPGurukul Men Salon Management System search-appointment.php sql injection |
| CVE-2025-3820 | 2025-04-19 | Tenda W12/i24 httpd cgiSysUplinkCheckSet stack-based overflow |
| CVE-2020-36844 | 2025-04-20 | The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected... |
| CVE-2020-36845 | 2025-04-20 | The KnowBe4 Security Awareness Training application before 2020-01-10 contains a... |
| CVE-2025-43919 | 2025-04-20 | GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows... |
| CVE-2025-43920 | 2025-04-20 | GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in... |
| CVE-2025-43921 | 2025-04-20 | GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows... |
| CVE-2025-43928 | 2025-04-20 | In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web... |
| CVE-2025-43929 | 2025-04-20 | open_actions.py in kitty before 0.41.0 does not ask for user... |
| CVE-2025-43954 | 2025-04-20 | QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even... |
| CVE-2025-43955 | 2025-04-20 | TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use... |
| CVE-2025-43961 | 2025-04-20 | In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in... |
| CVE-2025-43962 | 2025-04-20 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads... |
| CVE-2025-43963 | 2025-04-20 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access... |
| CVE-2025-43964 | 2025-04-20 | In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in... |
| CVE-2025-43966 | 2025-04-20 | libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden... |
| CVE-2025-43967 | 2025-04-20 | libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder... |
| CVE-2025-3821 | 2025-04-20 | SourceCodester Web-based Pharmacy Product Management System add-admin.php cross site scripting |
| CVE-2025-3822 | 2025-04-20 | SourceCodester Web-based Pharmacy Product Management System changepassword.php cross site scripting |
| CVE-2025-3823 | 2025-04-20 | SourceCodester Web-based Pharmacy Product Management System add-stock.php cross site scripting |
| CVE-2025-3824 | 2025-04-20 | SourceCodester Web-based Pharmacy Product Management System add-product.php cross site scripting |
| CVE-2025-3825 | 2025-04-20 | SourceCodester Web-based Pharmacy Product Management System add-category.php cross site scripting |
| CVE-2025-3826 | 2025-04-20 | SourceCodester Web-based Pharmacy Product Management System add-supplier.php cross site scripting |
| CVE-2025-3827 | 2025-04-20 | PHPGurukul Men Salon Management System forgot-password.php sql injection |
| CVE-2025-3828 | 2025-04-20 | PHPGurukul Men Salon Management System view-appointment.php sql injection |
| CVE-2025-3829 | 2025-04-20 | PHPGurukul Men Salon Management System sales-reports-detail.php sql injection |
| CVE-2025-3830 | 2025-04-20 | kuangstudy KuangSimpleBBS QuestionController.java fileUpload unrestricted upload |
| CVE-2024-41446 | 2025-04-21 | A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0... |
| CVE-2024-42699 | 2025-04-21 | Cross Site Scripting vulnerability in Create/Modify article function in Alkacon... |
| CVE-2024-57394 | 2025-04-21 | The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security... |
| CVE-2025-28099 | 2025-04-21 | opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp, |
| CVE-2025-28102 | 2025-04-21 | A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers... |
| CVE-2025-28103 | 2025-04-21 | Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily... |
| CVE-2025-28104 | 2025-04-21 | Incorrect access control in laskBlog v2.6.1 allows attackers to access... |
| CVE-2025-28121 | 2025-04-21 | code-projects Online Exam Mastering System 1.0 is vulnerable to Cross... |
| CVE-2025-28367 | 2025-04-21 | mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API... |
| CVE-2025-29287 | 2025-04-21 | An arbitrary file upload vulnerability in the ueditor component of... |
| CVE-2025-29446 | 2025-04-21 | open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function... |
| CVE-2025-29659 | 2025-04-21 | Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution... |
| CVE-2025-29660 | 2025-04-21 | A vulnerability exists in the daemon process of the Yi... |
| CVE-2025-32408 | 2025-04-21 | In Soffid Console 3.6.31 before 3.6.32, authorization to use the... |
| CVE-2025-43916 | 2025-04-21 | Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used,... |
| CVE-2025-43922 | 2025-04-21 | The FileWave Windows client before 16.0.0, in some non-default configurations,... |
| CVE-2025-43970 | 2025-04-21 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does... |
| CVE-2025-43971 | 2025-04-21 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows... |