CVE List - 2025 / May
Showing 601 - 700 of 3984 CVEs for May 2025 (Page 7 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-28062 | 2025-05-05 | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT... |
| CVE-2025-28168 | 2025-05-05 | The Multiple File Upload add-on component 3.1.0 for OutSystems is... |
| CVE-2025-29573 | 2025-05-05 | Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in... |
| CVE-2025-43915 | 2025-05-05 | In Linkerd edge releases before edge-25.2.1, and Buoyant Enterprise for... |
| CVE-2025-44071 | 2025-05-05 | SeaCMS v13.3 was discovered to contain a remote code execution... |
| CVE-2025-44072 | 2025-05-05 | SeaCMS v13.3 was discovered to contain a SQL injection vulnerability... |
| CVE-2025-44074 | 2025-05-05 | SeaCMS v13.3 was discovered to contain a SQL injection vulnerability... |
| CVE-2025-45042 | 2025-05-05 | Tenda AC9 v15.03.05.14 was discovered to contain a command injection... |
| CVE-2025-45236 | 2025-05-05 | A stored cross-site scripting (XSS) vulnerability in the Edit Profile... |
| CVE-2025-45237 | 2025-05-05 | Incorrect access control in the component /config/download of DBSyncer v2.0.6... |
| CVE-2025-45238 | 2025-05-05 | foxcms v1.2.5 was discovered to contain an arbitrary file deletion... |
| CVE-2025-45239 | 2025-05-05 | An issue in the restores method (DataBackup.php) of foxcms v2.0.6... |
| CVE-2025-45240 | 2025-05-05 | foxcms v1.2.5 was discovered to contain a SQL injection vulnerability... |
| CVE-2025-45242 | 2025-05-05 | Rhymix v2.1.22 was discovered to contain an arbitrary file deletion... |
| CVE-2025-45320 | 2025-05-05 | A Directory Listing Vulnerability was found in the /osms/Requester/ directory... |
| CVE-2025-45321 | 2025-05-05 | kashipara Online Service Management Portal V1.0 is vulnerable to SQL... |
| CVE-2025-45322 | 2025-05-05 | kashipara Online Service Management Portal V1.0 is vulnerable to SQL... |
| CVE-2025-45607 | 2025-05-05 | An issue in the component /manage/ of itranswarp v2.19 allows... |
| CVE-2025-45608 | 2025-05-05 | Incorrect access control in the /system/user/findUserList API of Xinguan v0.0.1-SNAPSHOT... |
| CVE-2025-45609 | 2025-05-05 | Incorrect access control in the doFilter function of kob latest... |
| CVE-2025-45610 | 2025-05-05 | Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0... |
| CVE-2025-45611 | 2025-05-05 | Incorrect access control in the /user/edit/ component of hope-boot v1.0.0... |
| CVE-2025-45612 | 2025-05-05 | Incorrect access control in xmall v1.1 allows attackers to bypass... |
| CVE-2025-45613 | 2025-05-05 | Incorrect access control in the component /user/list of Shiro-Action v0.6... |
| CVE-2025-45614 | 2025-05-05 | Incorrect access control in the component /api/user/manager of One v1.0... |
| CVE-2025-45615 | 2025-05-05 | Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT... |
| CVE-2025-45616 | 2025-05-05 | Incorrect access control in the /admin/** API of brcc v1.2.0... |
| CVE-2025-45617 | 2025-05-05 | Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT... |
| CVE-2025-45618 | 2025-05-05 | Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE... |
| CVE-2025-45751 | 2025-05-05 | SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable... |
| CVE-2025-47268 | 2025-05-05 | ping in iputils through 20240905 allows a denial of service... |
| CVE-2025-4255 | 2025-05-05 | PCMan FTP Server RMD Command buffer overflow |
| CVE-2025-4256 | 2025-05-05 | SeaCMS admin_paylog.php cross site scripting |
| CVE-2025-4257 | 2025-05-05 | SeaCMS admin_pay.php cross site scripting |
| CVE-2025-4258 | 2025-05-05 | zhangyanbo2007 youkefu MediaController.java upload unrestricted upload |
| CVE-2025-4259 | 2025-05-05 | newbee-mall UploadController.java upload unrestricted upload |
| CVE-2025-4260 | 2025-05-05 | zhangyanbo2007 youkefu TemplateController.java impsave deserialization |
| CVE-2025-20666 | 2025-05-05 | In Modem, there is a possible system crash due to... |
| CVE-2025-20667 | 2025-05-05 | In Modem, there is a possible information disclosure due to... |
| CVE-2025-20671 | 2025-05-05 | In thermal, there is a possible out of bounds write... |
| CVE-2025-20668 | 2025-05-05 | In scp, there is a possible out of bounds write... |
| CVE-2025-20670 | 2025-05-05 | In Modem, there is a possible permission bypass due to... |
| CVE-2025-20665 | 2025-05-05 | In devinfo, there is a possible information disclosure due to... |
| CVE-2025-4261 | 2025-05-05 | GAIR-NLP factool tool.py run_single code injection |
| CVE-2025-4262 | 2025-05-05 | PHPGurukul Online DJ Booking Management System user-search.php sql injection |
| CVE-2025-4263 | 2025-05-05 | PHPGurukul Online DJ Booking Management System booking-search.php sql injection |
| CVE-2025-4264 | 2025-05-05 | PHPGurukul Emergency Ambulance Hiring Portal edit-ambulance.php sql injection |
| CVE-2025-4265 | 2025-05-05 | PHPGurukul Emergency Ambulance Hiring Portal contact-us.php sql injection |
| CVE-2025-4266 | 2025-05-05 | PHPGurukul Notice Board System bwdates-reports-details.php sql injection |
| CVE-2025-3583 | 2025-05-05 | Newsletter < 8.7.1 - Admin+ Stored XSS |
| CVE-2025-4267 | 2025-05-05 | SourceCodester/oretnom23 Stock Management System Purchase Order Details Page view_po sql injection |
| CVE-2025-39363 | 2025-05-05 | WordPress Custom Login and Registration <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-4268 | 2025-05-05 | TOTOLINK A720R cstecgi.cgi missing authentication |
| CVE-2025-4269 | 2025-05-05 | TOTOLINK A720R Log cstecgi.cgi access control |
| CVE-2025-4270 | 2025-05-05 | TOTOLINK A720R Config cstecgi.cgi information disclosure |
| CVE-2025-4271 | 2025-05-05 | TOTOLINK A720R cstecgi.cgi information disclosure |
| CVE-2025-2905 | 2025-05-05 | Unauthenticated XML External Entity (XXE) Vulnerability in WSO2 API Manager Gateway Component |
| CVE-2025-4272 | 2025-05-05 | Mechrevo Control Console GCUService csCAPI.dll uncontrolled search path |
| CVE-2025-2545 | 2025-05-05 | Deprecated 3DES cryptographic algorithm used by Request Tracker in emails encrypted with S/MIME |
| CVE-2025-4316 | 2025-05-05 | Improper access control in PAM feature in Devolutions Server allows... |
| CVE-2024-58098 | 2025-05-05 | bpf: track changes_pkt_data property for global functions |
| CVE-2024-58100 | 2025-05-05 | bpf: check changes_pkt_data property for extension programs |
| CVE-2024-58237 | 2025-05-05 | bpf: consider that tail calls invalidate packet pointers |
| CVE-2025-4281 | 2025-05-05 | Shenzhen Sixun Software Sixun Shanghui Group Business Management System LoadData information disclosure |
| CVE-2024-11615 | 2025-05-05 | Envolve Plugin <= 1.0 - Unauthenticated Language File Deletion |
| CVE-2025-1992 | 2025-05-05 | IBM Db2 denial of service |
| CVE-2025-0217 | 2025-05-05 | Privileged Remote Access Authentication Bypass |
| CVE-2024-51991 | 2025-05-05 | October CMS Allows Unprotected SVG Rename in Media Manager |
| CVE-2025-24977 | 2025-05-05 | OpenCTI has remote code execution and sensitive secrets exposed through web hook |
| CVE-2025-43842 | 2025-05-05 | GHSL-2025-012_Retrieval-based-Voice-Conversion-WebUI |
| CVE-2025-43843 | 2025-05-05 | GHSL-2025-013_Retrieval-based-Voice-Conversion-WebUI |
| CVE-2025-43844 | 2025-05-05 | GHSL-2025-014_Retrieval-based-Voice-Conversion-WebUI |
| CVE-2025-43845 | 2025-05-05 | GHSL-2025-015_Retrieval-based-Voice-Conversion-WebUI |
| CVE-2025-43846 | 2025-05-05 | GHSL-2025-016_Retrieval-based-Voice-Conversion-WebUI |
| CVE-2025-43847 | 2025-05-05 | GHSL-2025-017_Retrieval-based-Voice-Conversion-WebUI |
| CVE-2025-43848 | 2025-05-05 | GHSL-2025-018_Retrieval-based-Voice-Conversion-WebUI |
| CVE-2025-4282 | 2025-05-05 | SourceCodester/oretnom23 Stock Management System Users.php cross-site request forgery |
| CVE-2025-4096 | 2025-05-05 | Heap buffer overflow in HTML in Google Chrome prior to... |
| CVE-2025-4050 | 2025-05-05 | Out of bounds memory access in DevTools in Google Chrome... |
| CVE-2025-4051 | 2025-05-05 | Insufficient data validation in DevTools in Google Chrome prior to... |
| CVE-2025-4052 | 2025-05-05 | Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59... |
| CVE-2025-4318 | 2025-05-05 | Input validation issue in AWS Amplify Studio UI component properties |
| CVE-2025-43849 | 2025-05-05 | GHSL-2025-019_Retrieval-based-Voice-Conversion-WebUI |
| CVE-2025-43850 | 2025-05-05 | GHSL-2025-020_Retrieval-based-Voice-Conversion-WebUI |
| CVE-2025-43851 | 2025-05-05 | GHSL-2025-021_Retrieval-based-Voice-Conversion-WebUI |
| CVE-2025-43852 | 2025-05-05 | GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI |
| CVE-2025-4279 | 2025-05-05 | External image replace <= 1.0.8 - Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2025-46335 | 2025-05-05 | Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload |
| CVE-2025-46553 | 2025-05-05 | @misskey-dev/summaly Redirect Filter Bypass |
| CVE-2025-4283 | 2025-05-05 | SourceCodester/oretnom23 Stock Management System Login.php sql injection |
| CVE-2025-46340 | 2025-05-05 | Misskey CSS Style Injection Vulnerability In `MkUrlPreview` |
| CVE-2025-46559 | 2025-05-05 | Misskey Directory Traversal Vulnerability in AiScript via `Mk:api` |
| CVE-2024-42212 | 2025-05-05 | HCL BigFix Compliance is affected by an improper or missing SameSite attribute |
| CVE-2025-46571 | 2025-05-05 | Open WebUI vulnerable to limited stored XSS vila uploaded html file |
| CVE-2025-46719 | 2025-05-05 | Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions |
| CVE-2025-46720 | 2025-05-05 | Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields |
| CVE-2024-42213 | 2025-05-05 | HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment |
| CVE-2025-46726 | 2025-05-05 | Langroid Vulnerable to XXE Injection via XMLToolMessage |
| CVE-2025-4286 | 2025-05-05 | Intelbras InControl Dispositivos Edição Page credentials storage |
| CVE-2025-46730 | 2025-05-05 | Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack |