VULNMAP - Security Vulnerabilities

CVE List - 2025 / April

Showing 3401 - 3500 of 4038 CVEs for April 2025 (Page 35 of 41)

CVE ID Date Title
CVE-2025-2770 2025-04-23 BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability
CVE-2025-2771 2025-04-23 BEC Technologies Multiple Routers Authentication Bypass Vulnerability
CVE-2025-2772 2025-04-23 BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability
CVE-2025-2773 2025-04-23 BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability
CVE-2025-3900 2025-04-23 Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041
CVE-2025-3901 2025-04-23 Bootstrap Site Alert - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-042
CVE-2025-3902 2025-04-23 Block Class - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-043
CVE-2025-3903 2025-04-23 UEditor - 百度编辑器 - Critical - Unsupported - SA-CONTRIB-2025-044
CVE-2025-3904 2025-04-23 Sportsleague - Critical - Unsupported - SA-CONTRIB-2025-045
CVE-2025-3907 2025-04-23 Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046
CVE-2025-32818 2025-04-23 A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual...
CVE-2025-46397 2025-04-23 Xfig: fig2dev stack-overflow
CVE-2025-46398 2025-04-23 Xfig: fig2dev stack-overflow via read_objects
CVE-2025-46399 2025-04-23 Xfig: fig2dev segmentation fault in genge_itp_spline
CVE-2025-46400 2025-04-23 Xfig: fig2dev segmentation fault in read_arcobject
CVE-2024-22351 2025-04-23 IBM InfoSphere Information Server session fixation
CVE-2025-25045 2025-04-23 IBM InfoSphere Information Server information disclosure
CVE-2025-25046 2025-04-23 IBM InfoSphere Information Server information disclosure
CVE-2025-25777 2025-04-24 Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking...
CVE-2025-29529 2025-04-24 ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain...
CVE-2025-29568 2025-04-24 A vulnerability has been discovered in the code-projects Online Class...
CVE-2025-44134 2025-04-24 A vulnerability was found in Code-Projects Online Class and Exam...
CVE-2025-44135 2025-04-24 A vulnerability was found in code-projects Online Class and Exam...
CVE-2025-46417 2025-04-24 The unsafe globals in Picklescan before 0.0.25 do not include...
CVE-2025-46419 2025-04-24 Westermo WeOS 5 through 5.23.0 allows a reboot via a...
CVE-2025-1976 2025-04-24 Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6
CVE-2025-3435 2025-04-24 MangBoard WP <= 1.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Board Header And Footer
CVE-2025-1453 2025-04-24 Category Posts Widget < 4.9.20 - Admin+ Stored XSS
CVE-2025-2558 2025-04-24 The Wound <= 0.0.1 - Unauthenticated LFI
CVE-2025-32730 2025-04-24 Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool...
CVE-2025-41395 2025-04-24 Webapp DoS via malicious retrospective post in Playbooks
CVE-2025-35965 2025-04-24 DoS in Mattermost Playbooks via Excessive Task Actions
CVE-2025-41423 2025-04-24 Unauthorized Playbooks Post Deletion in Mattermost Playbooks Plugin
CVE-2025-3761 2025-04-24 My Tickets – Accessible Event Ticketing <= 2.0.16 - Authenticated (Subscriber+) Privilege Escalation
CVE-2025-1908 2025-04-24 Business Logic Errors in GitLab
CVE-2025-0639 2025-04-24 Allocation of Resources Without Limits or Throttling in GitLab
CVE-2024-12244 2025-04-24 Missing Authorization in GitLab
CVE-2025-3065 2025-04-24 Database Toolset <= 1.8.4 - Unauthenticated Arbitrary File Deletion
CVE-2025-3058 2025-04-24 Xelion Webchat <= 9.1.0 - Authenticated (Subscriber+) Arbitrary Options Update
CVE-2025-3101 2025-04-24 Configurator Theme Core <= 1.4.7 - Authenticated (Subscriber+) Privilege Escalation
CVE-2025-1284 2025-04-24 Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure
CVE-2025-2543 2025-04-24 Advanced Accordion Gutenberg Block <= 5.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2025-3604 2025-04-24 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover
CVE-2025-3607 2025-04-24 Frontend Login and Registration Blocks <= 1.0.7 - Authenticated (Subscriber+) Privilege Escalation via Password Reset
CVE-2025-2579 2025-04-24 Lottie Player <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload
CVE-2025-3832 2025-04-24 FuseDesk <= 6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via successredirect Parameter
CVE-2025-3300 2025-04-24 WPMasterToolKit (WPMTK) – All in one plugin <= 2.5.2 - Authenticated (Administrator+) to Arbitrary File Read and Write
CVE-2024-13307 2025-04-24 Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates
CVE-2025-3280 2025-04-24 ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Subscriber+) SQL Injection
CVE-2025-3793 2025-04-24 Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update
CVE-2025-3776 2025-04-24 Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution
CVE-2025-3603 2025-04-24 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update
CVE-2025-3872 2025-04-24 Privilege escalation by altering payload in contact form
CVE-2021-47662 2025-04-24 Unauthenticated remote shutdown of the cobot
CVE-2021-47663 2025-04-24 Improper session handling
CVE-2021-47664 2025-04-24 Enumeration of valid user names
CVE-2025-27820 2025-04-24 Apache HttpComponents: PSL (Public Suffix List) validation bypass
CVE-2025-46420 2025-04-24 Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c
CVE-2025-46421 2025-04-24 Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server
CVE-2025-30408 2025-04-24 Local privilege escalation due to insecure folder permissions. The following...
CVE-2025-30409 2025-04-24 Denial of service due to allocation of resources without limits....
CVE-2025-43855 2025-04-24 tRPC 11 WebSocket DoS Vulnerability
CVE-2025-46261 2025-04-24 WordPress Seriously Simple Podcasting plugin <= 3.9.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-46260 2025-04-24 WordPress Sky Addons for Elementor plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-46248 2025-04-24 WordPress Frontend Dashboard <= 2.2.5 - SQL Injection Vulnerability
CVE-2025-46234 2025-04-24 WordPress Control Listings plugin <= 1.0.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-46230 2025-04-24 WordPress Popup Builder <= 1.1.35 - Local File Inclusion Vulnerability
CVE-2025-46264 2025-04-24 WordPress PowerPress Podcasting <= 11.12.5 - Arbitrary File Upload Vulnerability
CVE-2025-39408 2025-04-24 WordPress BruteGuard – Brute Force Login Protection plugin <= 0.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-39404 2025-04-24 WordPress Sassy Social Share plugin <= 3.3.73 - Open Redirection vulnerability
CVE-2025-39400 2025-04-24 WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-39399 2025-04-24 WordPress License For Envato plugin <= 1.0.0 - Local File Inclusion vulnerability
CVE-2025-39397 2025-04-24 WordPress Anything Popup plugin <= 7.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-39391 2025-04-24 WordPress Checkout Field Visibility for WooCommerce plugin <= 1.2.3 - Local File Inclusion vulnerability
CVE-2025-39390 2025-04-24 WordPress Booking and Rental Manager plugin <= 2.3.8 - Broken Access Control vulnerability
CVE-2025-39387 2025-04-24 WordPress Opstore theme <= 1.4.5 - Local File Inclusion vulnerability
CVE-2025-39385 2025-04-24 WordPress Sirat theme <= 1.5.1 - Broken Access Control vulnerability
CVE-2025-39384 2025-04-24 WordPress Product Lister for eBay plugin <= 2.0.9 - Local File Inclusion vulnerability
CVE-2025-39383 2025-04-24 WordPress Xews Lite plugin <= 1.0.9 - Local File Inclusion vulnerability
CVE-2025-39382 2025-04-24 WordPress ACF: Google Font Selector plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-39381 2025-04-24 WordPress KiotViet Sync plugin <= 1.8.4 - CSRF to Stored XSS vulnerability
CVE-2025-39379 2025-04-24 WordPress Capturly plugin <= 2.0.1 - Local File Inclusion vulnerability
CVE-2025-39378 2025-04-24 WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Local File Inclusion vulnerability
CVE-2025-39377 2025-04-24 WordPress Appsero Helper plugin <= 1.3.4 - SQL Injection vulnerability
CVE-2025-39360 2025-04-24 WordPress Grace Mag theme <= 1.1.5 - Local File Inclusion vulnerability
CVE-2025-39359 2025-04-24 WordPress CWW Portfolio theme <= 1.3.1 - Local File Inclusion vulnerability
CVE-2025-32921 2025-04-24 WordPress Arrival theme <= 1.4.5 - Local File Inclusion vulnerability
CVE-2025-46435 2025-04-24 WordPress Time Based Greeting plugin <= 2.2.2 - CSRF to Stored XSS vulnerability
CVE-2025-46439 2025-04-24 WordPress Plugin Central plugin <= 2.5.1 - CSRF to Arbitrary File Deletion vulnerability
CVE-2025-46436 2025-04-24 WordPress SCSS-Library <= 0.4.1 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-46443 2025-04-24 WordPress Animate <= 0.5 - Server Side Request Forgery (SSRF) Vulnerability
CVE-2025-46450 2025-04-24 WordPress occupancyplan plugin <= 1.0.3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
CVE-2025-46452 2025-04-24 WordPress Google News plugin <= 2.5.1 - CSRF to Stored XSS vulnerability
CVE-2025-46462 2025-04-24 WordPress WPVN <= 0.7.8 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-46465 2025-04-24 WordPress Print Science Designer plugin <= 1.3.155 - CSRF to Stored XSS vulnerability
CVE-2025-46466 2025-04-24 WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability
CVE-2025-46470 2025-04-24 WordPress Smart Hashtags [#hashtagger] <= 7.2.3 - Broken Access Control Vulnerability
CVE-2025-46472 2025-04-24 WordPress The Pack Elementor addons <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46476 2025-04-24 WordPress Awesome Wp Image Gallery <= 1.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46478 2025-04-24 WordPress Dropdown Content <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability