CVE List - 2025 / May
Showing 2001 - 2100 of 3984 CVEs for May 2025 (Page 21 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-47775 | 2025-05-14 | Bullfrog's DNS over TCP bypasses domain filtering |
| CVE-2025-47777 | 2025-05-14 | 5ire Client Vulnerable to Cross-Site Scripting (XSS) and Remote Code Execution (RCE) |
| CVE-2025-47778 | 2025-05-14 | Sulu vulnerable to XXE in SVG File upload Inspector |
| CVE-2025-47781 | 2025-05-14 | Rallly Insufficient Password Login Token Entropy Leads to Account Takeover |
| CVE-2025-47782 | 2025-05-14 | motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution |
| CVE-2025-40595 | 2025-05-14 | A Server-side request forgery (SSRF) vulnerability has been identified in... |
| CVE-2025-3875 | 2025-05-14 | Thunderbird parses addresses in a way that can allow sender... |
| CVE-2025-3877 | 2025-05-14 | A crafted HTML email using mailbox:/// links can trigger automatic,... |
| CVE-2025-3909 | 2025-05-14 | Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to... |
| CVE-2025-3932 | 2025-05-14 | It was possible to craft an email that showed a... |
| CVE-2025-47701 | 2025-05-14 | Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047 |
| CVE-2025-47702 | 2025-05-14 | oEmbed Providers - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-048 |
| CVE-2025-47703 | 2025-05-14 | COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-049 |
| CVE-2025-47704 | 2025-05-14 | Klaro Cookie & Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-050 |
| CVE-2025-47705 | 2025-05-14 | IFrame Remove Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-051 |
| CVE-2025-47706 | 2025-05-14 | Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-052 |
| CVE-2025-47707 | 2025-05-14 | Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-053 |
| CVE-2025-47708 | 2025-05-14 | Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054 |
| CVE-2025-47709 | 2025-05-14 | Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055 |
| CVE-2025-47710 | 2025-05-14 | Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056 |
| CVE-2025-30663 | 2025-05-14 | Zoom Workplace Apps - Time-of-check Time-of-use |
| CVE-2025-30664 | 2025-05-14 | Zoom Workplace Apps - Improper Neutralization of Special Elements |
| CVE-2025-30665 | 2025-05-14 | Zoom Workplace Apps for Windows - NULL Pointer Dereference |
| CVE-2025-30666 | 2025-05-14 | Zoom Workplace Apps for Windows - NULL Pointer Dereference |
| CVE-2025-30667 | 2025-05-14 | Zoom Workplace Apps - NULL Pointer Dereference |
| CVE-2025-0130 | 2025-05-14 | PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets |
| CVE-2025-30668 | 2025-05-14 | Zoom Workplace Apps - NULL Pointer Dereference |
| CVE-2025-46785 | 2025-05-14 | Zoom Workplace Apps for Windows - Buffer Over-read |
| CVE-2025-4664 | 2025-05-14 | Insufficient policy enforcement in Loader in Google Chrome prior to... |
| CVE-2025-46786 | 2025-05-14 | Zoom Workplace Apps - Improper Neutralization of Special Elements |
| CVE-2025-4637 | 2025-05-14 | Divide By Zero in dlib |
| CVE-2025-4638 | 2025-05-14 | Improper Pointer Arithmetic in pcl |
| CVE-2025-4639 | 2025-05-14 | Improper Restriction of XML External Entity Reference in Peergos |
| CVE-2025-0131 | 2025-05-14 | GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK |
| CVE-2025-4640 | 2025-05-14 | Out-of-bounds Write in pcl |
| CVE-2025-0132 | 2025-05-14 | Cortex XDR Broker VM: Unauthenticated User Can Disable Internal Services |
| CVE-2025-0133 | 2025-05-14 | PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal |
| CVE-2025-0134 | 2025-05-14 | Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM |
| CVE-2025-0135 | 2025-05-14 | GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App |
| CVE-2025-4641 | 2025-05-14 | XML External Entity (XXE) injection vulnerability in WebDriverManager |
| CVE-2025-0137 | 2025-05-14 | PAN-OS: Improper Neutralization of Input in the Management Web Interface |
| CVE-2025-0138 | 2025-05-14 | Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface |
| CVE-2025-0136 | 2025-05-14 | PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices |
| CVE-2025-2900 | 2025-05-14 | IBM Semeru Runtime denial of service |
| CVE-2025-33104 | 2025-05-14 | CWE-79 |
| CVE-2025-47884 | 2025-05-14 | In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the... |
| CVE-2025-47885 | 2025-05-14 | Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does... |
| CVE-2025-47886 | 2025-05-14 | A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager... |
| CVE-2025-47887 | 2025-05-14 | Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and... |
| CVE-2025-47888 | 2025-05-14 | Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate... |
| CVE-2025-47889 | 2025-05-14 | In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims... |
| CVE-2024-45067 | 2025-05-14 | Incorrect default permissions in some Intel(R) Gaudi(R) software installers before... |
| CVE-2025-32421 | 2025-05-14 | Next.js Race Condition to Cache Poisoning |
| CVE-2025-46836 | 2025-05-14 | net-tools Stack-based Buffer Overflow vulnerability |
| CVE-2025-47783 | 2025-05-14 | label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter. |
| CVE-2024-52877 | 2025-05-15 | An issue was discovered in Insyde InsydeH2O kernel 5.2 before... |
| CVE-2024-52878 | 2025-05-15 | An issue was discovered in Insyde InsydeH2O kernel 5.2 before... |
| CVE-2024-52879 | 2025-05-15 | An issue was discovered in Insyde InsydeH2O kernel 5.2 before... |
| CVE-2024-52880 | 2025-05-15 | An issue was discovered in Insyde InsydeH2O kernel 5.2 before... |
| CVE-2025-44110 | 2025-05-15 | FluxBB 1.5.11 is vulnerable to Cross Site Scripting (XSS) in... |
| CVE-2025-44180 | 2025-05-15 | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross... |
| CVE-2025-44181 | 2025-05-15 | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross... |
| CVE-2025-44182 | 2025-05-15 | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross... |
| CVE-2025-44183 | 2025-05-15 | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross... |
| CVE-2025-44185 | 2025-05-15 | SourceCodester Best Employee Management System V1.0 is vulnerable to Cross... |
| CVE-2025-46052 | 2025-05-15 | An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows... |
| CVE-2025-46053 | 2025-05-15 | A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to... |
| CVE-2025-48024 | 2025-05-15 | In BlueWave Checkmate before 2.1, an authenticated regular user can... |
| CVE-2025-48027 | 2025-05-15 | The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass... |
| CVE-2025-48050 | 2025-05-15 | In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure... |
| CVE-2025-48051 | 2025-05-15 | powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in... |
| CVE-2025-4579 | 2025-05-15 | WP Content Security Plugin <= 2.3 - Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields |
| CVE-2025-4589 | 2025-05-15 | Bon Toolkit <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-3917 | 2025-05-15 | 百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.0.6 - Unauthenticated Arbitrary File Upload |
| CVE-2025-4126 | 2025-05-15 | EG-Series <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-4591 | 2025-05-15 | Weluka Lite <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-3053 | 2025-05-15 | UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.07 - Authenticated (Subscriber+) Remote Code Execution |
| CVE-2024-13914 | 2025-05-15 | File Manager Advanced Shortcode <= Multiple Versions - Authenticated (Administrator+) Local JavaScript File Inclusion via Shortcode |
| CVE-2025-3742 | 2025-05-15 | Responsive Lightbox & Gallery < 2.5.1 - Contributor+ Stored XSS |
| CVE-2025-27523 | 2025-05-15 | XXE vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager |
| CVE-2025-27524 | 2025-05-15 | Weak encryption vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager |
| CVE-2025-27525 | 2025-05-15 | Information Exposure vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager |
| CVE-2025-4737 | 2025-05-15 | Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead... |
| CVE-2025-32002 | 2025-05-15 | Improper neutralization of special elements used in an OS command... |
| CVE-2025-32738 | 2025-05-15 | Missing authentication for critical function issue exists in I-O DATA... |
| CVE-2025-31947 | 2025-05-15 | Repeated LDAP login failures can lock an LDAP account |
| CVE-2025-3446 | 2025-05-15 | Members Without Guest Invite Permissions Can Add Guests to Teams |
| CVE-2025-4564 | 2025-05-15 | TicketBAI Facturas para WooCommerce <= 3.18 - Unauthenticated Arbitrary File Deletion |
| CVE-2025-4762 | 2025-05-15 | Insecure Direct Object Reference (IDOR) vulnerability in eSignaViewer |
| CVE-2025-4695 | 2025-05-15 | PHPGurukul/Campcodes Cyber Cafe Management System add-users.php sql injection |
| CVE-2025-4696 | 2025-05-15 | PHPGurukul/Campcodes Cyber Cafe Management System search.php sql injection |
| CVE-2025-4697 | 2025-05-15 | PHPGurukul Directory Management System edit-directory.php sql injection |
| CVE-2025-4516 | 2025-05-15 | Use-after-free in "unicode_escape" decoder with error handler |
| CVE-2025-4698 | 2025-05-15 | PHPGurukul Directory Management System forget-password.php sql injection |
| CVE-2025-4699 | 2025-05-15 | PHPGurukul Apartment Visitors Management System visitors-form.php sql injection |
| CVE-2025-4701 | 2025-05-15 | VITA-MLLM Freeze-Omni utils.py torch.load deserialization |
| CVE-2025-4702 | 2025-05-15 | PHPGurukul Vehicle Parking Management System add-category.php sql injection |
| CVE-2025-2527 | 2025-05-15 | Improper access control to group information |
| CVE-2025-2570 | 2025-05-15 | System Admin Cannot Access Environment settings in System Console While System Manager Can |
| CVE-2025-4703 | 2025-05-15 | PHPGurukul Vehicle Parking Management System admin-profile.php sql injection |