VULNMAP - Security Vulnerabilities

CVE List - 2025 / April

Showing 3201 - 3300 of 4038 CVEs for April 2025 (Page 33 of 41)

CVE ID Date Title
CVE-2025-43972 2025-04-21 An issue was discovered in GoBGP before 3.35.0. An attacker...
CVE-2025-43973 2025-04-21 An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does...
CVE-2025-0632 2025-04-21 Local File Inclusion (LFI) leading to sensitive data exposure
CVE-2025-25228 2025-04-21 Extension - virtuemart.net - SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla
CVE-2025-3837 2025-04-21 Improper Input Validation vulnerability in the End of Life (EOL) OVA based connect component
CVE-2025-3838 2025-04-21 Improper Authorization in the installer for the EOL OVA based connect component
CVE-2025-3840 2025-04-21 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12862 2025-04-21 REST API allows users without permissions to remove external collaborators
CVE-2025-2517 2025-04-21 Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager
CVE-2025-2298 2025-04-21 Authenticated API Endpoint Allows Arbitrary File Deletion in Dremio Software
CVE-2024-12863 2025-04-21 Stored XSS in Discussions functionality
CVE-2025-3857 2025-04-21 Infinite loop condition in Amazon.IonDotnet
CVE-2024-12543 2025-04-21 A user enumeration and subsequent data integrity vulnerability affecting barcode functionality
CVE-2025-32431 2025-04-21 Traefik has a possible vulnerability with the path matchers
CVE-2025-32793 2025-04-21 Cilium packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters
CVE-2025-23174 2025-04-21 Yoel Geva - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-27086 2025-04-21 A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI...
CVE-2025-3841 2025-04-21 wix-incubator jam Jinja2 Template jam.py special elements used in a template engine
CVE-2025-3842 2025-04-21 panhainan DS-Java FileUpload.java uploadUserPic.action code injection
CVE-2025-32958 2025-04-21 Adept exposed the GITHUB_TOKEN in workflow run artifact
CVE-2025-32956 2025-04-21 ManageWiki has SQL injection vulnerability in NamespaceMigrationJob
CVE-2025-32955 2025-04-21 Harden-Runner Evasion of 'disable-sudo' policy
CVE-2025-3843 2025-04-21 panhainan DS-Java cross-site request forgery
CVE-2025-3845 2025-04-21 markparticle WebServer buffer.cpp HasWritten buffer overflow
CVE-2025-3846 2025-04-21 markparticle WebServer Registration httprequest.cpp sql injection
CVE-2025-3847 2025-04-21 markparticle WebServer Login httprequest.cpp sql injection
CVE-2025-2987 2025-04-21 IBM Maximo Asset Management server-side request forgery
CVE-2025-3849 2025-04-21 YXJ2018 SpringBoot-Vue-OnlineExam studentPWD unverified password change
CVE-2023-43378 2025-04-22 A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers...
CVE-2023-43958 2025-04-22 An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of...
CVE-2023-44752 2025-04-22 An issue in Student Study Center Desk Management System v1.0...
CVE-2023-44753 2025-04-22 A stored cross-site scripting (XSS) vulnerability fin Student Management System...
CVE-2023-44755 2025-04-22 Sacco Management system v1.0 was discovered to contain a SQL...
CVE-2024-33452 2025-04-22 An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a...
CVE-2024-40445 2025-04-22 A directory traversal vulnerability in forkosh Mime TeX before version...
CVE-2024-40446 2025-04-22 An issue in forkosh Mime Tex before v.1.77 allows an...
CVE-2024-46546 2025-04-22 NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain...
CVE-2024-53568 2025-04-22 A stored cross-site scripting (XSS) vulnerability in the Image Upload...
CVE-2024-53569 2025-04-22 A stored cross-site scripting (XSS) vulnerability in the New Goal...
CVE-2024-58250 2025-04-22 The passprompt plugin in pppd in ppp before 2.5.2 mishandles...
CVE-2025-26159 2025-04-22 Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS)...
CVE-2025-28024 2025-04-22 TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow...
CVE-2025-28026 2025-04-22 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129...
CVE-2025-28027 2025-04-22 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129...
CVE-2025-28029 2025-04-22 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129...
CVE-2025-28030 2025-04-22 TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow...
CVE-2025-28031 2025-04-22 TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a hardcoded password...
CVE-2025-28032 2025-04-22 TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU...
CVE-2025-28033 2025-04-22 TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU...
CVE-2025-28034 2025-04-22 TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU...
CVE-2025-28035 2025-04-22 TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote...
CVE-2025-28036 2025-04-22 TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote...
CVE-2025-28037 2025-04-22 TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain...
CVE-2025-28038 2025-04-22 TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote...
CVE-2025-28039 2025-04-22 TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote...
CVE-2025-29339 2025-04-22 An issue in UPF in Open5GS UPF versions up to...
CVE-2025-29547 2025-04-22 In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allows...
CVE-2025-29621 2025-04-22 Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a content...
CVE-2025-29743 2025-04-22 D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection...
CVE-2025-43946 2025-04-22 TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File...
CVE-2025-43947 2025-04-22 Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing...
CVE-2025-43948 2025-04-22 Codemers KLIMS 1.6.DEV allows Python code injection. A user can...
CVE-2025-43949 2025-04-22 MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is...
CVE-2025-43950 2025-04-22 DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens by...
CVE-2025-43951 2025-04-22 LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated...
CVE-2025-43952 2025-04-22 A cross-site scripting (reflected XSS) vulnerability was found in Mettler...
CVE-2025-3850 2025-04-22 YXJ2018 SpringBoot-Vue-OnlineExam API improper authentication
CVE-2025-3854 2025-04-22 H3C GR-3000AX HTTP POST Request aspForm Edit_List_SSID buffer overflow
CVE-2025-3855 2025-04-22 CodeCanyon RISE Ultimate Project Manager Profile Picture save_profile_image resource injection
CVE-2025-3856 2025-04-22 xxyopen Novel-Plus searchByPage sql injection
CVE-2025-1731 2025-04-22 An incorrect permission assignment vulnerability in the PostgreSQL commands of...
CVE-2025-1732 2025-04-22 An improper privilege management vulnerability in the recovery function of...
CVE-2025-3577 2025-04-22 **UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web...
CVE-2025-2300 2025-04-22 Information exposure vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA
CVE-2024-46899 2025-04-22 Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF
CVE-2025-3616 2025-04-22 Greenshift 11.4 - 11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-2839 2025-04-22 WP Import Export Lite <= 3.9.27 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
CVE-2025-3814 2025-04-22 Tax Switch for WooCommerce <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via class-name Parameter
CVE-2024-13569 2025-04-22 Front End Users <= 3.2.32 - Reflected XSS
CVE-2025-2594 2025-04-22 User Registration & Membership < 4.1.3 - Authentication Bypass
CVE-2025-26413 2025-04-22 Apache Kvrocks: The server was crashed by the negative offset
CVE-2025-3518 2025-04-22 File upload functionality possible even when disabled
CVE-2025-3519 2025-04-22 Replace uploaded files knowing the file upload ID
CVE-2025-46225 2025-04-22 WordPress Post in page for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-46226 2025-04-22 WordPress MPL-Publisher <= 2.18.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46227 2025-04-22 WordPress Custom Related Posts <= 1.7.4 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46228 2025-04-22 WordPress Event post <= 5.9.11 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46229 2025-04-22 WordPress Textmetrics <= 3.6.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46231 2025-04-22 WordPress affiliate-toolkit <= 3.7.3 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-46232 2025-04-22 WordPress Download Alt Text AI <= 1.9.93 - Broken Access Control Vulnerability
CVE-2025-46233 2025-04-22 WordPress Sirv <= 7.5.3 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46235 2025-04-22 WordPress SKT Blocks – Gutenberg based Page Builder <= 2.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46236 2025-04-22 WordPress HTML Forms <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46237 2025-04-22 WordPress Link Library <= 7.8 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46238 2025-04-22 WordPress List Last Changes <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46239 2025-04-22 WordPress Theme Switcha <= 3.4 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46240 2025-04-22 WordPress Simple Download Counter <= 2.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46241 2025-04-22 WordPress Appointment Booking Calendar plugin <= 1.3.92 - CSRF to SQL Injection vulnerability
CVE-2025-46242 2025-04-22 WordPress Watu Quiz <= 3.4.3 - SQL Injection Vulnerability
CVE-2025-46243 2025-04-22 WordPress Recover abandoned cart for WooCommerce <= 2.2 - Cross Site Request Forgery (CSRF) Vulnerability