CVE List - 2025 / May
Showing 801 - 900 of 3984 CVEs for May 2025 (Page 9 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-49845 | 2025-05-06 | Improper Input Validation in HLOS |
| CVE-2024-49846 | 2025-05-06 | Buffer Over-read in Multi-Mode Call Processor |
| CVE-2024-49847 | 2025-05-06 | Buffer Over-read in Multi-Mode Call Processor |
| CVE-2025-21453 | 2025-05-06 | Use After Free in GPS HLOS Driver |
| CVE-2025-21459 | 2025-05-06 | Buffer Over-read in WLAN Host Communication |
| CVE-2025-21460 | 2025-05-06 | Improper Input Validation in Automotive Software platform based on QNX |
| CVE-2025-21462 | 2025-05-06 | Out-of-bounds Write in Computer Vision |
| CVE-2025-21467 | 2025-05-06 | Out-of-bounds Write in Computer Vision |
| CVE-2025-21468 | 2025-05-06 | Out-of-bounds Write in Computer Vision |
| CVE-2025-21469 | 2025-05-06 | Improper Access Control in Camera Driver |
| CVE-2025-21470 | 2025-05-06 | Improper Access Control in Camera Driver |
| CVE-2025-21475 | 2025-05-06 | Buffer Over-read in Display |
| CVE-2025-25218 | 2025-05-06 | third_party_mksh has a NULL pointer dereference vulnerability |
| CVE-2025-4343 | 2025-05-06 | D-Link DIR-600L formEasySetupWizard buffer overflow |
| CVE-2025-27132 | 2025-05-06 | arkcompiler_ets_runtime has an out-of-bounds write vulnerability |
| CVE-2025-22886 | 2025-05-06 | distributeddatamgr_udmf has a memory leak vulnerability |
| CVE-2025-27248 | 2025-05-06 | ai_neural_network_runtime has a NULL pointer dereference vulnerability |
| CVE-2025-27241 | 2025-05-06 | multimedia_av_codec has a NULL pointer dereference vulnerability |
| CVE-2025-25052 | 2025-05-06 | arkcompiler_ets_runtime has a buffer overflow vulnerability |
| CVE-2025-46762 | 2025-05-06 | Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata |
| CVE-2025-2011 | 2025-05-06 | Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter |
| CVE-2025-3782 | 2025-05-06 | Cision Block <= 4.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2025-4344 | 2025-05-06 | D-Link DIR-600L formLogin buffer overflow |
| CVE-2025-4345 | 2025-05-06 | D-Link DIR-600L formSetLog buffer overflow |
| CVE-2025-4346 | 2025-05-06 | D-Link DIR-600L formSetWAN_Wizard534 buffer overflow |
| CVE-2025-4347 | 2025-05-06 | D-Link DIR-600L formWlSiteSurvey buffer overflow |
| CVE-2025-40620 | 2025-05-06 | Multiple vulnerabilities in TCMAN's GIM |
| CVE-2025-40621 | 2025-05-06 | Multiple vulnerabilities in TCMAN's GIM |
| CVE-2025-40622 | 2025-05-06 | Multiple vulnerabilities in TCMAN's GIM |
| CVE-2025-40623 | 2025-05-06 | Multiple vulnerabilities in TCMAN's GIM |
| CVE-2025-40624 | 2025-05-06 | Multiple vulnerabilities in TCMAN's GIM |
| CVE-2025-40625 | 2025-05-06 | Multiple vulnerabilities in TCMAN's GIM |
| CVE-2025-4348 | 2025-05-06 | D-Link DIR-600L formSetWanL2TP buffer overflow |
| CVE-2025-0984 | 2025-05-06 | Arbitrary File Upload in Netoloji Software's E-Flow |
| CVE-2025-4349 | 2025-05-06 | D-Link DIR-600L formSysCmd command injection |
| CVE-2025-4350 | 2025-05-06 | D-Link DIR-600L wake_on_lan command injection |
| CVE-2025-4352 | 2025-05-06 | Brilliance Golden Link Secondary System tcEntrFlowSelect.htm sql injection |
| CVE-2025-4353 | 2025-05-06 | Brilliance Golden Link Secondary System queryTsDictionaryType.htm sql injection |
| CVE-2025-4354 | 2025-05-06 | Tenda DAP-1520 storage check_dws_cookie stack-based overflow |
| CVE-2025-4355 | 2025-05-06 | Tenda DAP-1520 api set_ws_action heap-based overflow |
| CVE-2025-4356 | 2025-05-06 | Tenda DAP-1520 Authentication storage mod_graph_auth_uri_handler stack-based overflow |
| CVE-2025-4357 | 2025-05-06 | Tenda RX3 telnet command injection |
| CVE-2025-4358 | 2025-05-06 | PHPGurukul Company Visitor Management System admin-profile.php sql injection |
| CVE-2025-4359 | 2025-05-06 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-4360 | 2025-05-06 | itsourcecode Gym Management System view_member.php sql injection |
| CVE-2025-4361 | 2025-05-06 | PHPGurukul Company Visitor Management System department.php sql injection |
| CVE-2025-2898 | 2025-05-06 | IBM Maximo Application Suite privilege escalation |
| CVE-2025-4373 | 2025-05-06 | Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar |
| CVE-2025-4374 | 2025-05-06 | Quay: incorrect privilege assignment |
| CVE-2025-46814 | 2025-05-06 | FastAPI Guard Remote Header Injection via X-Forwarded-For Manipulation |
| CVE-2025-4362 | 2025-05-06 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-23379 | 2025-05-06 | Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s)... |
| CVE-2025-4363 | 2025-05-06 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-4368 | 2025-05-06 | Tenda AC8 MtuSetMacWan formGetRouterStatus buffer overflow |
| CVE-2025-22479 | 2025-05-06 | Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s)... |
| CVE-2025-22478 | 2025-05-06 | Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s)... |
| CVE-2025-4384 | 2025-05-06 | Certificate validity not properly verified |
| CVE-2025-22477 | 2025-05-06 | Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s)... |
| CVE-2025-22476 | 2025-05-06 | Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s)... |
| CVE-2025-4041 | 2025-05-06 | Use of Hard-coded Credentials Optigo Networks ONS NC600 |
| CVE-2025-30165 | 2025-05-06 | Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration |
| CVE-2025-32022 | 2025-05-06 | Finit has heap based buffer overwrite in urandom.so plugin |
| CVE-2025-46735 | 2025-05-06 | Terraform WinDNS Provider improperly sanitizes input variables in `windns_record` |
| CVE-2025-46736 | 2025-05-06 | Umbraco Makes User Enumeration Feasible Based on Timing of Login Response |
| CVE-2025-46815 | 2025-05-06 | ZITADEL Allows IdP Intent Token Reuse |
| CVE-2025-37730 | 2025-05-06 | Logstash Improper Certificate Validation in TCP output |
| CVE-2025-25014 | 2025-05-06 | Kibana arbitrary code execution via prototype pollution |
| CVE-2025-4388 | 2025-05-06 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal... |
| CVE-2025-46816 | 2025-05-06 | goshs route not protected, allows command execution |
| CVE-2025-46820 | 2025-05-06 | phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact |
| CVE-2025-47417 | 2025-05-06 | Enable Debug Images |
| CVE-2024-12225 | 2025-05-06 | Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass |
| CVE-2025-47418 | 2025-05-06 | Recording |
| CVE-2025-46572 | 2025-05-06 | passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping |
| CVE-2025-0649 | 2025-05-06 | Stack Exhaustion In Tensorflow Serving |
| CVE-2025-46573 | 2025-05-06 | passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling |
| CVE-2025-47419 | 2025-05-06 | Non-Secure Access |
| CVE-2025-0853 | 2025-05-06 | PGS Core <= 5.8.0 - Unauthenticated SQL Injection |
| CVE-2025-47420 | 2025-05-06 | User Permissions on Network API |
| CVE-2025-4372 | 2025-05-06 | Use after free in WebAudio in Google Chrome prior to... |
| CVE-2025-0855 | 2025-05-06 | PGS Core <= 5.8.0 - Unauthenticated PHP Object Injection |
| CVE-2025-0856 | 2025-05-06 | PGS Core <= 5.8.0 - Missing Authorization via Multiple Functions |
| CVE-2025-26168 | 2025-05-07 | IXON VPN Client before 1.4.4 on Linux and macOS allows... |
| CVE-2025-26169 | 2025-05-07 | IXON VPN Client before 1.4.4 on Windows allows Local Privilege... |
| CVE-2025-29152 | 2025-05-07 | Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an... |
| CVE-2025-29153 | 2025-05-07 | SQL Injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an... |
| CVE-2025-29154 | 2025-05-07 | HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an... |
| CVE-2025-29448 | 2025-05-07 | Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to... |
| CVE-2025-29602 | 2025-05-07 | flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in... |
| CVE-2025-29746 | 2025-05-07 | Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote... |
| CVE-2025-45388 | 2025-05-07 | Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting... |
| CVE-2025-45514 | 2025-05-07 | Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the... |
| CVE-2025-47203 | 2025-05-07 | dbclient in Dropbear SSH before 2025.88 allows command injection via... |
| CVE-2025-47423 | 2025-05-07 | Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to... |
| CVE-2025-3218 | 2025-05-07 | IBM i improper certificate validation |
| CVE-2025-3853 | 2025-05-07 | WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation |
| CVE-2025-2821 | 2025-05-07 | Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification |
| CVE-2025-3851 | 2025-05-07 | Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure |
| CVE-2025-3844 | 2025-05-07 | PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover |
| CVE-2025-3924 | 2025-05-07 | PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Unauthenticated Email Enumeration |