CVE List - 2025 / May
Showing 401 - 500 of 3984 CVEs for May 2025 (Page 5 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-3708 | 2025-05-02 | Le-show Medical Practice Management System - SQL Injection |
| CVE-2025-3709 | 2025-05-02 | Flowring Technology Agentflow - Account Lockout Bypass |
| CVE-2024-13419 | 2025-05-02 | Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2025-3748 | 2025-05-02 | Taxonomy Chain Menu <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via pn_chain_menu Shortcode |
| CVE-2025-3510 | 2025-05-02 | tagDiv Composer <= 5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes |
| CVE-2024-13344 | 2025-05-02 | Advance Seat Reservation Management for WooCommerce <= 3.3 - Unauthenticated SQL Injection |
| CVE-2025-1327 | 2025-05-02 | Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion |
| CVE-2024-13322 | 2025-05-02 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.88 - Unauthenticated SQL Injection |
| CVE-2024-13420 | 2025-05-02 | Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates |
| CVE-2024-12023 | 2025-05-02 | FULL – Cliente 3.1.5 - 3.1.25 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-13418 | 2025-05-02 | Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-1326 | 2025-05-02 | Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reservation & Post Deletion |
| CVE-2025-3858 | 2025-05-02 | Formality <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter |
| CVE-2025-3488 | 2025-05-02 | WPML Multilingual CMS 3.6.0 - 4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpml_language_switcher Shortcode |
| CVE-2025-3438 | 2025-05-02 | MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.4 - Unauthenticated Limited Privilege Escalation |
| CVE-2025-3513 | 2025-05-02 | SureForms < 1.4.4 - Admin+ Stored XSS |
| CVE-2025-3514 | 2025-05-02 | SureForms < 1.4.4 - Admin+ Stored XSS |
| CVE-2024-13858 | 2025-05-02 | BuddyBoss Platform and BuddyBoss Theme <= Multiple Versions - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'invitee_name' |
| CVE-2024-13860 | 2025-05-02 | BuddyBoss Platform <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bbp_topic_title' |
| CVE-2024-13859 | 2025-05-02 | BuddyBoss Platform <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bp_nouveau_ajax_media_save' function |
| CVE-2024-11142 | 2025-05-02 | CSRF in Gosoft Software's Proticaret E-Commerce |
| CVE-2025-2812 | 2025-05-02 | SQLi in Mydata Informatics' Ticket Sales Automation |
| CVE-2025-0072 | 2025-05-02 | Mali GPU Kernel Driver allows improper GPU memory processing operations |
| CVE-2025-0427 | 2025-05-02 | Mali GPU Kernel Driver allows access to already freed memory |
| CVE-2025-1301 | 2025-05-02 | Reflected XSS in Yordam Informatics' Library Automation System |
| CVE-2025-2421 | 2025-05-02 | Remote Code Execution in Profelis Informatics' SambaBox |
| CVE-2025-2488 | 2025-05-02 | XSS in Profelis Informatics' SambaBox |
| CVE-2025-4204 | 2025-05-02 | Ultimate Auction Pro <= 1.5.2 - Unauthenticated SQL Injection via 'auction_id' |
| CVE-2025-2605 | 2025-05-02 | Authenticated command injection |
| CVE-2025-37797 | 2025-05-02 | net_sched: hfsc: Fix a UAF vulnerability in class handling |
| CVE-2025-37798 | 2025-05-02 | codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() |
| CVE-2025-3927 | 2025-05-02 | CVE-2025-3927 |
| CVE-2025-4166 | 2025-05-02 | Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin |
| CVE-2025-1883 | 2025-05-02 | Out-Of-Bounds Write vulnerability exists in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 |
| CVE-2025-1884 | 2025-05-02 | Use-After-Free vulnerability exists in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 |
| CVE-2025-4210 | 2025-05-02 | Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization |
| CVE-2022-49932 | 2025-05-02 | KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace |
| CVE-2023-53035 | 2025-05-02 | nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() |
| CVE-2023-53036 | 2025-05-02 | drm/amdgpu: Fix call trace warning and hang when removing amdgpu device |
| CVE-2023-53037 | 2025-05-02 | scsi: mpi3mr: Bad drive in topology results kernel crash |
| CVE-2023-53038 | 2025-05-02 | scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() |
| CVE-2023-53039 | 2025-05-02 | HID: intel-ish-hid: ipc: Fix potential use-after-free in work function |
| CVE-2023-53040 | 2025-05-02 | ca8210: fix mac_len negative array access |
| CVE-2023-53041 | 2025-05-02 | scsi: qla2xxx: Perform lockless command completion in abort path |
| CVE-2023-53042 | 2025-05-02 | drm/amd/display: Do not set DRR on pipe Commit |
| CVE-2023-53043 | 2025-05-02 | arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent |
| CVE-2023-53044 | 2025-05-02 | dm stats: check for and propagate alloc_percpu failure |
| CVE-2023-53045 | 2025-05-02 | usb: gadget: u_audio: don't let userspace block driver unbind |
| CVE-2023-53046 | 2025-05-02 | Bluetooth: Fix race condition in hci_cmd_sync_clear |
| CVE-2023-53047 | 2025-05-02 | tee: amdtee: fix race condition in amdtee_open_session |
| CVE-2023-53048 | 2025-05-02 | usb: typec: tcpm: fix warning when handle discover_identity message |
| CVE-2023-53049 | 2025-05-02 | usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() |
| CVE-2023-53050 | 2025-05-02 | thunderbolt: Fix memory leak in margining |
| CVE-2023-53051 | 2025-05-02 | dm crypt: add cond_resched() to dmcrypt_write() |
| CVE-2023-53052 | 2025-05-02 | cifs: fix use-after-free bug in refresh_cache_worker() |
| CVE-2023-53053 | 2025-05-02 | erspan: do not use skb_mac_header() in ndo_start_xmit() |
| CVE-2023-53054 | 2025-05-02 | usb: dwc2: fix a devres leak in hw_enable upon suspend resume |
| CVE-2023-53055 | 2025-05-02 | fscrypt: destroy keyring after security_sb_delete() |
| CVE-2023-53056 | 2025-05-02 | scsi: qla2xxx: Synchronize the IOCB count to be in order |
| CVE-2023-53057 | 2025-05-02 | Bluetooth: HCI: Fix global-out-of-bounds |
| CVE-2023-53058 | 2025-05-02 | net/mlx5: E-Switch, Fix an Oops in error handling code |
| CVE-2023-53059 | 2025-05-02 | platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl |
| CVE-2023-53060 | 2025-05-02 | igb: revert rtnl_lock() that causes deadlock |
| CVE-2023-53061 | 2025-05-02 | ksmbd: fix possible refcount leak in smb2_open() |
| CVE-2023-53062 | 2025-05-02 | net: usb: smsc95xx: Limit packet length to skb->len |
| CVE-2023-53064 | 2025-05-02 | iavf: fix hang on reboot with ice |
| CVE-2023-53065 | 2025-05-02 | perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output |
| CVE-2023-53066 | 2025-05-02 | qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info |
| CVE-2023-53067 | 2025-05-02 | LoongArch: Only call get_timer_irq() once in constant_clockevent_init() |
| CVE-2023-53068 | 2025-05-02 | net: usb: lan78xx: Limit packet length to skb->len |
| CVE-2023-53069 | 2025-05-02 | octeontx2-vf: Add missing free for alloc_percpu |
| CVE-2023-53070 | 2025-05-02 | ACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent |
| CVE-2023-53071 | 2025-05-02 | wifi: mt76: do not run mt76_unregister_device() on unregistered hw |
| CVE-2023-53072 | 2025-05-02 | mptcp: use the workqueue to destroy unaccepted sockets |
| CVE-2023-53073 | 2025-05-02 | perf/x86/amd/core: Always clear status for idx |
| CVE-2023-53074 | 2025-05-02 | drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini |
| CVE-2023-53075 | 2025-05-02 | ftrace: Fix invalid address access in lookup_rec() when index is 0 |
| CVE-2023-53077 | 2025-05-02 | drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes |
| CVE-2023-53078 | 2025-05-02 | scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() |
| CVE-2023-53079 | 2025-05-02 | net/mlx5: Fix steering rules cleanup |
| CVE-2023-53080 | 2025-05-02 | xsk: Add missing overflow check in xdp_umem_reg |
| CVE-2023-53081 | 2025-05-02 | ocfs2: fix data corruption after failed write |
| CVE-2023-53082 | 2025-05-02 | vp_vdpa: fix the crash in hot unplug with vp_vdpa |
| CVE-2023-53083 | 2025-05-02 | nfsd: don't replace page in rq_pages if it's a continuation of last page |
| CVE-2023-53084 | 2025-05-02 | drm/shmem-helper: Remove another errant put in error path |
| CVE-2023-53085 | 2025-05-02 | drm/edid: fix info leak when failing to get panel id |
| CVE-2023-53086 | 2025-05-02 | wifi: mt76: connac: do not check WED status for non-mmio devices |
| CVE-2023-53087 | 2025-05-02 | drm/i915/active: Fix misuse of non-idle barriers as fence trackers |
| CVE-2023-53088 | 2025-05-02 | mptcp: fix UaF in listener shutdown |
| CVE-2023-53089 | 2025-05-02 | ext4: fix task hung in ext4_xattr_delete_inode |
| CVE-2023-53090 | 2025-05-02 | drm/amdkfd: Fix an illegal memory access |
| CVE-2023-53091 | 2025-05-02 | ext4: update s_journal_inum if it changes after journal replay |
| CVE-2023-53092 | 2025-05-02 | interconnect: exynos: fix node leak in probe PM QoS error path |
| CVE-2023-53093 | 2025-05-02 | tracing: Do not let histogram values have some modifiers |
| CVE-2023-53094 | 2025-05-02 | tty: serial: fsl_lpuart: fix race on RX DMA shutdown |
| CVE-2023-53095 | 2025-05-02 | drm/ttm: Fix a NULL pointer dereference |
| CVE-2023-53096 | 2025-05-02 | interconnect: fix mem leak when freeing nodes |
| CVE-2023-53097 | 2025-05-02 | powerpc/iommu: fix memory leak with using debugfs_lookup() |
| CVE-2023-53098 | 2025-05-02 | media: rc: gpio-ir-recv: add remove function |
| CVE-2023-53099 | 2025-05-02 | firmware: xilinx: don't make a sleepable memory allocation from an atomic context |