CVE List - 2025 / April

Showing 3301 - 3400 of 4038 CVEs for April 2025 (Page 34 of 41)

Back to List Previous Next

CVE ID	Date	Title
CVE-2025-46244	2025-04-22	WordPress Advanced Linked Variations for Woocommerce <= 1.0.3 - Broken Access Control Vulnerability
CVE-2025-46245	2025-04-22	WordPress CM Ad Changer <= 2.0.5 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-46246	2025-04-22	WordPress CM Answers <= 3.3.3 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-46247	2025-04-22	WordPress Appointment Booking Calendar <= 1.3.92 - Broken Access Control Vulnerability
CVE-2025-46249	2025-04-22	WordPress Simple calendar for Elementor <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-46250	2025-04-22	WordPress VForm <= 3.1.14 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46251	2025-04-22	WordPress VikRestaurants Table Reservations and Take-Away plugin <= 1.3.3 - CSRF to Stored XSS vulnerability
CVE-2025-46252	2025-04-22	WordPress Message Filter for Contact Form 7 plugin <= 1.6.3.2 - SQL Injection vulnerability
CVE-2025-46253	2025-04-22	WordPress GutenKit plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-46254	2025-04-22	WordPress Visual Composer Website Builder plugin <= 45.10.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-3457	2025-04-22	Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2025-3472	2025-04-22	Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution
CVE-2025-3458	2025-04-22	Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id'
CVE-2024-11299	2025-04-22	Memberpress <= 1.11.37 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
CVE-2025-2092	2025-04-22	Remote site authentication secrets written to web log
CVE-2025-23175	2025-04-22	Tecnick - Multiple XSS (CWE-79)
CVE-2025-23176	2025-04-22	Tecnick – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-1950	2025-04-22	IBM Hardware Management Console - Power Systems command execution
CVE-2025-1951	2025-04-22	IBM Hardware Management Console - Power Systems command execution
CVE-2025-3767	2025-04-22	SQL Injection in Centreon BAM boolean KPI listing
CVE-2025-23249	2025-04-22	NVIDIA NeMo Framework contains a vulnerability where a user could...
CVE-2025-23250	2025-04-22	NVIDIA NeMo Framework contains a vulnerability where an attacker could...
CVE-2025-23251	2025-04-22	NVIDIA NeMo Framework contains a vulnerability where a user could...
CVE-2025-27907	2025-04-22	IBM WebSphere Application Server server-side request forgery
CVE-2025-34028	2025-04-22	Commvault Command Center Innovation Release Unathenticated Install Package Path Traversal
CVE-2025-32788	2025-04-22	OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
CVE-2025-32950	2025-04-22	io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage
CVE-2025-32963	2025-04-22	Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
CVE-2025-32964	2025-04-22	ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions
CVE-2025-32952	2025-04-22	io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage
CVE-2025-32951	2025-04-22	io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API
CVE-2025-32959	2025-04-22	CUBA Vulnerable to Denial of Service (DoS) in the File Storage
CVE-2025-32960	2025-04-22	CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint
CVE-2025-32961	2025-04-22	CUBA JPA Web API Vulnerable to Cross-Site Scripting (XSS) in the /download Endpoint
CVE-2025-31327	2025-04-22	OData meta-data property entity tampering in SAP Field Logistics
CVE-2025-31328	2025-04-22	Cross-Site Request Forgery (CSRF) vulnerability in SAP S/4 HANA (Learning Solution)
CVE-2025-23253	2025-04-22	NVIDIA NvContainer service for Windows contains a vulnerability in its...
CVE-2025-32965	2025-04-22	Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2
CVE-2025-37087	2025-04-22	A vulnerability in the cmdb service of the HPE Performance...
CVE-2025-27087	2025-04-22	A vulnerability in the kernel of the Cray Operating System...
CVE-2025-37088	2025-04-22	A security vulnerability has been identified in HPE Cray Data...
CVE-2024-58251	2025-04-23	In netstat in BusyBox through 1.37.0, local users can launch...
CVE-2025-27580	2025-04-23	NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67...
CVE-2025-27581	2025-04-23	NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67...
CVE-2025-28017	2025-04-23	TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi...
CVE-2025-28018	2025-04-23	TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow...
CVE-2025-28019	2025-04-23	TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow...
CVE-2025-28020	2025-04-23	TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow...
CVE-2025-28021	2025-04-23	TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow...
CVE-2025-28022	2025-04-23	TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow...
CVE-2025-28025	2025-04-23	TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129...
CVE-2025-28028	2025-04-23	TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129...
CVE-2025-28169	2025-04-23	BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to v3.0_13.1.7.2312290.1_0 was...
CVE-2025-29526	2025-04-23	A Cross-Site Scripting (XSS) vulnerability in the search function of...
CVE-2025-43716	2025-04-23	A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway...
CVE-2025-43965	2025-04-23	In MIFF image processing in ImageMagick before 7.1.1-44, image depth...
CVE-2025-45427	2025-04-23	In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter...
CVE-2025-45428	2025-04-23	In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter...
CVE-2025-45429	2025-04-23	In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there...
CVE-2025-46393	2025-04-23	In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size...
CVE-2025-46394	2025-04-23	In tar in BusyBox through 1.37.0, a TAR archive can...
CVE-2025-1021	2025-04-23	Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM)...
CVE-2025-1056	2025-04-23	Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program,...
CVE-2025-0926	2025-04-23	Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program,...
CVE-2025-0618	2025-04-23	A malicious third party could invoke a persistent denial of...
CVE-2025-3529	2025-04-23	WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter
CVE-2025-3530	2025-04-23	WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Product Price Manipulation
CVE-2025-2595	2025-04-23	Forced Browsing Vulnerability in CODESYS Visualization
CVE-2025-1054	2025-04-23	UiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
CVE-2024-10306	2025-04-23	Mod_proxy_cluster: mod_proxy_cluster unauthorized mcmp requests
CVE-2025-42600	2025-04-23	Brute Force Attack Vulnerability in Meon KYC solutions
CVE-2025-42601	2025-04-23	Captcha Bypass Vulnerability in Meon KYC solutions
CVE-2025-42602	2025-04-23	Improper Authentication Vulnerability in Meon KYC solutions
CVE-2025-42603	2025-04-23	Information Disclosure Vulnerability in Meon KYC solutions
CVE-2025-42604	2025-04-23	Detailed Error Response Vulnerability in Meon KYC solutions
CVE-2025-42605	2025-04-23	Improper Access Control Vulnerability in Meon Bidding Solutions
CVE-2025-2703	2025-04-23	The built-in XY Chart plugin is vulnerable to a DOM...
CVE-2025-32966	2025-04-23	Dataease H2 JDBC Connection Remote Code Execution
CVE-2025-32968	2025-04-23	org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API
CVE-2025-32969	2025-04-23	org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API
CVE-2025-21605	2025-04-23	Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
CVE-2024-47829	2025-04-23	pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
CVE-2025-1045	2025-04-23	Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-1046	2025-04-23	Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2025-1047	2025-04-23	Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability
CVE-2025-1048	2025-04-23	Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability
CVE-2025-1049	2025-04-23	Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-1050	2025-04-23	Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-1520	2025-04-23	PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability
CVE-2025-1521	2025-04-23	PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability
CVE-2025-1522	2025-04-23	PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
CVE-2025-2760	2025-04-23	GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2025-2761	2025-04-23	GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-2762	2025-04-23	CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability
CVE-2025-2763	2025-04-23	CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability
CVE-2025-2764	2025-04-23	CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability
CVE-2025-2765	2025-04-23	CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability
CVE-2025-2767	2025-04-23	Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability
CVE-2025-2768	2025-04-23	Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVE-2025-2769	2025-04-23	Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability