CVE List - 2025 / April

Showing 601 - 700 of 4038 CVEs for April 2025 (Page 7 of 41)

Back to List Previous Next

CVE ID	Date	Title
CVE-2025-3149	2025-04-03	itning Student Homework Management System Edit Job Page fileupload cross site scripting
CVE-2025-3150	2025-04-03	itning Student Homework Management System cross-site request forgery
CVE-2025-3151	2025-04-03	SourceCodester Gym Management System signup.php sql injection
CVE-2025-3152	2025-04-03	caipeichao ThinkOX Search search.html cross site scripting
CVE-2024-53868	2025-04-03	Apache Traffic Server: Malformed chunked message body allows request smuggling
CVE-2025-2299	2025-04-03	LuckyWP Table of Contents <= 2.1.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVE-2024-9416	2025-04-03	Modula Image Gallery <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library
CVE-2025-2945	2025-04-03	pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
CVE-2025-2946	2025-04-03	Cross-Site Vulnerability(XSS) due to arbitrary HTML/JavaScript gets executed while query result rendering in Query Tool and View/Edit Data Tool of pgAdmin 4
CVE-2025-30596	2025-04-03	WordPress include-file <= 1 - Arbitrary File Download Vulnerability
CVE-2025-30611	2025-04-03	WordPress Wptobe-signinup plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30616	2025-04-03	WordPress Latest Custom Post Type Updates plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30858	2025-04-03	WordPress Snow Storm plugin <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30889	2025-04-03	WordPress Testimonial Slider plugin <= 2.0.13 - PHP Object Injection vulnerability
CVE-2025-30908	2025-04-03	WordPress Web Directory Free plugin <= 1.7.6 - CSRF to Cross Site Scripting (XSS) vulnerability
CVE-2025-30915	2025-04-03	WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.19 - Broken Access Control vulnerability
CVE-2025-30916	2025-04-03	WordPress Residential Address Detection plugin <= 2.5.4 - Broken Access Control vulnerability
CVE-2025-31091	2025-04-03	WordPress CM Header and Footer <= 1.2.4 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-31098	2025-04-03	WordPress DeBounce Email Validator <= 5.7 - Local File Inclusion Vulnerability
CVE-2025-31436	2025-04-03	WordPress Blubrry PowerPress Podcasting plugin MultiSite add-on plugin <= 0.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31442	2025-04-03	WordPress Search engine keywords highlighter plugin <= 0.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31467	2025-04-03	WordPress Flickr Photostream plugin <= 3.1.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31468	2025-04-03	WordPress WP_Identicon plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31536	2025-04-03	WordPress CF7 Spreadsheets plugin <= 2.3.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31541	2025-04-03	WordPress TuriTop Booking System plugin <= 1.0.10 - Broken Access Control vulnerability
CVE-2025-31554	2025-04-03	WordPress Docxpresso plugin <= 2.6 - Arbitrary File Download vulnerability
CVE-2025-31558	2025-04-03	WordPress TailPress plugin <= 0.4.4 - Sensitive Data Exposure vulnerability
CVE-2025-31573	2025-04-03	WordPress PeproDev CF7 Database plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-31581	2025-04-03	WordPress WP Video Playlist plugin <= 1.1.2 - Settings Change vulnerability
CVE-2025-31582	2025-04-03	WordPress Contact Form vCard Generator plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-31622	2025-04-03	WordPress Advanced Typekit plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-31626	2025-04-03	WordPress Support Helpdesk Ticket System Lite plugin <= 4.5.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31729	2025-04-03	WordPress WooTumblog plugin <= 2.1.4 - Content Injection vulnerability
CVE-2025-31736	2025-04-03	WordPress Rich Text Editor Plugin <= 1.0.1 - Broken Access Control vulnerability
CVE-2025-31739	2025-04-03	WordPress Minimalistic Event Manager plugin <= 1.1.1 - Broken Access Control vulnerability
CVE-2025-31746	2025-04-03	WordPress Clients plugin <= 1.1.4 - Broken Access Control vulnerability
CVE-2025-31758	2025-04-03	WordPress Free Woocommerce Product Table View plugin <= 1.78 - Arbitrary Content Deletion vulnerability
CVE-2025-31768	2025-04-03	WordPress Widget Manager Light plugin <= 1.18 - Broken Access Control vulnerability
CVE-2025-31789	2025-04-03	WordPress TextMe SMS plugin <= 1.9.1 - Broken Access Control vulnerability
CVE-2025-31794	2025-04-03	WordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Arbitrary Content Deletion vulnerability
CVE-2025-31795	2025-04-03	WordPress Shopify to WooCommerce Migration plugin <= 1.3.0 - Settings Change vulnerability
CVE-2025-31800	2025-04-03	WordPress Publitio plugin <= 2.1.8 - Arbitrary File Read vulnerability
CVE-2025-31825	2025-04-03	WordPress Category Icon plugin <= 1.0.0 - Arbitrary File Download vulnerability
CVE-2025-31827	2025-04-03	WordPress Fonto plugin <= 1.2.2 - Arbitrary File Download vulnerability
CVE-2025-31841	2025-04-03	WordPress FPW Category Thumbnails Plugin <= 1.9.5 - Broken Access Control vulnerability
CVE-2025-31858	2025-04-03	WordPress Local Magic Plugin <= 2.6.0 - Broken Access Control vulnerability
CVE-2025-31876	2025-04-03	WordPress Payday plugin <= 3.3.12 - Broken Access Control vulnerability
CVE-2025-31893	2025-04-03	WordPress Botnet Attack Blocker plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-31896	2025-04-03	WordPress GetBookingsWP Plugin <= 1.1.27 - Broken Access Control vulnerability
CVE-2025-31898	2025-04-03	WordPress MediaView plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31899	2025-04-03	WordPress Awesome Logos plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31900	2025-04-03	WordPress Lexicata plugin <= 1.0.16 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31901	2025-04-03	WordPress Digihood HTML Sitemap Plugin <= 3.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31902	2025-04-03	WordPress Social Share And Social Locker Plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31903	2025-04-03	WordPress XV Random Quotes Plugin <= 1.37 - Cross Site Scripting (XSS) vulnerability
CVE-2025-31905	2025-04-03	WordPress Team Rosters Plugin <= 4.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31907	2025-04-03	WordPress Team Builder plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31909	2025-04-03	WordPress Apptivo Business Site CRM plugin <= 5.3 - Arbitrary Content Deletion vulnerability
CVE-2025-31911	2025-04-03	WordPress Social Share And Social Locker plugin <= 1.4.2 - SQL Injection vulnerability
CVE-2025-3157	2025-04-03	Intelbras WRN 150 Wireless Menu cross site scripting
CVE-2025-3158	2025-04-03	Open Asset Import Library Assimp LWO File LWOAnimation.cpp UpdateAnimRangeSetup heap-based overflow
CVE-2025-3155	2025-04-03	Yelp: arbitrary file read
CVE-2025-32049	2025-04-03	Libsoup: denial of service attack to websocket server
CVE-2025-32050	2025-04-03	Libsoup: integer overflow in append_param_quoted
CVE-2025-32051	2025-04-03	Libsoup: segmentation fault when parsing malformed data uri
CVE-2025-32052	2025-04-03	Libsoup: heap buffer overflow in sniff_unknown()
CVE-2025-32053	2025-04-03	Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()
CVE-2025-3159	2025-04-03	Open Asset Import Library Assimp ASE File ASEParser.cpp ParseLV4MeshBonesVertices heap-based overflow
CVE-2025-3160	2025-04-03	Open Asset Import Library Assimp File SceneCombiner.cpp AddNodeHashes out-of-bounds
CVE-2025-3161	2025-04-03	Tenda AC10 ShutdownSetAdd stack-based overflow
CVE-2025-0272	2025-04-03	HCL DevOps Deploy / HCL Launch is susceptible to an HTML injection vulnerability
CVE-2025-3162	2025-04-03	InternLM LMDeploy PT File utils.py load_weight_ckpt deserialization
CVE-2024-4877	2025-04-03	OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external,...
CVE-2025-29987	2025-04-03	Dell PowerProtect Data Domain with Data Domain Operating System (DD...
CVE-2025-22457	2025-04-03	A stack-based buffer overflow in Ivanti Connect Secure before version...
CVE-2025-3163	2025-04-03	InternLM LMDeploy conf.py open code injection
CVE-2025-3164	2025-04-03	Tencent Music Entertainment SuperSonic H2 Database Connection testConnect code injection
CVE-2025-3165	2025-04-03	thu-pacman chitu backend.py torch.load deserialization
CVE-2025-3166	2025-04-03	code-projects Product Management System Search Product Menu search_item stack-based overflow
CVE-2025-3167	2025-04-03	Tenda AC23 API Interface VerAPIMant denial of service
CVE-2023-47639	2025-04-03	API Platform Core can leak exceptions message that may contain sensitive information
CVE-2025-32054	2025-04-03	In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could...
CVE-2025-31115	2025-04-03	XZ has a heap-use-after-free bug in threaded .xz decoder
CVE-2025-3168	2025-04-03	PHPGurukul Time Table Generator System edit-class.php sql injection
CVE-2025-3169	2025-04-03	Projeqtor saveAttachment.php unrestricted upload
CVE-2025-3170	2025-04-03	Project Worlds Online Lawyer Management System admin_user.php sql injection
CVE-2025-31127	2025-04-03	Element X Android allows the entity in control of the well-known file to break the confidentiality embedded Element Call
CVE-2025-31126	2025-04-03	Element X iOS allows the entity in control of the well-known file to break the confidentiality of embedded Element Call
CVE-2025-3171	2025-04-03	Project Worlds Online Lawyer Management System approve_lawyer.php sql injection
CVE-2025-3172	2025-04-03	Project Worlds Online Lawyer Management System lawyer_booking.php sql injection
CVE-2025-31483	2025-04-03	Stored XSS in Miniflux Media Proxy due to improper Content-Security-Policy configuration
CVE-2025-31486	2025-04-03	Vite allows server.fs.deny to be bypassed with .svg or relative paths
CVE-2025-3173	2025-04-03	Project Worlds Online Lawyer Management System save_booking.php sql injection
CVE-2025-31487	2025-04-03	The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server
CVE-2025-3174	2025-04-03	Project Worlds Online Lawyer Management System searchLawyer.php sql injection
CVE-2025-3175	2025-04-03	Project Worlds Online Lawyer Management System save_user_edit_profile.php sql injection
CVE-2025-31119	2025-04-03	CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework
CVE-2025-31481	2025-04-03	GraphQL query operations security can be bypassed
CVE-2025-3176	2025-04-03	Project Worlds Online Lawyer Management System single_lawyer.php sql injection
CVE-2025-31485	2025-04-03	GraphQL grant on a property might be cached with different objects