CVE List - 2025 / May
Showing 2901 - 3000 of 3984 CVEs for May 2025 (Page 30 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-40633 | 2025-05-20 | Stored Cross-Site Scripting (XSS) in Koibox |
| CVE-2025-37892 | 2025-05-20 | mtd: inftlcore: Add error check for inftl_read_oob() |
| CVE-2025-30193 | 2025-05-20 | Denial of service via crafted TCP exchange |
| CVE-2025-40635 | 2025-05-20 | SQL injection at Comerzzia |
| CVE-2025-41229 | 2025-05-20 | VMware Cloud Foundation Directory Traversal Vulnerability |
| CVE-2025-41230 | 2025-05-20 | VMware Cloud Foundation Information Disclosure Vulnerability |
| CVE-2025-41231 | 2025-05-20 | VMware Cloud Foundation Missing Authorisation Vulnerability |
| CVE-2025-4977 | 2025-05-20 | Netgear DGND3700 BRS_top.html information disclosure |
| CVE-2025-4978 | 2025-05-20 | Netgear DGND3700 Basic Authentication BRS_top.html improper authentication |
| CVE-2025-47936 | 2025-05-20 | TYPO3 Vulnerable to Server Side Request Forgery via Webhooks |
| CVE-2025-47937 | 2025-05-20 | TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling |
| CVE-2025-47938 | 2025-05-20 | TYPO3 Vulnerable to Unverified Password Change for Backend Users |
| CVE-2025-4980 | 2025-05-20 | Netgear DGND3700 mini_http currentsetting.htm information disclosure |
| CVE-2025-47939 | 2025-05-20 | TYPO3 CMS Vulnerable to Unrestricted File Upload in File Abstraction Layer |
| CVE-2025-47940 | 2025-05-20 | TYPO3 CMS Vulnerable to Privilege Escalation to System Maintainer |
| CVE-2025-47941 | 2025-05-20 | TYPO3 Has Broken Authentication in Backend MFA |
| CVE-2025-41225 | 2025-05-20 | VMware vCenter Server authenticated command-execution vulnerability |
| CVE-2025-41226 | 2025-05-20 | Guest Operations Denial-of-Service Vulnerability |
| CVE-2025-41227 | 2025-05-20 | Denial-of-Service Vulnerability |
| CVE-2025-41228 | 2025-05-20 | VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability |
| CVE-2023-33861 | 2025-05-20 | IBM Security ReaQta improper certificate validation |
| CVE-2025-48014 | 2025-05-20 | Improper Restriction of Excessive Authentication Attempts |
| CVE-2025-48015 | 2025-05-20 | Observable Response Discrepancy |
| CVE-2025-48016 | 2025-05-20 | Improper Control of Interaction Frequency |
| CVE-2025-48017 | 2025-05-20 | Improper Limitation of a Pathname to a Restricted Directory |
| CVE-2025-48018 | 2025-05-20 | Deserialization of Untrusted Data |
| CVE-2025-37894 | 2025-05-20 | net: use sock_gen_put() when sk_state is TCP_TIME_WAIT |
| CVE-2025-37895 | 2025-05-20 | bnxt_en: Fix error handling path in bnxt_init_chip() |
| CVE-2025-37896 | 2025-05-20 | spi: spi-mem: Add fix to avoid divide error |
| CVE-2025-37897 | 2025-05-20 | wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release |
| CVE-2025-37898 | 2025-05-20 | powerpc64/ftrace: fix module loading without patchable function entries |
| CVE-2025-37899 | 2025-05-20 | ksmbd: fix use-after-free in session logoff |
| CVE-2025-37900 | 2025-05-20 | iommu: Fix two issues in iommu_copy_struct_from_user() |
| CVE-2025-37901 | 2025-05-20 | irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs |
| CVE-2025-37903 | 2025-05-20 | drm/amd/display: Fix slab-use-after-free in hdcp |
| CVE-2025-37904 | 2025-05-20 | btrfs: fix the inode leak in btrfs_iget() |
| CVE-2025-37905 | 2025-05-20 | firmware: arm_scmi: Balance device refcount when destroying devices |
| CVE-2025-37906 | 2025-05-20 | ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd |
| CVE-2025-37907 | 2025-05-20 | accel/ivpu: Fix locking order in ivpu_job_submit |
| CVE-2025-37908 | 2025-05-20 | mm, slab: clean up slab->obj_exts always |
| CVE-2025-37909 | 2025-05-20 | net: lan743x: Fix memleak issue when GSO enabled |
| CVE-2025-37910 | 2025-05-20 | ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations |
| CVE-2025-37911 | 2025-05-20 | bnxt_en: Fix out-of-bound memcpy() during ethtool -w |
| CVE-2025-37912 | 2025-05-20 | ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() |
| CVE-2025-37913 | 2025-05-20 | net_sched: qfq: Fix double list add in class with netem as child qdisc |
| CVE-2025-37914 | 2025-05-20 | net_sched: ets: Fix double list add in class with netem as child qdisc |
| CVE-2025-37915 | 2025-05-20 | net_sched: drr: Fix double list add in class with netem as child qdisc |
| CVE-2025-37916 | 2025-05-20 | pds_core: remove write-after-free of client_id |
| CVE-2025-37917 | 2025-05-20 | net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll |
| CVE-2025-37918 | 2025-05-20 | Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() |
| CVE-2025-37919 | 2025-05-20 | ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot |
| CVE-2025-37920 | 2025-05-20 | xsk: Fix race condition in AF_XDP generic RX path |
| CVE-2025-37921 | 2025-05-20 | vxlan: vnifilter: Fix unlocked deletion of default FDB entry |
| CVE-2025-37922 | 2025-05-20 | book3s64/radix : Align section vmemmap start address to PAGE_SIZE |
| CVE-2025-37923 | 2025-05-20 | tracing: Fix oob write in trace_seq_to_buffer() |
| CVE-2025-37924 | 2025-05-20 | ksmbd: fix use-after-free in kerberos authentication |
| CVE-2025-37926 | 2025-05-20 | ksmbd: fix use-after-free in ksmbd_session_rpc_open |
| CVE-2025-37927 | 2025-05-20 | iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid |
| CVE-2025-37928 | 2025-05-20 | dm-bufio: don't schedule in atomic context |
| CVE-2025-37929 | 2025-05-20 | arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays |
| CVE-2025-37930 | 2025-05-20 | drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() |
| CVE-2025-37931 | 2025-05-20 | btrfs: adjust subpage bit start based on sectorsize |
| CVE-2025-37932 | 2025-05-20 | sch_htb: make htb_qlen_notify() idempotent |
| CVE-2025-37933 | 2025-05-20 | octeon_ep: Fix host hang issue during device reboot |
| CVE-2025-37934 | 2025-05-20 | ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction |
| CVE-2025-37935 | 2025-05-20 | net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM |
| CVE-2025-37936 | 2025-05-20 | perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. |
| CVE-2024-45641 | 2025-05-20 | IBM Security ReaQta improper certificate validation |
| CVE-2025-37937 | 2025-05-20 | objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() |
| CVE-2025-37938 | 2025-05-20 | tracing: Verify event formats that have "%*p.." |
| CVE-2025-37939 | 2025-05-20 | libbpf: Fix accessing BTF.ext core_relo header |
| CVE-2025-37940 | 2025-05-20 | ftrace: Add cond_resched() to ftrace_graph_set_hash() |
| CVE-2025-37941 | 2025-05-20 | ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe() |
| CVE-2025-37942 | 2025-05-20 | HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX |
| CVE-2025-37943 | 2025-05-20 | wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi |
| CVE-2025-37944 | 2025-05-20 | wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process |
| CVE-2025-37945 | 2025-05-20 | net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY |
| CVE-2025-37946 | 2025-05-20 | s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs |
| CVE-2025-37947 | 2025-05-20 | ksmbd: prevent out-of-bounds stream writes by validating *pos |
| CVE-2025-37948 | 2025-05-20 | arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs |
| CVE-2025-37949 | 2025-05-20 | xenbus: Use kref to track req lifetime |
| CVE-2025-37950 | 2025-05-20 | ocfs2: fix panic in failed foilio allocation |
| CVE-2025-37951 | 2025-05-20 | drm/v3d: Add job to pending list if the reset was skipped |
| CVE-2025-37952 | 2025-05-20 | ksmbd: Fix UAF in __close_file_table_ids |
| CVE-2025-37953 | 2025-05-20 | sch_htb: make htb_deactivate() idempotent |
| CVE-2025-37954 | 2025-05-20 | smb: client: Avoid race in open_cached_dir with lease breaks |
| CVE-2025-37955 | 2025-05-20 | virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable() |
| CVE-2025-37956 | 2025-05-20 | ksmbd: prevent rename with empty string |
| CVE-2025-37957 | 2025-05-20 | KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception |
| CVE-2025-37958 | 2025-05-20 | mm/huge_memory: fix dereferencing invalid pmd migration entry |
| CVE-2025-37959 | 2025-05-20 | bpf: Scrub packet on bpf_redirect_peer |
| CVE-2025-37960 | 2025-05-20 | memblock: Accept allocated memory before use in memblock_double_array() |
| CVE-2025-37961 | 2025-05-20 | ipvs: fix uninit-value for saddr in do_output_route4 |
| CVE-2025-37962 | 2025-05-20 | ksmbd: fix memory leak in parse_lease_state() |
| CVE-2025-37963 | 2025-05-20 | arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users |
| CVE-2025-37964 | 2025-05-20 | x86/mm: Eliminate window where TLB flushes may be inadvertently skipped |
| CVE-2025-37965 | 2025-05-20 | drm/amd/display: Fix invalid context error in dml helper |
| CVE-2025-37966 | 2025-05-20 | riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL |
| CVE-2025-37967 | 2025-05-20 | usb: typec: ucsi: displayport: Fix deadlock |
| CVE-2025-37968 | 2025-05-20 | iio: light: opt3001: fix deadlock due to concurrent flag access |