CVE List - 2025 / April
Showing 3801 - 3900 of 4033 CVEs for April 2025 (Page 39 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-23377 | 2025-04-28 | Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to... |
| CVE-2025-4025 | 2025-04-28 | itsourcecode Placement Management System registration.php sql injection |
| CVE-2025-4026 | 2025-04-28 | PHPGurukul Nipah Virus Testing Management System profile.php sql injection |
| CVE-2025-43854 | 2025-04-28 | DIFY vulnerable to Clickjacking Attack |
| CVE-2025-4027 | 2025-04-28 | PHPGurukul Old Age Home Management System rules.php sql injection |
| CVE-2025-43857 | 2025-04-28 | net-imap rubygem vulnerable to possible DoS by memory exhaustion |
| CVE-2025-4028 | 2025-04-28 | PHPGurukul COVID19 Testing Management System profile.php sql injection |
| CVE-2025-4029 | 2025-04-28 | code-projects Personal Diary Management System New Record addrecord stack-based overflow |
| CVE-2025-4030 | 2025-04-28 | PHPGurukul COVID19 Testing Management System search-report-result.php sql injection |
| CVE-2024-12706 | 2025-04-28 | SQL Injection vulnerability discovered in OpenText™ Digital Asset Management. |
| CVE-2025-4031 | 2025-04-28 | PHPGurukul Pre-School Enrollment System aboutus.php sql injection |
| CVE-2025-4032 | 2025-04-28 | inclusionAI AWorld shell_tool.py subprocess.Popen os command injection |
| CVE-2025-34489 | 2025-04-28 | GFI MailEssentials < 21.8 Local Privilege Escalation |
| CVE-2025-4033 | 2025-04-28 | PHPGurukul Nipah Virus Testing Management System patient-search-report.php sql injection |
| CVE-2025-34490 | 2025-04-28 | GFI MailEssentials < 21.8 XXE Arbitrary File Read |
| CVE-2025-31650 | 2025-04-28 | Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame |
| CVE-2025-31651 | 2025-04-28 | Apache Tomcat: Bypass of rules in Rewrite Valve |
| CVE-2025-34491 | 2025-04-28 | GFI MailEssentials < 21.8 MultiNode Insecure Deserialization |
| CVE-2025-3224 | 2025-04-28 | Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion |
| CVE-2025-4034 | 2025-04-28 | projectworlds Online Examination System inser_doc_process.php sql injection |
| CVE-2025-4036 | 2025-04-28 | 201206030 Novel Chapter AuthorController.java updateBookChapter access control |
| CVE-2025-4037 | 2025-04-28 | code-projects ATM Banking moneyWithdraw logic error |
| CVE-2024-10635 | 2025-04-28 | Enterprise Protection S/MIME Opaque Signature Attachment Scanning Bypass |
| CVE-2025-0049 | 2025-04-28 | Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0 |
| CVE-2024-11922 | 2025-04-28 | Input Validation vulnerability in Web Client emails that do not go through Secure Mail |
| CVE-2025-4038 | 2025-04-28 | code-projects Train Ticket Reservation System reservation stack-based overflow |
| CVE-2025-4039 | 2025-04-28 | PHPGurukul Rail Pass Management System search-pass.php sql injection |
| CVE-2025-46326 | 2025-04-28 | Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file |
| CVE-2025-46327 | 2025-04-28 | Go Snowflake Driver has race condition when checking access to Easy Logging configuration file |
| CVE-2025-46328 | 2025-04-28 | NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file |
| CVE-2024-57698 | 2025-04-29 | An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens... |
| CVE-2025-25403 | 2025-04-29 | Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/coll_type.php. |
| CVE-2025-25962 | 2025-04-29 | An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function |
| CVE-2025-32354 | 2025-04-29 | In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation.... |
| CVE-2025-45956 | 2025-04-29 | A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter |
| CVE-2025-30445 | 2025-04-29 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and... |
| CVE-2025-31203 | 2025-04-29 | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS... |
| CVE-2025-31202 | 2025-04-29 | A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4. An attacker on... |
| CVE-2025-24251 | 2025-04-29 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4,... |
| CVE-2025-24206 | 2025-04-29 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and... |
| CVE-2025-24271 | 2025-04-29 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and... |
| CVE-2025-24270 | 2025-04-29 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and... |
| CVE-2025-24179 | 2025-04-29 | A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, visionOS 2.3, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5,... |
| CVE-2025-31197 | 2025-04-29 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4,... |
| CVE-2025-24252 | 2025-04-29 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and... |
| CVE-2025-46330 | 2025-04-29 | Snowflake Connector for C/C++ retries malformed requests |
| CVE-2025-46338 | 2025-04-29 | Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload |
| CVE-2025-46343 | 2025-04-29 | n8n Vulnerable to Stored XSS through Attachments View Endpoint |
| CVE-2025-46329 | 2025-04-29 | Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs |
| CVE-2024-12273 | 2025-04-29 | Calculated Fields Form < 5.2.62 - Admin+ Stored XSS |
| CVE-2025-2893 | 2025-04-29 | Gutenverse <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via countdown Block |
| CVE-2025-3452 | 2025-04-29 | SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation |
| CVE-2025-30194 | 2025-04-29 | Denial of service via crafted DoH exchange |
| CVE-2025-1194 | 2025-04-29 | Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| CVE-2025-4058 | 2025-04-29 | Projectworlds Online Examination System Bloodgroop_process.php sql injection |
| CVE-2025-3929 | 2025-04-29 | Stored XSS vulnerability in MDaemon Email Server |
| CVE-2024-58099 | 2025-04-29 | vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame |
| CVE-2025-3891 | 2025-04-29 | Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled |
| CVE-2025-4059 | 2025-04-29 | code-projects Prison Management System Prison_Mgmt_Sys addrecord stack-based overflow |
| CVE-2025-4060 | 2025-04-29 | PHPGurukul Notice Board System category.php sql injection |
| CVE-2025-4035 | 2025-04-29 | Libsoup: cookie domain validation bypass via uppercase characters in libsoup |
| CVE-2025-4061 | 2025-04-29 | code-projects Clothing Store Management System add_item stack-based overflow |
| CVE-2025-2817 | 2025-04-29 | Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass... |
| CVE-2025-4082 | 2025-04-29 | Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS.... |
| CVE-2025-4083 | 2025-04-29 | A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially... |
| CVE-2025-4084 | 2025-04-29 | Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution... |
| CVE-2025-4085 | 2025-04-29 | An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird... |
| CVE-2025-4086 | 2025-04-29 | A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android.... |
| CVE-2025-4087 | 2025-04-29 | A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially,... |
| CVE-2025-4088 | 2025-04-29 | A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled... |
| CVE-2025-4089 | 2025-04-29 | Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on... |
| CVE-2025-4090 | 2025-04-29 | A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird < 138. |
| CVE-2025-4091 | 2025-04-29 | Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough... |
| CVE-2025-4092 | 2025-04-29 | Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could... |
| CVE-2025-4093 | 2025-04-29 | Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited... |
| CVE-2025-4062 | 2025-04-29 | code-projects Theater Seat Booking System cancel stack-based overflow |
| CVE-2025-4063 | 2025-04-29 | code-projects Student Information Management System cancel stack-based overflow |
| CVE-2025-3301 | 2025-04-29 | DPA Countermeasures Unavailable for Certain Cryptographic Operations on Series 2 Devices |
| CVE-2025-4064 | 2025-04-29 | ScriptAndTools Online-Travling-System viewenquiry.php access control |
| CVE-2025-4065 | 2025-04-29 | ScriptAndTools Online-Travling-System addadvertisement.php access control |
| CVE-2025-4066 | 2025-04-29 | ScriptAndTools Online-Travling-System addpackage.php access control |
| CVE-2025-4067 | 2025-04-29 | ScriptAndTools Online-Travling-System viewpackage.php access control |
| CVE-2025-4068 | 2025-04-29 | code-projects Simple Movie Ticket Booking System changeprize stack-based overflow |
| CVE-2025-4069 | 2025-04-29 | code-projects Product Management System add_item stack-based overflow |
| CVE-2025-46346 | 2025-04-29 | YesWiki Vulnerable to Stored XSS in Comments |
| CVE-2025-40615 | 2025-04-29 | Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy |
| CVE-2025-40616 | 2025-04-29 | Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy |
| CVE-2025-1551 | 2025-04-29 | IBM Operational Decision Manager cross-site scripting |
| CVE-2025-40617 | 2025-04-29 | SQL injection vulnerability in Bookgy |
| CVE-2025-40618 | 2025-04-29 | SQL injection vulnerability in Bookgy |
| CVE-2025-40619 | 2025-04-29 | Improper access control vulnerability in Bookgy |
| CVE-2025-4070 | 2025-04-29 | PHPGurukul Rail Pass Management System changeimage.php sql injection |
| CVE-2025-4071 | 2025-04-29 | PHPGurukul COVID19 Testing Management System test-details.php sql injection |
| CVE-2025-23177 | 2025-04-29 | Ribbon Communications - CWE-427: Uncontrolled Search Path Element |
| CVE-2025-23178 | 2025-04-29 | Ribbon Communications - CWE-923: Improper Restriction of Communication Channel to Intended Endpoints |
| CVE-2025-23179 | 2025-04-29 | Ribbon Communications - CWE-798: Use of Hard-coded Credentials |
| CVE-2025-23180 | 2025-04-29 | Ribbon Communications - CWE-250: Execution with Unnecessary Privileges |
| CVE-2025-23181 | 2025-04-29 | Ribbon Communications - CWE-250: Execution with Unnecessary Privileges |
| CVE-2025-0716 | 2025-04-29 | AngularJS improper sanitization in SVG '<image>' element |
| CVE-2025-4072 | 2025-04-29 | PHPGurukul Online Nurse Hiring System edit-nurse.php sql injection |