VULNMAP - Security Vulnerabilities

CVE List - 2025 / April

Showing 301 - 400 of 4038 CVEs for April 2025 (Page 4 of 41)

CVE ID Date Title
CVE-2025-21918 2025-04-01 usb: typec: ucsi: Fix NULL pointer access
CVE-2025-21919 2025-04-01 sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
CVE-2025-21920 2025-04-01 vlan: enforce underlying device type
CVE-2025-21921 2025-04-01 net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device
CVE-2025-21922 2025-04-01 ppp: Fix KMSAN uninit-value warning with bpf
CVE-2025-21923 2025-04-01 HID: hid-steam: Fix use-after-free when detaching device
CVE-2025-21924 2025-04-01 net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error
CVE-2025-21925 2025-04-01 llc: do not use skb_get() before dev_queue_xmit()
CVE-2025-21926 2025-04-01 net: gso: fix ownership in __udp_gso_segment
CVE-2025-21927 2025-04-01 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
CVE-2025-21928 2025-04-01 HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
CVE-2025-21929 2025-04-01 HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()
CVE-2025-21930 2025-04-01 wifi: iwlwifi: mvm: don't try to talk to a dead firmware
CVE-2025-21931 2025-04-01 hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio
CVE-2025-21932 2025-04-01 mm: abort vma_modify() on merge out of memory failure
CVE-2025-21933 2025-04-01 arm: pgtable: fix NULL pointer dereference issue
CVE-2025-21934 2025-04-01 rapidio: fix an API misues when rio_add_net() fails
CVE-2025-21935 2025-04-01 rapidio: add check for rio_add_net() in rio_scan_alloc_net()
CVE-2025-21936 2025-04-01 Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()
CVE-2025-21937 2025-04-01 Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
CVE-2025-21938 2025-04-01 mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr
CVE-2025-21939 2025-04-01 drm/xe/hmm: Don't dereference struct page pointers without notifier lock
CVE-2025-21940 2025-04-01 drm/amdkfd: Fix NULL Pointer Dereference in KFD queue
CVE-2025-21941 2025-04-01 drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params
CVE-2025-21942 2025-04-01 btrfs: zoned: fix extent range end unlock in cow_file_range()
CVE-2025-21943 2025-04-01 gpio: aggregator: protect driver attr handlers against module unload
CVE-2025-21944 2025-04-01 ksmbd: fix bug on trap in smb2_lock
CVE-2025-21945 2025-04-01 ksmbd: fix use-after-free in smb2_lock
CVE-2025-21946 2025-04-01 ksmbd: fix out-of-bounds in parse_sec_desc()
CVE-2025-21947 2025-04-01 ksmbd: fix type confusion via race condition when using ipc_msg_send_request
CVE-2025-21948 2025-04-01 HID: appleir: Fix potential NULL dereference at raw event handle
CVE-2025-21949 2025-04-01 LoongArch: Set hugetlb mmap base address aligned with pmd size
CVE-2025-21950 2025-04-01 drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
CVE-2025-21951 2025-04-01 bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock
CVE-2025-21952 2025-04-01 HID: corsair-void: Update power supply values with a unified work handler
CVE-2025-21953 2025-04-01 net: mana: cleanup mana struct after debugfs_remove()
CVE-2025-21954 2025-04-01 netmem: prevent TX of unreadable skbs
CVE-2025-21955 2025-04-01 ksmbd: prevent connection release during oplock break notification
CVE-2025-21956 2025-04-01 drm/amd/display: Assign normalized_pix_clk when color depth = 14
CVE-2025-21957 2025-04-01 scsi: qla1280: Fix kernel oops when debug level > 2
CVE-2025-21958 2025-04-01 Revert "openvswitch: switch to per-action label counting in conntrack"
CVE-2025-21959 2025-04-01 netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()
CVE-2025-21960 2025-04-01 eth: bnxt: do not update checksum in bnxt_xdp_build_skb()
CVE-2025-21961 2025-04-01 eth: bnxt: fix truesize for mb-xdp-pass case
CVE-2025-21962 2025-04-01 cifs: Fix integer overflow while processing closetimeo mount option
CVE-2025-21963 2025-04-01 cifs: Fix integer overflow while processing acdirmax mount option
CVE-2025-21964 2025-04-01 cifs: Fix integer overflow while processing acregmax mount option
CVE-2025-21965 2025-04-01 sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl()
CVE-2025-21966 2025-04-01 dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature
CVE-2025-21967 2025-04-01 ksmbd: fix use-after-free in ksmbd_free_work_struct
CVE-2025-21968 2025-04-01 drm/amd/display: Fix slab-use-after-free on hdcp_work
CVE-2025-21969 2025-04-01 Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd
CVE-2025-21970 2025-04-01 net/mlx5: Bridge, fix the crash caused by LAG state check
CVE-2025-21971 2025-04-01 net_sched: Prevent creation of classes with TC_H_ROOT
CVE-2025-21972 2025-04-01 net: mctp: unshare packets when reassembling
CVE-2025-21973 2025-04-01 eth: bnxt: fix kernel panic in the bnxt_get_queue_stats{rx | tx}
CVE-2025-21974 2025-04-01 eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc()
CVE-2025-21975 2025-04-01 net/mlx5: handle errors in mlx5_chains_create_table()
CVE-2025-21976 2025-04-01 fbdev: hyperv_fb: Allow graceful removal of framebuffer
CVE-2025-21977 2025-04-01 fbdev: hyperv_fb: Fix hang in kdump kernel when on Hyper-V Gen 2 VMs
CVE-2025-21978 2025-04-01 drm/hyperv: Fix address space leak when Hyper-V DRM device is removed
CVE-2025-21979 2025-04-01 wifi: cfg80211: cancel wiphy_work before freeing wiphy
CVE-2025-21980 2025-04-01 sched: address a potential NULL pointer dereference in the GRED scheduler.
CVE-2025-21981 2025-04-01 ice: fix memory leak in aRFS after reset
CVE-2025-21982 2025-04-01 pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xx_gpio_fw
CVE-2025-21983 2025-04-01 mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq
CVE-2025-21984 2025-04-01 mm: fix kernel BUG when userfaultfd_move encounters swapcache
CVE-2025-21985 2025-04-01 drm/amd/display: Fix out-of-bound accesses
CVE-2025-21986 2025-04-01 net: switchdev: Convert blocking notification chain to a raw one
CVE-2025-25041 2025-04-01 Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client
CVE-2025-31137 2025-04-01 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers
CVE-2025-3096 2025-04-01 Clinics Patient Management System SQL Injection
CVE-2025-31753 2025-04-01 WordPress Advanced Speed Increaser Plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-30554 2025-04-01 WordPress Frizzly plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30580 2025-04-01 WordPress DigiWidgets Image Editor <= 1.10 - Remote Code Execution (RCE) Vulnerability
CVE-2025-30778 2025-04-01 WordPress VForm plugin <= 3.1.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30807 2025-04-01 WordPress Next-Cart Store to WooCommerce Migration plugin <= 3.9.4 - SQL Injection vulnerability
CVE-2025-30825 2025-04-01 WordPress WPC Smart Linked Products plugin <= 1.3.5 - Privilege Escalation vulnerability
CVE-2025-30841 2025-04-01 WordPress Countdown & Clock plugin <=2.8.8 - Remote Code Execution (RCE) vulnerability
CVE-2025-30844 2025-04-01 WordPress Watu Quiz plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) Vulnerability
CVE-2025-30852 2025-04-01 WordPress Oracle Cards Lite plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) Vulnerability
CVE-2025-30853 2025-04-01 WordPress ShortPixel Adaptive Images plugin <= 3.10.0 - Broken Authentication vulnerability
CVE-2025-30892 2025-04-01 WordPress WpTravelly Plugin <= 1.8.7 - PHP Object Injection vulnerability
CVE-2025-30905 2025-04-01 WordPress Secure Copy Content Protection and Content Locking plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30906 2025-04-01 WordPress Plugin Oficial – Getnet para WooCommerce plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30913 2025-04-01 WordPress Access Areas Plugin <= 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31078 2025-04-01 WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.18 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31080 2025-04-01 WordPress HTML Forms plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-31081 2025-04-01 WordPress Enable Media Replace plugin <= 4.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31082 2025-04-01 WordPress News & Blog Designer Pack plugin <= 4.0 - Local File Inclusion vulnerability
CVE-2025-31085 2025-04-01 WordPress xili-language plugin <= 2.21.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31086 2025-04-01 WordPress Product Table by WBW plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31089 2025-04-01 WordPress Order Splitter for WooCommerce <= 5.3.0 - SQL Injection Vulnerability
CVE-2025-31097 2025-04-01 WordPress Material Dashboard <= 1.4.5 - Local File Inclusion Vulnerability
CVE-2025-31431 2025-04-01 WordPress WP Bookmarks plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31441 2025-04-01 WordPress WordPress Galleria plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31445 2025-04-01 WordPress Pages Order plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31446 2025-04-01 WordPress WP Cleaner plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31454 2025-04-01 WordPress Delete Post Revision plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31455 2025-04-01 WordPress Limit Max IPs Per User plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability