CVE List - 2025 / May
Showing 1201 - 1300 of 3984 CVEs for May 2025 (Page 13 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-45787 | 2025-05-08 | TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment... |
| CVE-2025-45788 | 2025-05-08 | TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the... |
| CVE-2025-45789 | 2025-05-08 | TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the... |
| CVE-2025-45790 | 2025-05-08 | TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the... |
| CVE-2025-45797 | 2025-05-08 | TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability... |
| CVE-2025-45798 | 2025-05-08 | A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112.... |
| CVE-2025-45818 | 2025-05-08 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable... |
| CVE-2025-45819 | 2025-05-08 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable... |
| CVE-2025-45820 | 2025-05-08 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable... |
| CVE-2025-45841 | 2025-05-08 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack... |
| CVE-2025-45842 | 2025-05-08 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack... |
| CVE-2025-45843 | 2025-05-08 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack... |
| CVE-2025-45844 | 2025-05-08 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack... |
| CVE-2025-45845 | 2025-05-08 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack... |
| CVE-2025-45846 | 2025-05-08 | ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack... |
| CVE-2025-45847 | 2025-05-08 | ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack... |
| CVE-2025-47729 | 2025-05-08 | The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of... |
| CVE-2025-47730 | 2025-05-08 | The TeleMessage archiving backend through 2025-05-05 accepts API calls (to... |
| CVE-2024-13793 | 2025-05-08 | Wolmart | Multi-Vendor Marketplace WooCommerce Theme <= 1.8.11 - Unauthenticated Arbitrary Shortcode Execution in wolmart_loadmore |
| CVE-2025-3419 | 2025-05-08 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read |
| CVE-2025-37800 | 2025-05-08 | driver core: fix potential NULL pointer dereference in dev_uevent() |
| CVE-2025-37801 | 2025-05-08 | spi: spi-imx: Add check for spi_imx_setupxfer() |
| CVE-2025-37802 | 2025-05-08 | ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" |
| CVE-2025-37803 | 2025-05-08 | udmabuf: fix a buf size overflow issue during udmabuf creation |
| CVE-2025-37805 | 2025-05-08 | sound/virtio: Fix cancel_sync warnings on uninitialized work_structs |
| CVE-2025-37806 | 2025-05-08 | fs/ntfs3: Keep write operations atomic |
| CVE-2025-37807 | 2025-05-08 | bpf: Fix kmemleak warning for percpu hashmap |
| CVE-2025-37808 | 2025-05-08 | crypto: null - Use spin lock instead of mutex |
| CVE-2025-37809 | 2025-05-08 | usb: typec: class: Fix NULL pointer access |
| CVE-2025-37810 | 2025-05-08 | usb: dwc3: gadget: check that event count does not exceed event buffer length |
| CVE-2025-37811 | 2025-05-08 | usb: chipidea: ci_hdrc_imx: fix usbmisc handling |
| CVE-2025-37812 | 2025-05-08 | usb: cdns3: Fix deadlock when using NCM gadget |
| CVE-2025-37813 | 2025-05-08 | usb: xhci: Fix invalid pointer dereference in Etron workaround |
| CVE-2025-37814 | 2025-05-08 | tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT |
| CVE-2025-37815 | 2025-05-08 | misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration |
| CVE-2025-37816 | 2025-05-08 | mei: vsc: Fix fortify-panic caused by invalid counted_by() use |
| CVE-2025-37817 | 2025-05-08 | mcb: fix a double free bug in chameleon_parse_gdd() |
| CVE-2025-37818 | 2025-05-08 | LoongArch: Return NULL from huge_pte_offset() for invalid PMD |
| CVE-2025-37819 | 2025-05-08 | irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() |
| CVE-2025-37820 | 2025-05-08 | xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() |
| CVE-2025-37821 | 2025-05-08 | sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash |
| CVE-2025-37822 | 2025-05-08 | riscv: uprobes: Add missing fence.i after building the XOL buffer |
| CVE-2025-37823 | 2025-05-08 | net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too |
| CVE-2025-37824 | 2025-05-08 | tipc: fix NULL pointer dereference in tipc_mon_reinit_self() |
| CVE-2025-37825 | 2025-05-08 | nvmet: fix out-of-bounds access in nvmet_enable_port |
| CVE-2025-37826 | 2025-05-08 | scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() |
| CVE-2025-37827 | 2025-05-08 | btrfs: zoned: return EIO on RAID1 block group write pointer mismatch |
| CVE-2025-37828 | 2025-05-08 | scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() |
| CVE-2025-37829 | 2025-05-08 | cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() |
| CVE-2025-37830 | 2025-05-08 | cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() |
| CVE-2025-37831 | 2025-05-08 | cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() |
| CVE-2025-37833 | 2025-05-08 | net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads |
| CVE-2025-37834 | 2025-05-08 | mm/vmscan: don't try to reclaim hwpoison folio |
| CVE-2025-4127 | 2025-05-08 | WP SEO Structured Data Schema <= 2.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Settings |
| CVE-2025-40846 | 2025-05-08 | HaloITSM open redirect via the returnUrl |
| CVE-2025-1252 | 2025-05-08 | Potential buffer write overflow in Connext applications while parsing malicious license file |
| CVE-2025-1253 | 2025-05-08 | Potential stack buffer write overflow in license-managed Core Libraries when setting RTI_LICENSE_FILE environment variable |
| CVE-2025-1254 | 2025-05-08 | Potential out-of-bounds read and write in Recording Service while using file rollover |
| CVE-2025-41450 | 2025-05-08 | Authentication bypass with privileged access in Danfoss AK-SM 8xxA Series prior to version 4.2 |
| CVE-2025-3758 | 2025-05-08 | Exposure of Device Configuration without Authentication in WF2220 |
| CVE-2025-3759 | 2025-05-08 | Missing Authentication for Changing Device Configuration in WF2220 |
| CVE-2025-4208 | 2025-05-08 | NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function |
| CVE-2025-3862 | 2025-05-08 | Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2025-3468 | 2025-05-08 | NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting |
| CVE-2025-2806 | 2025-05-08 | tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'data' |
| CVE-2025-3506 | 2025-05-08 | Potentially senitive path exposed via unauthenticated http route |
| CVE-2024-6648 | 2025-05-08 | Path Traversal in AP Page Builder |
| CVE-2025-4207 | 2025-05-08 | PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation |
| CVE-2024-13009 | 2025-05-08 | Eclipse Jetty GZIP buffer release |
| CVE-2025-30102 | 2025-05-08 | Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds... |
| CVE-2025-30101 | 2025-05-08 | Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check... |
| CVE-2025-4098 | 2025-05-08 | Out-of-bounds Read in Horner Automation Cscape |
| CVE-2025-1948 | 2025-05-08 | Eclipse Jetty HTTP clients can increase memory allocation |
| CVE-2024-8100 | 2025-05-08 | On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision. |
| CVE-2025-0505 | 2025-05-08 | On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state |
| CVE-2024-11186 | 2025-05-08 | On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-prem |
| CVE-2024-12378 | 2025-05-08 | On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear. |
| CVE-2025-27695 | 2025-05-08 | Dell Wyse Management Suite, versions prior to WMS 5.1 contain... |
| CVE-2024-9448 | 2025-05-08 | On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropp |
| CVE-2025-46336 | 2025-05-08 | Rack session gets restored after deletion |
| CVE-2025-46712 | 2025-05-08 | Erlang/OTP SSH Has Strict KEX Violations |
| CVE-2025-46812 | 2025-05-08 | Trix vulnerable to Cross-site Scripting on copy & paste |
| CVE-2025-46833 | 2025-05-08 | Programs/P73_SimplePythonEncryption.py has weak cryptographic key |
| CVE-2025-1329 | 2025-05-08 | IBM CICS TX code execution |
| CVE-2025-1330 | 2025-05-08 | IBM CICS TX code execution |
| CVE-2025-1331 | 2025-05-08 | IBM CICS TX code execution |
| CVE-2025-33072 | 2025-05-08 | Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability |
| CVE-2025-29972 | 2025-05-08 | Azure Storage Resource Provider Spoofing Vulnerability |
| CVE-2025-29827 | 2025-05-08 | Azure Automation Elevation of Privilege Vulnerability |
| CVE-2025-29813 | 2025-05-08 | Azure DevOps Elevation of Privilege Vulnerability |
| CVE-2025-47733 | 2025-05-08 | Microsoft Power Apps Information Disclosure Vulnerability |
| CVE-2025-47732 | 2025-05-08 | Microsoft Dataverse Remote Code Execution Vulnerability |
| CVE-2025-27578 | 2025-05-08 | Pixmeo OsiriX MD Use After Free |
| CVE-2025-31946 | 2025-05-08 | Pixmeo OsiriX MD Use After Free |
| CVE-2025-27720 | 2025-05-08 | Pixmeo OsiriX MD Cleartext Transmission of Sensitive Information |
| CVE-2025-4440 | 2025-05-08 | H3C GR-1800AX aspForm EnableIpv6 buffer overflow |
| CVE-2025-4441 | 2025-05-08 | D-Link DIR-605L formSetWAN_Wizard534 buffer overflow |
| CVE-2025-4442 | 2025-05-08 | D-Link DIR-605L formSetWAN_Wizard55 buffer overflow |
| CVE-2025-4443 | 2025-05-08 | D-Link DIR-605L sub_454F2C command injection |
| CVE-2025-28200 | 2025-05-09 | Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default... |