CVE List - 2025 / May
Showing 3801 - 3900 of 3984 CVEs for May 2025 (Page 39 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-48473 | 2025-05-29 | FreeScout Vulnerable to Insufficient Authorization |
| CVE-2025-48474 | 2025-05-29 | FreeScout Vulnerable to Insufficient Authorization |
| CVE-2025-48475 | 2025-05-29 | FreeScout Vulnerable to Insufficient Authorization |
| CVE-2025-46570 | 2025-05-29 | vLLM’s Chunk-Based Prefix Caching Vulnerable to Potential Timing Side-Channel |
| CVE-2025-46722 | 2025-05-29 | vLLM has a Weakness in MultiModalHasher Image Hashing Implementation |
| CVE-2025-46823 | 2025-05-29 | OpenMRS has Vulnerability in FHIR2 Module Privileges |
| CVE-2025-5323 | 2025-05-29 | fossasia open-event-server Mail Verification mail.py send_email_change_user_email reliance on obfuscation or encryption of security-relevant inputs without integrity checking |
| CVE-2025-5324 | 2025-05-29 | TechPowerUp GPU-Z 0x8000645C IOCTL GPU-Z.sys sub_140001880 memory leak |
| CVE-2025-32752 | 2025-05-29 | Dell ThinOS 2502 and prior contain a Cleartext Storage of... |
| CVE-2025-48336 | 2025-05-29 | WordPress Course Builder < 3.6.6 - PHP Object Injection Vulnerability |
| CVE-2025-46701 | 2025-05-29 | Apache Tomcat: Security constraint bypass for CGI scripts |
| CVE-2025-3050 | 2025-05-29 | IBM Db2 denial of service |
| CVE-2025-2518 | 2025-05-29 | IBM Db2 denial of service |
| CVE-2024-49350 | 2025-05-29 | IBM Db2 denial of service |
| CVE-2025-47288 | 2025-05-29 | Discourse Policy plugin private group members visible |
| CVE-2025-47933 | 2025-05-29 | Argo CD allows cross-site scripting on repositories page |
| CVE-2025-5325 | 2025-05-29 | zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testService special elements used in a template engine |
| CVE-2025-4967 | 2025-05-29 | Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS |
| CVE-2025-5326 | 2025-05-29 | zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 verifyToken deserialization |
| CVE-2025-5327 | 2025-05-29 | chshcms mccms Gf.php index server-side request forgery |
| CVE-2025-5328 | 2025-05-29 | chshcms mccms Backups.php restore_del path traversal |
| CVE-2025-5330 | 2025-05-29 | FreeFloat FTP Server RETR Command buffer overflow |
| CVE-2025-31263 | 2025-05-29 | The issue was addressed with improved memory handling. This issue... |
| CVE-2025-31189 | 2025-05-29 | A file quarantine bypass was addressed with additional checks. This... |
| CVE-2025-31198 | 2025-05-29 | This issue was addressed with improved validation of symlinks. This... |
| CVE-2025-31264 | 2025-05-29 | An authentication issue was addressed with improved state management. This... |
| CVE-2025-31199 | 2025-05-29 | A logging issue was addressed with improved data redaction. This... |
| CVE-2025-31231 | 2025-05-29 | A permissions issue was addressed with additional restrictions. This issue... |
| CVE-2025-31261 | 2025-05-29 | A permissions issue was addressed with additional sandbox restrictions. This... |
| CVE-2025-30466 | 2025-05-29 | This issue was addressed through improved state management. This issue... |
| CVE-2025-5331 | 2025-05-29 | PCMan FTP Server NLST Command buffer overflow |
| CVE-2025-5307 | 2025-05-29 | Santesoft Sante DICOM Viewer Pro Out-of-bounds Read |
| CVE-2025-5332 | 2025-05-29 | 1000 Projects Online Notice Board index.php sql injection |
| CVE-2025-1907 | 2025-05-29 | Instantel Micromate Missing Authentication for Critical Function |
| CVE-2025-41438 | 2025-05-29 | Consilium Safety CS5000 Fire Panel Initialization of a Resource with an Insecure Default |
| CVE-2025-46352 | 2025-05-29 | Consilium Safety CS5000 Fire Panel Use of Hard-coded Credentials |
| CVE-2025-44612 | 2025-05-30 | Tinxy WiFi Lock Controller v1 RF was discovered to transmit... |
| CVE-2025-44614 | 2025-05-30 | Tinxy WiFi Lock Controller v1 RF was discovered to store... |
| CVE-2025-44619 | 2025-05-30 | Tinxy WiFi Lock Controller v1 RF was discovered to be... |
| CVE-2025-44904 | 2025-05-30 | hdf5 v1.14.6 was discovered to contain a heap buffer overflow... |
| CVE-2025-44905 | 2025-05-30 | hdf5 v1.14.6 was discovered to contain a heap buffer overflow... |
| CVE-2025-44906 | 2025-05-30 | jhead v3.08 was discovered to contain a heap-use-after-free via the... |
| CVE-2025-48757 | 2025-05-30 | An insufficient database Row-Level Security policy in Lovable through 2025-04-15... |
| CVE-2020-36846 | 2025-05-30 | IO::Compress::Brotli versions prior to 0.007 for Perl have an integer overflow in the bundled Brotli C library |
| CVE-2024-12224 | 2025-05-30 | idna accepts Punycode labels that do not produce any non-ASCII when decoded |
| CVE-2025-47952 | 2025-05-30 | Traefik allows path traversal using url encoding |
| CVE-2025-48068 | 2025-05-30 | Information exposure in Next.js dev server due to lack of origin verification |
| CVE-2025-48381 | 2025-05-30 | CVAT has information disclosure via browsable API |
| CVE-2025-48491 | 2025-05-30 | Project AI API Key Exposure in Source Code |
| CVE-2025-48476 | 2025-05-30 | FreeScout Has Business Logic Errors |
| CVE-2025-48477 | 2025-05-30 | FreeScout Has Business Logic Errors |
| CVE-2025-48478 | 2025-05-30 | FreeScout Has Business Logic Errors |
| CVE-2025-48479 | 2025-05-30 | FreeScout Has Business Logic Errors |
| CVE-2025-48480 | 2025-05-30 | FreeScout Has Business Logic Errors |
| CVE-2025-48481 | 2025-05-30 | FreeScout Has Business Logic Errors |
| CVE-2025-48482 | 2025-05-30 | FreeScout Has Business Logic Errors |
| CVE-2025-48483 | 2025-05-30 | FreeScout Stored XSS leads to CSRF |
| CVE-2025-48484 | 2025-05-30 | FreeScout Vulnerable to Stored XSS |
| CVE-2025-48881 | 2025-05-30 | Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users |
| CVE-2025-5259 | 2025-05-30 | Minimal Share Buttons <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter |
| CVE-2025-4659 | 2025-05-30 | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.4 - Unauthenticated Full Path Disclosure |
| CVE-2025-48490 | 2025-05-30 | Laravel Rest Api has a Search Validation Bypass |
| CVE-2025-41235 | 2025-05-30 | CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies |
| CVE-2025-4429 | 2025-05-30 | WordPress Gearside Developer Dashboard <= 1.0.72 - Reflected XSS |
| CVE-2025-48889 | 2025-05-30 | Gradio Allows Unauthorized File Copy via Path Manipulation |
| CVE-2025-48492 | 2025-05-30 | GetSimple CMS RCE in Edit component |
| CVE-2025-48865 | 2025-05-30 | Fabio allows HTTP clients to manipulate custom headers it adds |
| CVE-2025-48485 | 2025-05-30 | FreeScout Vulnerable to Stored XSS |
| CVE-2025-48486 | 2025-05-30 | FreeScout Vulnerable to Stored XSS |
| CVE-2025-48487 | 2025-05-30 | FreeScout Vulnerable to Stored XSS |
| CVE-2025-48489 | 2025-05-30 | FreeScout Vulnerable to Stored XSS |
| CVE-2025-48875 | 2025-05-30 | FreeScout Vulnerable to Stored XSS |
| CVE-2025-48880 | 2025-05-30 | FreeScout has Race Condition When Deleting Users |
| CVE-2025-48488 | 2025-05-30 | FreeScout Vulnerable to Stored XSS |
| CVE-2025-48936 | 2025-05-30 | ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection |
| CVE-2025-41385 | 2025-05-30 | An OS Command Injection issue exists in wivia 5 all... |
| CVE-2025-41406 | 2025-05-30 | Cross-site scripting vulnerability exists in wivia 5 all versions. If... |
| CVE-2025-47697 | 2025-05-30 | Client-side enforcement of server-side security issue exists in wivia 5... |
| CVE-2025-4943 | 2025-05-30 | LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter |
| CVE-2025-4431 | 2025-05-30 | Featured Image Plus <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Featured Image Update |
| CVE-2025-5236 | 2025-05-30 | NinjaTeam Chat for Telegram <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter |
| CVE-2025-4633 | 2025-05-30 | Default Credentials |
| CVE-2025-4634 | 2025-05-30 | Local File Inclusion |
| CVE-2025-4635 | 2025-05-30 | Remote Code Execution |
| CVE-2025-4636 | 2025-05-30 | Local Privilege Escalation |
| CVE-2025-48912 | 2025-05-30 | Apache Superset: Improper authorization bypass on row level security via SQL Injection |
| CVE-2025-48334 | 2025-05-30 | WordPress Woo Slider Pro <= 1.12 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-5142 | 2025-05-30 | Simple Page Access Restriction <= 1.0.31 - Cross-Site Request Forgery via Multiple Parameters |
| CVE-2025-5235 | 2025-05-30 | OpenSheetMusicDisplay <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter |
| CVE-2025-1763 | 2025-05-30 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2025-4597 | 2025-05-30 | Woo Slider Pro - Drag Drop Slider Builder For WooCommerce <= 1.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion |
| CVE-2025-4944 | 2025-05-30 | LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets |
| CVE-2025-5190 | 2025-05-30 | Browse As <= 0.2 - Authenticated (Subscriber+) Authentication Bypass via Cookie |
| CVE-2025-4433 | 2025-05-30 | Improper access control in user group management in Devolutions Server... |
| CVE-2025-40909 | 2025-05-30 | Perl threads have a working directory race condition where file operations may target unintended paths |
| CVE-2025-1484 | 2025-05-30 | A vulnerability exists in the media upload component of the... |
| CVE-2025-2500 | 2025-05-30 | A vulnerability exists in the SOAP Web services of the... |
| CVE-2025-4598 | 2025-05-30 | Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump |
| CVE-2025-48331 | 2025-05-30 | WordPress WooCommerce Orders & Customers Exporter <= 5.0 - Sensitive Data Exposure Vulnerability |
| CVE-2025-4992 | 2025-05-30 | Stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x |