CVE List - 2025 / May
Showing 901 - 1000 of 3982 CVEs for May 2025 (Page 10 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-3921 | 2025-05-07 | PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function |
| CVE-2025-4055 | 2025-05-07 | Multiple Post Type Order <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode |
| CVE-2025-3860 | 2025-05-07 | CarDealerPress <= 6.7.2504.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter |
| CVE-2025-4220 | 2025-05-07 | Xavin's List Subpages <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-4054 | 2025-05-07 | Relevanssi <= 4.24.3 - Unauthenticated Stored Cross-Site Scripting via Search Highlights |
| CVE-2025-3766 | 2025-05-07 | Login Lockdown & Protection <= 2.11 - Missing Authorization to Authenticated (Subscriber+) Arbitrary IP Whitelisting |
| CVE-2025-1399 | 2025-05-07 | Out-of-bounds Read in libplctag library |
| CVE-2025-1400 | 2025-05-07 | Out-of-bounds Read in libplctag library |
| CVE-2025-32396 | 2025-05-07 | An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC... |
| CVE-2025-32397 | 2025-05-07 | An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC... |
| CVE-2025-32398 | 2025-05-07 | A NULL Pointer Dereference in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC... |
| CVE-2025-32399 | 2025-05-07 | An Unchecked Input for Loop Condition in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to cause IO devices that use the library to enter an infinite loop by... |
| CVE-2025-32400 | 2025-05-07 | An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC... |
| CVE-2025-32401 | 2025-05-07 | An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malicious RPC... |
| CVE-2025-32402 | 2025-05-07 | An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet. |
| CVE-2025-32403 | 2025-05-07 | An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malicious RPC packet. |
| CVE-2025-32404 | 2025-05-07 | An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malicious RPC packet. |
| CVE-2025-32405 | 2025-05-07 | An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet. |
| CVE-2025-4171 | 2025-05-07 | WZ Followed Posts – Display what visitors are reading <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12120 | 2025-05-07 | Royal Elementor Addons and Templates <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-0666 | 2025-05-07 | BOINC Server Stored XSS Injection in host_venue_action.php |
| CVE-2025-0667 | 2025-05-07 | BOINC Server Stored XSS Injection in pm.php |
| CVE-2025-0668 | 2025-05-07 | BOINC Server Multiple SQL Injections |
| CVE-2025-0669 | 2025-05-07 | BOINC Server Cross-Site Request Forgery |
| CVE-2025-20937 | 2025-05-07 | Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. |
| CVE-2025-20949 | 2025-05-07 | Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members. |
| CVE-2025-20953 | 2025-05-07 | Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN. |
| CVE-2025-20954 | 2025-05-07 | Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability. |
| CVE-2025-20955 | 2025-05-07 | Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images. |
| CVE-2025-20956 | 2025-05-07 | Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings. |
| CVE-2025-20957 | 2025-05-07 | Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege. |
| CVE-2025-20958 | 2025-05-07 | Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors. |
| CVE-2025-20959 | 2025-05-07 | Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. |
| CVE-2025-20960 | 2025-05-07 | Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api. |
| CVE-2025-20961 | 2025-05-07 | Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege. |
| CVE-2025-20962 | 2025-05-07 | Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position. |
| CVE-2025-20963 | 2025-05-07 | Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory. |
| CVE-2025-20964 | 2025-05-07 | Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory. |
| CVE-2025-20965 | 2025-05-07 | Improper handling of insufficient permission in Bixby wakeup prior to version 2.3.74.8 allows local attackers to access sensitive data. |
| CVE-2025-20966 | 2025-05-07 | Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data... |
| CVE-2025-20967 | 2025-05-07 | Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write... |
| CVE-2025-20968 | 2025-05-07 | Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data... |
| CVE-2025-20969 | 2025-05-07 | Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data... |
| CVE-2025-20970 | 2025-05-07 | Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files with Bixby... |
| CVE-2025-20971 | 2025-05-07 | Improper input validation in Samsung Flow prior to version 4.9.17.6 allows local attackers to access data within Samsung Flow. |
| CVE-2025-20972 | 2025-05-07 | Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration. |
| CVE-2025-20973 | 2025-05-07 | Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder. |
| CVE-2025-20974 | 2025-05-07 | Improper handling of insufficient permission in PackageInstallerCN prior to version 15.0.11.0 allows local attacker to bypass user interaction for requested installation. |
| CVE-2025-20975 | 2025-05-07 | Improper Export of Android Application Components in AODService prior to version 8.8.28.12 allows local attackers to launch arbitrary activity with systemui privilege. |
| CVE-2025-20976 | 2025-05-07 | Out-of-bounds read in applying binary of text content in Samsung Notes prior to version 4.4.29.23 allows attackers to read out-of-bounds memory. |
| CVE-2025-20977 | 2025-05-07 | Use of implicit intent for sensitive communication in translation in Samsung Notes prior to version 4.4.29.23 allows local attackers to get sensitive information. User interaction is required for triggering this... |
| CVE-2025-20978 | 2025-05-07 | Improper access control in PENUP prior to version 3.9.19.32 allows local attackers to access files with PENUP privilege. |
| CVE-2025-20979 | 2025-05-07 | Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code. |
| CVE-2025-20980 | 2025-05-07 | Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption. |
| CVE-2025-27533 | 2025-05-07 | Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation |
| CVE-2025-39361 | 2025-05-07 | WordPress Royal Elementor Addons plugin <= 1.7.1017 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-4104 | 2025-05-07 | Frontend Dashboard 1.0 - 2.2.6 - Missing Authorization to Unauthenticated Privilege Escalation via fed_wp_ajax_fed_login_form_post Function |
| CVE-2025-33093 | 2025-05-07 | IBM Sterling Partner Engagement Manager information disclosure |
| CVE-2020-36791 | 2025-05-07 | net_sched: keep alloc_hash updated after hash allocation |
| CVE-2025-47439 | 2025-05-07 | WordPress Download Monitor <= 5.0.22 - Local File Inclusion Vulnerability |
| CVE-2025-47440 | 2025-05-07 | WordPress WPAdverts <= 2.2.2 - Local File Inclusion Vulnerability |
| CVE-2025-47441 | 2025-05-07 | WordPress Progress Bar <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47442 | 2025-05-07 | WordPress CC BMI Calculator <= 2.1.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47443 | 2025-05-07 | WordPress Widget Countdown <= 2.7.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47446 | 2025-05-07 | WordPress Listamester <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47447 | 2025-05-07 | WordPress Cool Author Box <= 3.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47448 | 2025-05-07 | WordPress WP Hotel Booking <= 2.1.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47449 | 2025-05-07 | WordPress Meow Gallery <= 5.2.7 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47450 | 2025-05-07 | WordPress Simple File List <= 6.1.13 - Settings Change Vulnerability |
| CVE-2025-47451 | 2025-05-07 | WordPress Product Quantity Dropdown For Woocommerce plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-47454 | 2025-05-07 | WordPress WP Gravity Forms Dynamics CRM <= 1.1.4 - Open Redirection Vulnerability |
| CVE-2025-47455 | 2025-05-07 | WordPress Integration for WooCommerce and Salesforce <= 1.7.5 - Open Redirection Vulnerability |
| CVE-2025-47456 | 2025-05-07 | WordPress WP Gravity Forms Zendesk <= 1.1.2 - Open Redirection Vulnerability |
| CVE-2025-47457 | 2025-05-07 | WordPress LocateAndFilter <= 1.6.16 - Broken Access Control Vulnerability |
| CVE-2025-47459 | 2025-05-07 | WordPress WP Fundraising Donation and Crowdfunding Platform <= 1.7.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47460 | 2025-05-07 | WordPress TrackShip for WooCommerce <= 1.9.1 - SQL Injection Vulnerability |
| CVE-2025-47462 | 2025-05-07 | WordPress Challan plugin <= 3.7.58 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-47464 | 2025-05-07 | WordPress Solace Extra <= 1.3.1 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-47465 | 2025-05-07 | WordPress Blocksy <= 2.0.97 - Broken Access Control Vulnerability |
| CVE-2025-47466 | 2025-05-07 | WordPress Ultimate WP Mail <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47467 | 2025-05-07 | WordPress GS Testimonial Slider <= 3.3.0 - Broken Access Control Vulnerability |
| CVE-2025-47468 | 2025-05-07 | WordPress Hash Form <= 1.2.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47469 | 2025-05-07 | WordPress Media Hygiene <= 4.0.0 - Broken Access Control Vulnerability |
| CVE-2025-47470 | 2025-05-07 | WordPress GPT3 AI Content Writer plugin <= 1.9.14 - Cross Site Request Forgery (CSRF) to Prompt Generation vulnerability |
| CVE-2025-47471 | 2025-05-07 | WordPress Envo Extra <= 1.9.9 - Broken Access Control Vulnerability |
| CVE-2025-47472 | 2025-05-07 | WordPress Music Player for WooCommerce <= 1.5.1 - Broken Access Control Vulnerability |
| CVE-2025-47473 | 2025-05-07 | WordPress PW WooCommerce Bulk Edit <= 2.134 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47475 | 2025-05-07 | WordPress JupiterX Core <= 4.8.11 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47476 | 2025-05-07 | WordPress Cost Calculator for Elementor <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47480 | 2025-05-07 | WordPress Graphina <= 3.0.4 - Broken Access Control Vulnerability |
| CVE-2025-47481 | 2025-05-07 | WordPress GS Testimonial Slider plugin <= 3.2.9 - Content Injection vulnerability |
| CVE-2025-47482 | 2025-05-07 | WordPress SKT Skill Bar <= 2.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47483 | 2025-05-07 | WordPress Easy Replace Image <= 3.5.0 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-47484 | 2025-05-07 | WordPress Display Remote Posts Block <= 1.1.0 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-47485 | 2025-05-07 | WordPress Cozy Blocks <= 2.1.22 - Broken Access Control Vulnerability |
| CVE-2025-47486 | 2025-05-07 | WordPress Gutenberg & Elementor Templates Importer For Responsive <= 3.1.9 - Broken Access Control Vulnerability |
| CVE-2025-47488 | 2025-05-07 | WordPress Bold Page Builder <= 5.3.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47489 | 2025-05-07 | WordPress Beds24 Online Booking <= 2.0.29 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47490 | 2025-05-07 | WordPress Ultimate WP Mail <= 1.3.4 - SQL Injection Vulnerability |
| CVE-2025-47491 | 2025-05-07 | WordPress Contact Form Widget <= 1.4.6 - Cross Site Request Forgery (CSRF) Vulnerability |