CVE List - 2025 / May
Showing 3901 - 3984 of 3984 CVEs for May 2025 (Page 40 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-4991 | 2025-05-30 | Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x |
| CVE-2025-4990 | 2025-05-30 | Stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x |
| CVE-2025-4989 | 2025-05-30 | Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x |
| CVE-2025-4988 | 2025-05-30 | Stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2025-4986 | 2025-05-30 | Stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x |
| CVE-2025-4985 | 2025-05-30 | Stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x |
| CVE-2025-4984 | 2025-05-30 | Stored Cross-site Scripting (XSS) vulnerability affecting City Discover in City Referential Manager on Release 3DEXPERIENCE R2025x |
| CVE-2025-4983 | 2025-05-30 | Stored Cross-site Scripting (XSS) vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x |
| CVE-2025-0602 | 2025-05-30 | Stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x |
| CVE-2025-1792 | 2025-05-30 | Improper Access Control in Mattermost Channel Member API |
| CVE-2025-2571 | 2025-05-30 | Google OAuth Authentication Bypass for Converted Bot Accounts |
| CVE-2025-3230 | 2025-05-30 | Bypass of System Admin User Deactivation Controls for Personal Access Tokens in Mattermost Server |
| CVE-2025-3611 | 2025-05-30 | Improper Access Control in Mattermost allows System Managers to view team details despite role restrictions |
| CVE-2024-7096 | 2025-05-30 | Privilege Escalation in Multiple WSO2 Products via SOAP Admin Service Due to Business Logic Flaw |
| CVE-2024-7097 | 2025-05-30 | Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup |
| CVE-2024-13915 | 2025-05-30 | Unrestricted Access to Exported Service in com.pri.factorytest |
| CVE-2024-13916 | 2025-05-30 | Exposure of Applications' Encryption PINs in Kruger&Matz AppLock |
| CVE-2024-13917 | 2025-05-30 | Intent Injection in Kruger&Matz AppLock application |
| CVE-2024-23589 | 2025-05-30 | HCL Glovius Cloud is susceptible to an Outdated Hash Algorithm vulnerability |
| CVE-2024-42190 | 2025-05-30 | HCL Traveler for Microsoft Outlook (HTMO) is susceptible to DLL hijacking |
| CVE-2024-42191 | 2025-05-30 | HCL Traveler for Microsoft Outlook (HTMO) is susceptible to COM hijacking |
| CVE-2025-5356 | 2025-05-30 | FreeFloat FTP Server BYE Command buffer overflow |
| CVE-2023-26226 | 2025-05-30 | A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682 |
| CVE-2025-5357 | 2025-05-30 | FreeFloat FTP Server PWD Command buffer overflow |
| CVE-2025-48887 | 2025-05-30 | vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py` |
| CVE-2025-5054 | 2025-05-30 | Race Condition in Canonical Apport |
| CVE-2025-5358 | 2025-05-30 | PHPGurukul/Campcodes Cyber Cafe Management System bwdates-reports-details.php sql injection |
| CVE-2025-5359 | 2025-05-30 | Campcodes Online Hospital Management System appointment-history.php sql injection |
| CVE-2025-48942 | 2025-05-30 | vLLM DOS: Remotely kill vllm over http with invalid JSON schema |
| CVE-2025-48943 | 2025-05-30 | vLLM allows clients to crash the openai server with invalid regex |
| CVE-2025-48944 | 2025-05-30 | vLLM Tool Schema allows DoS via Malformed pattern and type Fields |
| CVE-2025-48885 | 2025-05-30 | application-urlshortener users can create arbitrary pages as long as they have view access to them |
| CVE-2025-48938 | 2025-05-30 | Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server |
| CVE-2025-48883 | 2025-05-30 | Chrome PHP is missing encoding in `CssSelector` |
| CVE-2025-1479 | 2025-05-30 | An open debug interface was reported in the Legion Space... |
| CVE-2025-2501 | 2025-05-30 | An untrusted search path vulnerability was reported in Lenovo PC... |
| CVE-2025-2502 | 2025-05-30 | An improper default permissions vulnerability was reported in Lenovo PC... |
| CVE-2025-2503 | 2025-05-30 | An improper permission handling vulnerability was reported in Lenovo PC... |
| CVE-2025-48946 | 2025-05-30 | liboqs affected by theoretical design flaw in HQC |
| CVE-2025-48948 | 2025-05-30 | Navidrome Transcoding Permission Bypass Vulnerability Report |
| CVE-2025-5360 | 2025-05-30 | Campcodes Online Hospital Management System book-appointment.php sql injection |
| CVE-2025-48949 | 2025-05-30 | Navidrome allows SQL Injection via role parameter |
| CVE-2025-48882 | 2025-05-30 | PHPOffice Math allows XXE when processing an XML file in the MathML format |
| CVE-2025-5361 | 2025-05-30 | Campcodes Online Hospital Management System contact.php sql injection |
| CVE-2025-5362 | 2025-05-30 | Campcodes Online Hospital Management System doctor-specilization.php sql injection |
| CVE-2025-5363 | 2025-05-30 | Campcodes Online Hospital Management System index.php sql injection |
| CVE-2025-5364 | 2025-05-30 | Campcodes Online Hospital Management System add-patient.php sql injection |
| CVE-2018-25111 | 2025-05-31 | django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0)... |
| CVE-2025-5365 | 2025-05-31 | Campcodes Online Hospital Management System patient-search.php sql injection |
| CVE-2025-5367 | 2025-05-31 | PHPGurukul Online Shopping Portal Project category.php sql injection |
| CVE-2025-5016 | 2025-05-31 | Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights |
| CVE-2025-5368 | 2025-05-31 | PHPGurukul Daily Expense Tracker System expense-yearwise-reports-detailed.php sql injection |
| CVE-2025-5369 | 2025-05-31 | SourceCodester PHP Display Username After Login login.php sql injection |
| CVE-2025-5370 | 2025-05-31 | PHPGurukul News Portal forgot-password.php sql injection |
| CVE-2025-4103 | 2025-05-31 | WP-GeoMeta 0.3.4 - 0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function |
| CVE-2025-4590 | 2025-05-31 | Daisycon prijsvergelijkers <= 4.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-4672 | 2025-05-31 | Offsprout Page Builder 2.2.1 - 2.15.2 - Authenticated (Contributor+) Privilege Escalation via permission_callback Function |
| CVE-2025-4607 | 2025-05-31 | PSW Front-end Login & Registration <= 1.12 - Insufficiently Random Values to Unauthenticated Account Takeover/Privilege Escalation via customer_registration Function |
| CVE-2025-5292 | 2025-05-31 | Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2025-5285 | 2025-05-31 | Product Subtitle for WooCommerce <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via htmlTag Parameter |
| CVE-2025-4631 | 2025-05-31 | Profitori 2.0.6.0 - 2.1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via stocktend_object Endpoint |
| CVE-2025-4595 | 2025-05-31 | FastSpring <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5290 | 2025-05-31 | Borderless – Elementor Addons and Templates <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-3813 | 2025-05-31 | Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5371 | 2025-05-31 | SourceCodester Health Center Patient Record Management System admin.php sql injection |
| CVE-2025-5373 | 2025-05-31 | PHPGurukul Online Birth Certificate System users-applications.php sql injection |
| CVE-2025-5374 | 2025-05-31 | PHPGurukul Online Birth Certificate System all-applications.php sql injection |
| CVE-2025-5375 | 2025-05-31 | PHPGurukul HPGurukul Online Birth Certificate System registered-users.php sql injection |
| CVE-2025-4857 | 2025-05-31 | Newsletters <= 4.9.9.9 - Authenticated (Administrator+) Local File Inclusion |
| CVE-2025-4691 | 2025-05-31 | Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.21 - Insecure Direct Object Reference to Sensitive Information Exposure |
| CVE-2025-5376 | 2025-05-31 | SourceCodester Health Center Patient Record Management System patient.php sql injection |
| CVE-2025-5377 | 2025-05-31 | Astun Technology iShare Maps historic1.asp cross site scripting |
| CVE-2025-5378 | 2025-05-31 | Astun Technology iShare Maps mycouncil2.aspx cross site scripting |
| CVE-2025-5379 | 2025-05-31 | NuCom NC-WR744G Console Application hard-coded credentials |
| CVE-2025-5380 | 2025-05-31 | ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 Image File Upload upload path traversal |
| CVE-2025-5381 | 2025-05-31 | Yifang CMS Admin Panel downloadFile path traversal |
| CVE-2025-5383 | 2025-05-31 | Yifang CMS Article Management Module cross site scripting |
| CVE-2025-5384 | 2025-05-31 | JeeWMS cgAutoListController.do CgAutoListController sql injection |
| CVE-2025-5385 | 2025-05-31 | JeeWMS cgformTemplateController.do doAdd path traversal |
| CVE-2025-5386 | 2025-05-31 | JeeWMS cgformTransController.do transEditor sql injection |
| CVE-2025-5387 | 2025-05-31 | JeeWMS File generateController.do dogenerate access control |
| CVE-2025-5388 | 2025-05-31 | JeeWMS generateController.do dogenerate sql injection |
| CVE-2025-5389 | 2025-05-31 | JeeWMS File generateController.do dogenerateOne2Many access control |
| CVE-2025-5390 | 2025-05-31 | JeeWMS File filedeal.do filedeal access control |