VULNMAP - Security Vulnerabilities

CVE List - 2025 / May

Showing 3301 - 3400 of 3984 CVEs for May 2025 (Page 34 of 40)

CVE ID Date Title
CVE-2023-53154 2025-05-23 parse_string in cJSON before 1.7.18 has a heap-based buffer over-read...
CVE-2024-48702 2025-05-23 PHPGurukul Old Age Home Management System v1.0 is vulnerable to...
CVE-2024-48704 2025-05-23 Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML...
CVE-2024-51099 2025-05-23 A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php...
CVE-2024-51101 2025-05-23 PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0...
CVE-2024-51102 2025-05-23 PHPGURUKUL Student Management System using PHP and MySQL v1 was...
CVE-2024-51103 2025-05-23 PHPGURUKUL Student Management System using PHP and MySQL v1 was...
CVE-2024-51107 2025-05-23 Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php...
CVE-2024-51108 2025-05-23 Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php...
CVE-2024-51360 2025-05-23 An issue in Hospital Management System In PHP V4.0 allows...
CVE-2025-44998 2025-05-23 A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php...
CVE-2025-46176 2025-05-23 Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01...
CVE-2025-48695 2025-05-23 An issue was discovered in CyberDAVA before 1.1.20. A privilege...
CVE-2025-48701 2025-05-23 openDCIM through 23.04 allows SQL injection in people_depts.php because prepared...
CVE-2025-48708 2025-05-23 gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument...
CVE-2025-48735 2025-05-23 A SQL Injection issue in the request body processing in...
CVE-2025-48738 2025-05-23 An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16,...
CVE-2025-48739 2025-05-23 A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0...
CVE-2025-48740 2025-05-23 A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0...
CVE-2025-48741 2025-05-23 A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before...
CVE-2025-2394 2025-05-23 Ecovacs Home Android and iOS Mobile Applications up to version...
CVE-2025-5099 2025-05-23 KL-001-2025-004: Mobile Dynamix PrinterShare Mobile Print Out-of-bounds Write
CVE-2025-5098 2025-05-23 KL-001-2025-003: Mobile Dynamix PrinterShare Mobile Print Gmail Oauth Token Disclosure
CVE-2025-5100 2025-05-23 KL-001-2025-005: Mobile Dynamix PrinterShare Mobile Print Double-Free Memory Write
CVE-2025-4594 2025-05-23 Tournamatch <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5096 2025-05-23 TablePress <= 3.1.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters
CVE-2025-47149 2025-05-23 The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an...
CVE-2024-13945 2025-05-23 Stored Absolute Path Traversal
CVE-2025-4379 2025-05-23 Reflected XSS in DobryCMS
CVE-2025-3893 2025-05-23 SQL Injection in MegaBIP
CVE-2025-3894 2025-05-23 Stored XSS in MegaBIP
CVE-2025-3895 2025-05-23 Low token entropy in MegaBIP
CVE-2025-36527 2025-05-23 SQL Injection
CVE-2025-41407 2025-05-23 SQL Injection
CVE-2025-5105 2025-05-23 TOZED ZLT W51 Service Port 7777 heap inspection
CVE-2025-5106 2025-05-23 Fujian Kelixun Filename fax_view.php os command injection
CVE-2025-1123 2025-05-23 Solid Mail – SMTP email and logging made by SolidWP <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting via Email
CVE-2025-5107 2025-05-23 Fujian Kelixun xml_cdr_details.php sql injection
CVE-2025-5108 2025-05-23 zongzhige ShopXO ZIP File Payment.php Upload unrestricted upload
CVE-2024-9163 2025-05-23 User Interface (UI) Misrepresentation of Critical Information in GitLab
CVE-2024-7803 2025-05-23 Allocation of Resources Without Limits or Throttling in GitLab
CVE-2025-41377 2025-05-23 Cryptographic vulnerability in Iridium Certus 700
CVE-2025-41378 2025-05-23 Injection vulnerability in Iridium Certus 700
CVE-2025-41379 2025-05-23 Injection vulnerability in Iridium Certus 700
CVE-2025-41380 2025-05-23 Injection vulnerability in Iridium Certus 700
CVE-2025-48292 2025-05-23 WordPress Tourmaster plugin <= 5.3.8 - Local File Inclusion vulnerability
CVE-2025-48289 2025-05-23 WordPress Kids Planet <= 2.2.14 - PHP Object Injection Vulnerability
CVE-2025-48287 2025-05-23 WordPress Pix 4x sem juros - Pagaleve <= 1.6.9 - PHP Object Injection Vulnerability
CVE-2025-48286 2025-05-23 WordPress ReDi Restaurant Reservation plugin <= 24.1209 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-48283 2025-05-23 WordPress Majestic Support <= 1.1.0 - SQL Injection Vulnerability
CVE-2025-48275 2025-05-23 WordPress Visual Header <= 1.3 - Broken Access Control Vulnerability
CVE-2025-48273 2025-05-23 WordPress WP Job Portal <= 2.3.2 - Arbitrary File Download Vulnerability
CVE-2025-48271 2025-05-23 WordPress Leadinfo <= 1.1 - Settings Change Vulnerability
CVE-2025-48245 2025-05-23 WordPress Quick Contact Form plugin <= 8.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-48241 2025-05-23 WordPress Verge3D plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47690 2025-05-23 WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerability
CVE-2025-47687 2025-05-23 WordPress StoreKeeper for WooCommerce <= 14.4.4 - Arbitrary File Upload Vulnerability
CVE-2025-47680 2025-05-23 WordPress xili-tidy-tags plugin <= 1.12.06 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47678 2025-05-23 WordPress FunnelCockpit plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47673 2025-05-23 WordPress Arconix Shortcodes plugin <= 2.1.16 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47672 2025-05-23 WordPress miniOrange Discord Integration <= 2.2.2 - Local File Inclusion Vulnerability
CVE-2025-47671 2025-05-23 WordPress Binary MLM Plan <= 3.0 - SQL Injection Vulnerability
CVE-2025-47670 2025-05-23 WordPress WordPress Social Login and Register <= 7.6.10 - Local File Inclusion Vulnerability
CVE-2025-47663 2025-05-23 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability
CVE-2025-47660 2025-05-23 WordPress WC Affiliate <= 2.9.1 - PHP Object Injection Vulnerability
CVE-2025-47658 2025-05-23 WordPress ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.7 - Arbitrary File Upload Vulnerability
CVE-2025-47646 2025-05-23 WordPress PSW Front-end Login & Registration <= 1.13 - Broken Authentication Vulnerability
CVE-2025-47642 2025-05-23 WordPress Ajar in5 Embed <= 3.1.5 - Arbitrary File Upload Vulnerability
CVE-2025-47641 2025-05-23 WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - Arbitrary File Upload Vulnerability
CVE-2025-47640 2025-05-23 WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - SQL Injection Vulnerability
CVE-2025-47637 2025-05-23 WordPress STAGGS <= 2.11.0 - Arbitrary File Upload Vulnerability
CVE-2025-47631 2025-05-23 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Privilege Escalation vulnerability
CVE-2025-47619 2025-05-23 WordPress 6Storage Rentals <= 2.19.4 - Broken Access Control Vulnerability
CVE-2025-47618 2025-05-23 WordPress BMI Adult & Kid Calculator plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47613 2025-05-23 WordPress School Management System for Wordpress plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47611 2025-05-23 WordPress User Meta plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47603 2025-05-23 WordPress belingoGeo <= 1.12.0 - Arbitrary File Download Vulnerability
CVE-2025-47599 2025-05-23 WordPress Facturante <= 1.11 - SQL Injection Vulnerability
CVE-2025-47575 2025-05-23 WordPress School Management plugin <= 92.0.0 - SQL Injection vulnerability
CVE-2025-47568 2025-05-23 WordPress ZoomSounds plugin <= 6.91 - PHP Object Injection vulnerability
CVE-2025-47558 2025-05-23 WordPress MapSVG plugin <= 8.5.31 - Broken Access Control vulnerability
CVE-2025-47541 2025-05-23 WordPress Mail Mint <= 1.17.7 - Sensitive Data Exposure Vulnerability
CVE-2025-47539 2025-05-23 WordPress Eventin <= 4.0.26 - Privilege Escalation Vulnerability
CVE-2025-47535 2025-05-23 WordPress Opal Woo Custom Product Variation <= 1.2.0 - Arbitrary File Deletion Vulnerability
CVE-2025-47532 2025-05-23 WordPress CoinPayments.net Payment Gateway for WooCommerce <= 1.0.17 - PHP Object Injection Vulnerability
CVE-2025-47530 2025-05-23 WordPress WPFunnels <= 3.5.18 - PHP Object Injection Vulnerability
CVE-2025-47529 2025-05-23 WordPress Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Settings Change Vulnerability
CVE-2025-47513 2025-05-23 WordPress Infocob CRM Forms plugin <= 2.4.0 - Arbitrary File Download vulnerability
CVE-2025-47512 2025-05-23 WordPress Tainacan plugin <= 0.21.14 - Arbitrary File Deletion vulnerability
CVE-2025-47492 2025-05-23 WordPress Drag and Drop File Upload for Elementor Forms <= 1.4.3 - Arbitrary File Deletion Vulnerability
CVE-2025-47478 2025-05-23 WordPress ProfileGrid <= 5.9.5.0 - SQL Injection Vulnerability
CVE-2025-47461 2025-05-23 WordPress Subaccounts for WooCommerce plugin <= 1.6.6 - Account Takeover vulnerability
CVE-2025-47458 2025-05-23 WordPress B2i Investor Tools plugin <= 1.0.7.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47453 2025-05-23 WordPress WP Smart Import <= 1.1.3 - Local File Inclusion Vulnerability
CVE-2025-47438 2025-05-23 WordPress WP Job Portal plugin <= 2.3.1 - Local File Inclusion vulnerability
CVE-2025-46539 2025-05-23 WordPress Fable Extra <= 1.0.6 - SQL Injection Vulnerability
CVE-2025-46537 2025-05-23 WordPress Section Widget plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-46527 2025-05-23 WordPress Web3Press – Decentralize Publishing with Writing NFT plugin <= 3.2.0 - Arbitrary File Read vulnerability
CVE-2025-46526 2025-05-23 WordPress My Custom Widgets plugin <= 2.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-46518 2025-05-23 WordPress IGIT Related Posts With Thumb Image After Posts <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability