CVE List - 2025 / April
Showing 3701 - 3800 of 4038 CVEs for April 2025 (Page 38 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-46576 | 2025-04-27 | ZTE GoldenDB Database product has a privilege escalation vulnerability |
| CVE-2025-46577 | 2025-04-27 | ZTE GoldenDB Database product has an SQL injection vulnerability |
| CVE-2025-46578 | 2025-04-27 | ZTE GoldenDB Database product has SQL injection vulnerabilities in multiple interfaces |
| CVE-2025-46579 | 2025-04-27 | ZTE GoldenDB Database product has a DDE injection vulnerability |
| CVE-2025-46580 | 2025-04-27 | ZTE GoldenDB Database product has a code-related vulnerability |
| CVE-2025-3956 | 2025-04-27 | 201206030 novel-cloud BookInfoMapper.xml RestResp sql injection |
| CVE-2025-3957 | 2025-04-27 | opplus springboot-admin SysLogDao.xml sql injection |
| CVE-2025-3958 | 2025-04-27 | withstars Books-Management-System Book Edit Page book_edit_do.html cross site scripting |
| CVE-2025-3959 | 2025-04-27 | withstars Books-Management-System reader_delete.html cross-site request forgery |
| CVE-2025-3960 | 2025-04-27 | withstars Books-Management-System Background Interface allreaders.html authorization |
| CVE-2025-3961 | 2025-04-27 | withstars Books-Management-System do cross site scripting |
| CVE-2025-3962 | 2025-04-27 | withstars Books-Management-System Comment add cross site scripting |
| CVE-2025-3963 | 2025-04-27 | withstars Books-Management-System Background Interface list authorization |
| CVE-2024-52887 | 2025-04-27 | Self-XSS |
| CVE-2024-52888 | 2025-04-27 | Stored-XSS |
| CVE-2025-3964 | 2025-04-27 | withstars Books-Management-System Article del cross-site request forgery |
| CVE-2025-3965 | 2025-04-27 | itwanger paicoding post cross site scripting |
| CVE-2025-3966 | 2025-04-27 | itwanger paicoding Browsing History home information disclosure |
| CVE-2025-3967 | 2025-04-27 | itwanger paicoding Article post improper authorization |
| CVE-2025-3886 | 2025-04-27 | CatoNetworks CatoClient up to 5.8 PrivilegedHelperTool Race Condition |
| CVE-2025-3968 | 2025-04-27 | codeprojects News Publishing Site Dashboard api.php sql injection |
| CVE-2025-3969 | 2025-04-27 | codeprojects News Publishing Site Dashboard Edit Category Page edit-category.php unrestricted upload |
| CVE-2025-3970 | 2025-04-27 | baseweb JSite save cross site scripting |
| CVE-2025-3971 | 2025-04-27 | PHPGurukul COVID19 Testing Management System add-phlebotomist.php sql injection |
| CVE-2025-3972 | 2025-04-27 | PHPGurukul COVID19 Testing Management System bwdates-report-result.php sql injection |
| CVE-2025-3973 | 2025-04-27 | PHPGurukul COVID19 Testing Management System check_availability.php sql injection |
| CVE-2025-3974 | 2025-04-27 | PHPGurukul COVID19 Testing Management System edit-phlebotomist.php sql injection |
| CVE-2025-3975 | 2025-04-27 | ScriptAndTools eCommerce-website-in-PHP subscriber-csv.php information disclosure |
| CVE-2025-3976 | 2025-04-27 | PHPGurukul COVID19 Testing Management System new-user-testing.php sql injection |
| CVE-2025-3977 | 2025-04-27 | iteachyou Dreamer CMS Attachment download improper authorization |
| CVE-2025-3978 | 2025-04-27 | dazhouda lecms user_set.htm information disclosure |
| CVE-2025-3979 | 2025-04-27 | dazhouda lecms Password Change index.php cross-site request forgery |
| CVE-2025-3980 | 2025-04-27 | wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System list improper authorization |
| CVE-2025-3981 | 2025-04-27 | wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System details improper authorization |
| CVE-2025-3982 | 2025-04-27 | nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution |
| CVE-2025-2866 | 2025-04-27 | PDF signature forgery with adbe.pkcs7.sha1 SubFilter |
| CVE-2025-3983 | 2025-04-27 | AMTT Hotel Broadband Operation System nlog_down.php command injection |
| CVE-2025-3984 | 2025-04-27 | Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection |
| CVE-2025-3985 | 2025-04-27 | Apereo CAS ResponseEntity redos |
| CVE-2025-3986 | 2025-04-27 | Apereo CAS CasConfigurationMetadataServerController.java redos |
| CVE-2025-3987 | 2025-04-27 | TOTOLINK N150RT formWsc command injection |
| CVE-2025-3988 | 2025-04-27 | TOTOLINK N150RT formPortFw buffer overflow |
| CVE-2025-3989 | 2025-04-27 | TOTOLINK N150RT formStaticDHCP buffer overflow |
| CVE-2025-3990 | 2025-04-27 | TOTOLINK N150RT formVlan buffer overflow |
| CVE-2025-3991 | 2025-04-27 | TOTOLINK N150RT formWdsEncrypt buffer overflow |
| CVE-2025-26692 | 2025-04-27 | Quick Agent V3 and Quick Agent V2 contain an issue... |
| CVE-2025-27937 | 2025-04-27 | Quick Agent V3 and Quick Agent V2 contain an issue... |
| CVE-2025-31144 | 2025-04-27 | Quick Agent V3 and Quick Agent V2 contain an issue... |
| CVE-2015-2079 | 2025-04-28 | Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote... |
| CVE-2015-4582 | 2025-04-28 | The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress... |
| CVE-2022-41871 | 2025-04-28 | SEPPmail through 12.1.17 allows command injection within the Admin Portal.... |
| CVE-2023-35814 | 2025-04-28 | DevExpress before 23.1.3 does not properly protect XtraReport serialized data... |
| CVE-2023-35815 | 2025-04-28 | DevExpress before 23.1.3 has a data-source protection mechanism bypass during... |
| CVE-2023-35816 | 2025-04-28 | DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. |
| CVE-2023-35817 | 2025-04-28 | DevExpress before 23.1.3 allows AsyncDownloader SSRF. |
| CVE-2023-42404 | 2025-04-28 | OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java... |
| CVE-2024-32499 | 2025-04-28 | Newforma Project Center Server through 2023.3.0.32259 allows remote code execution... |
| CVE-2025-25776 | 2025-04-28 | Cross-Site Scripting (XSS) vulnerability exists in the User Registration and... |
| CVE-2025-45947 | 2025-04-28 | An issue in phpgurukul Online Banquet Booking System V1.2 allows... |
| CVE-2025-45949 | 2025-04-28 | A critical vulnerability was found in PHPGurukul User Registration &... |
| CVE-2025-45953 | 2025-04-28 | A vulnerability was found in PHPGurukul Hostel Management System 2.1... |
| CVE-2025-46614 | 2025-04-28 | In Snowflake ODBC Driver before 3.7.0, in certain code paths,... |
| CVE-2025-46661 | 2025-04-28 | IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution... |
| CVE-2025-3992 | 2025-04-28 | TOTOLINK N150RT formWlwds buffer overflow |
| CVE-2025-3993 | 2025-04-28 | TOTOLINK N150RT formWsc buffer overflow |
| CVE-2025-3994 | 2025-04-28 | TOTOLINK N150RT IP Port Filtering home.htm cross site scripting |
| CVE-2025-3995 | 2025-04-28 | TOTOLINK N150RT LAN Settings Page fromStaticDHCP cross site scripting |
| CVE-2025-3996 | 2025-04-28 | TOTOLINK N150RT MAC Filtering Page home.htm cross site scripting |
| CVE-2025-3997 | 2025-04-28 | dazhouda lecms Personal Information Page index.php cross-site request forgery |
| CVE-2025-3706 | 2025-04-28 | 104 Corporation eHRMS - Reflected Cross-Site Scripting |
| CVE-2025-3998 | 2025-04-28 | CodeAstro Membership Management System renew.php sql injection |
| CVE-2025-3999 | 2025-04-28 | Seeyon Zhiyuan OA Web Application System URL Parameter date.jsp cross site scripting |
| CVE-2025-4000 | 2025-04-28 | Seeyon Zhiyuan OA Web Application System ssoproxy.jsp cross site scripting |
| CVE-2025-4001 | 2025-04-28 | scipopt scip File Descriptor genRandomLOPInstance.c main file descriptor consumption |
| CVE-2025-4002 | 2025-04-28 | RefindPlusRepo RefindPlus BootLog.c GetDebugLogFile null pointer dereference |
| CVE-2025-4003 | 2025-04-28 | RefindPlusRepo RefindPlus RP_ApfsIo.c InternalApfsTranslateBlock null pointer dereference |
| CVE-2024-13688 | 2025-04-28 | Admin and Site Enhancements (ASE) < 7.6.10 - Password Protection Bypass |
| CVE-2024-9771 | 2025-04-28 | WP-Recall < 16.26.12 - Admin+ Stored XSS |
| CVE-2025-0627 | 2025-04-28 | AI Autotagger < 3.30.0 - Admin+ Stored XSS |
| CVE-2025-4004 | 2025-04-28 | PHPGurukul COVID19 Testing Management System password-recovery.php sql injection |
| CVE-2025-4005 | 2025-04-28 | PHPGurukul COVID19 Testing Management System patient-report.php sql injection |
| CVE-2025-4006 | 2025-04-28 | youyiio BeyongCms Document Management Page Upload.html unrestricted upload |
| CVE-2025-22235 | 2025-04-28 | Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed |
| CVE-2025-4007 | 2025-04-28 | Tenda W12/i24 httpd modules cgidhcpsCfgSet stack-based overflow |
| CVE-2025-4011 | 2025-04-28 | Redmine Custom Query cross site scripting |
| CVE-2025-42598 | 2025-04-28 | Multiple SEIKO EPSON printer drivers for Windows OS are configured... |
| CVE-2025-4012 | 2025-04-28 | playeduxyz PlayEdu 开源培训系统 User Avatar create server-side request forgery |
| CVE-2025-4013 | 2025-04-28 | PHPGurukul Art Gallery Management System aboutus.php sql injection |
| CVE-2025-32470 | 2025-04-28 | Unauthenticated change of IP adress |
| CVE-2025-39367 | 2025-04-28 | WordPress Kleo theme < 5.4.4 - Broken Access Control vulnerability |
| CVE-2025-32471 | 2025-04-28 | Reuse of salt |
| CVE-2025-4014 | 2025-04-28 | PHPGurukul Art Gallery Management System manage-art-medium.php sql injection |
| CVE-2025-3200 | 2025-04-28 | Com-Server Exposed via Weak TLS |
| CVE-2025-4015 | 2025-04-28 | 20120630 Novel-Plus SessionController.java list missing authentication |
| CVE-2025-4016 | 2025-04-28 | 20120630 Novel-Plus LogController.java deleteIndex improper authorization |
| CVE-2025-4017 | 2025-04-28 | 20120630 Novel-Plus LogController.java list improper authorization |
| CVE-2025-4018 | 2025-04-28 | 20120630 Novel-Plus CrawlController.java addCrawlSource missing authentication |
| CVE-2025-4019 | 2025-04-28 | 20120630 Novel-Plus GeneratorController.java genCode missing authentication |
| CVE-2025-32472 | 2025-04-28 | DoS attack by conducting a slowloris-type attack |
| CVE-2025-4020 | 2025-04-28 | PHPGurukul Old Age Home Management System contact.php sql injection |