CVE List - 2025 / May
Showing 1101 - 1200 of 3984 CVEs for May 2025 (Page 12 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-47668 | 2025-05-07 | WordPress CookieCode <= 2.4.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47669 | 2025-05-07 | WordPress CBX Map for Google Map & OpenStreetMap <= 1.1.12 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47674 | 2025-05-07 | WordPress Credova_Financial <= 2.5.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47675 | 2025-05-07 | WordPress Woobox <= 1.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47676 | 2025-05-07 | WordPress User Login History <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47677 | 2025-05-07 | WordPress Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.25 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47679 | 2025-05-07 | WordPress RS WP Book Showcase <= 6.7.40 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47681 | 2025-05-07 | WordPress Web Accessibility with Max Access <= 2.0.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47683 | 2025-05-07 | WordPress WP Maintenance <= 6.1.9.7 - PHP Object Injection Vulnerability |
| CVE-2025-47684 | 2025-05-07 | WordPress Smaily for WP <= 3.1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47685 | 2025-05-07 | WordPress Contribuinte Checkout plugin <= 2.0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-47686 | 2025-05-07 | WordPress DELUCKS SEO <= 2.5.9 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47688 | 2025-05-07 | WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulnerability |
| CVE-2025-47691 | 2025-05-07 | WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability |
| CVE-2025-47692 | 2025-05-07 | WordPress ContentStudio <= 1.3.3 - Broken Access Control Vulnerability |
| CVE-2025-2775 | 2025-05-07 | SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection |
| CVE-2025-2776 | 2025-05-07 | SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection |
| CVE-2025-2777 | 2025-05-07 | SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection |
| CVE-2024-47619 | 2025-05-07 | tranport: TLS host name wildcard matching too lax |
| CVE-2025-46827 | 2025-05-07 | Graylog Allows Session Takeover via Insufficient HTML Sanitization |
| CVE-2025-46551 | 2025-05-07 | JRuby-OpenSSL has hostname verification disabled by default |
| CVE-2025-20210 | 2025-05-07 | Cisco Catalyst Center Unprotected API Endpoint |
| CVE-2025-20157 | 2025-05-07 | Cisco Catalyst vManage Certificate Validation Vulnerability |
| CVE-2025-20182 | 2025-05-07 | Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software and IOS XE Software IKEv2 Denial of Service Vulnerability |
| CVE-2025-20213 | 2025-05-07 | Cisco Catalyst SDWAN Manager Arbitrary File Overwrite Vulnerability |
| CVE-2025-32819 | 2025-05-07 | A vulnerability in SMA100 allows a remote authenticated attacker with... |
| CVE-2025-20122 | 2025-05-07 | Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability |
| CVE-2025-20187 | 2025-05-07 | Cisco SD-WAN Manager Software Arbitrary File Creation Vulnerability |
| CVE-2025-20191 | 2025-05-07 | Multiple Cisco Products Denial of Service Vulnerability |
| CVE-2025-20151 | 2025-05-07 | Cisco IOS and IOS XE Software SNMPv3 Configuration Restriction Vulnerability |
| CVE-2025-20154 | 2025-05-07 | Cisco IOS, IOS XE and IOS XR Software TWAMP Denial of Service Vulnerability |
| CVE-2025-20216 | 2025-05-07 | Cisco Catalyst SD-WAN Manager Reflected HTML Injection Vulnerability |
| CVE-2025-20147 | 2025-05-07 | Cisco SD-WAN vManage Stored Cross-Site Scripting Vulnerability |
| CVE-2025-32820 | 2025-05-07 | A vulnerability in SMA100 allows a remote authenticated attacker with... |
| CVE-2025-32821 | 2025-05-07 | A vulnerability in SMA100 allows a remote authenticated attacker with... |
| CVE-2025-20137 | 2025-05-07 | A vulnerability in the access control list (ACL) programming of... |
| CVE-2025-20214 | 2025-05-07 | A vulnerability in the Network Configuration Access Control Module (NACM)... |
| CVE-2025-20188 | 2025-05-07 | A vulnerability in the Out-of-Band Access Point (AP) Image Download,... |
| CVE-2025-46828 | 2025-05-07 | Unauthenticated SQL Injection on get_socios.php endpoint |
| CVE-2025-20190 | 2025-05-07 | A vulnerability in the lobby ambassador web interface of Cisco... |
| CVE-2025-20202 | 2025-05-07 | A vulnerability in Cisco IOS XE Wireless Controller Software could... |
| CVE-2025-20181 | 2025-05-07 | A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X,... |
| CVE-2025-20189 | 2025-05-07 | A vulnerability in the Cisco Express Forwarding functionality of Cisco... |
| CVE-2025-20192 | 2025-05-07 | A vulnerability in the Internet Key Exchange version 1 (IKEv1)... |
| CVE-2025-20164 | 2025-05-07 | A vulnerability in the Cisco Industrial Ethernet Switch Device Manager... |
| CVE-2025-20140 | 2025-05-07 | A vulnerability in the Wireless Network Control daemon (wncd) of... |
| CVE-2025-20155 | 2025-05-07 | A vulnerability in the bootstrap loading of Cisco IOS XE... |
| CVE-2025-20223 | 2025-05-07 | A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center,... |
| CVE-2025-20186 | 2025-05-07 | A vulnerability in the web-based management interface of the Wireless... |
| CVE-2025-46824 | 2025-05-07 | Discourse Code Review Plugin vulnerable to XSS via auto link commits |
| CVE-2025-20196 | 2025-05-07 | A vulnerability in the Cisco IOx application hosting environment of... |
| CVE-2025-20162 | 2025-05-07 | A vulnerability in the DHCP snooping security feature of Cisco... |
| CVE-2025-20221 | 2025-05-07 | A vulnerability in the packet filtering features of Cisco IOS... |
| CVE-2025-20197 | 2025-05-07 | A vulnerability in the CLI of Cisco IOS XE Software... |
| CVE-2025-20198 | 2025-05-07 | A vulnerability in the CLI of Cisco IOS XE Software... |
| CVE-2025-20199 | 2025-05-07 | A vulnerability in the CLI of Cisco IOS XE Software... |
| CVE-2025-20200 | 2025-05-07 | A vulnerability in the CLI of Cisco IOS XE Software... |
| CVE-2025-20201 | 2025-05-07 | A vulnerability in the CLI of Cisco IOS XE Software... |
| CVE-2025-20193 | 2025-05-07 | A vulnerability in the web-based management interface of Cisco IOS... |
| CVE-2025-20194 | 2025-05-07 | A vulnerability in the web-based management interface of Cisco IOS... |
| CVE-2025-20195 | 2025-05-07 | A vulnerability in the web-based management interface of Cisco IOS... |
| CVE-2025-30147 | 2025-05-07 | ALTBN128_ADD, ALTBN128_MUL, ALTBN128_PAIRING precompile functions do not check if points are on curve |
| CVE-2025-3476 | 2025-05-07 | Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability... |
| CVE-2025-3272 | 2025-05-07 | Incorrect user authorization vulnerability has been identified in Open Text Operations Bridge Manager. |
| CVE-2025-3925 | 2025-05-07 | BrightSign Players Execution with Unnecessary Privileges |
| CVE-2025-4043 | 2025-05-07 | Milesight UG65-868M-EA Improper Access Control for Volatile Memory Containing Boot Code |
| CVE-2025-31177 | 2025-05-07 | Gnuplot: gnuplot heap-buffer overflow on utf8_copy_one |
| CVE-2025-46821 | 2025-05-07 | Envoy vulnerable to bypass of RBAC uri_template permission |
| CVE-2025-46826 | 2025-05-07 | insa-auth Open-Redirect on provided CAS server login endpoint |
| CVE-2023-7303 | 2025-05-07 | q2apro q2apro-on-site-notifications q2apro-onsitenotifications-page.php process_request cross site scripting |
| CVE-2025-41399 | 2025-05-07 | SCTP Vulnerability |
| CVE-2025-36557 | 2025-05-07 | BIG-IP HTTP vulnerability |
| CVE-2025-36546 | 2025-05-07 | F5OS Appliance Mode vulnerability |
| CVE-2025-43878 | 2025-05-07 | F5OS-A/C CLI vulnerability |
| CVE-2025-46265 | 2025-05-07 | F5OS vulnerability |
| CVE-2025-41433 | 2025-05-07 | BIG-IP SIP ALG profile vulnerability |
| CVE-2025-41414 | 2025-05-07 | BIG-IP HTTP/2 vulnerability |
| CVE-2025-36504 | 2025-05-07 | BIG-IP HTTP/2 vulnerability |
| CVE-2025-36525 | 2025-05-07 | BIG-IP APM PingAccess Virtual Server Vulnerability |
| CVE-2025-35995 | 2025-05-07 | BIG-IP PEM vulnerability |
| CVE-2025-31644 | 2025-05-07 | Appliance mode BIG-IP iControl REST and tmsh vulnerability |
| CVE-2025-41431 | 2025-05-07 | TMM Vulnerability |
| CVE-2025-35939 | 2025-05-07 | Craft CMS stores user-provided content in session files |
| CVE-2025-0936 | 2025-05-07 | On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly |
| CVE-2025-32441 | 2025-05-07 | Rack session gets restored after deletion |
| CVE-2025-46727 | 2025-05-07 | Unbounded-Parameter DoS in Rack::QueryParser |
| CVE-2024-55651 | 2025-05-07 | i-Educar Stored Cross-Site Scripting vulnerability |
| CVE-2023-31585 | 2025-05-08 | Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php. |
| CVE-2023-51295 | 2025-05-08 | PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML... |
| CVE-2023-51328 | 2025-05-08 | PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored... |
| CVE-2025-26842 | 2025-05-08 | An issue was discovered in Znuny through 7.1.3. If access... |
| CVE-2025-26844 | 2025-05-08 | An issue was discovered in Znuny through 7.1.3. A cookie... |
| CVE-2025-26845 | 2025-05-08 | An Eval Injection issue was discovered in Znuny through 7.1.3.... |
| CVE-2025-26847 | 2025-05-08 | An issue was discovered in Znuny before 7.1.5. When generating... |
| CVE-2025-28073 | 2025-05-08 | phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS)... |
| CVE-2025-28074 | 2025-05-08 | phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due... |
| CVE-2025-32873 | 2025-05-08 | An issue was discovered in Django 4.2 before 4.2.21, 5.1... |
| CVE-2025-43926 | 2025-05-08 | An issue was discovered in Znuny through 6.5.14 and 7.x... |
| CVE-2025-44021 | 2025-05-08 | OpenStack Ironic before 29.0.1 can write unintended files to a... |
| CVE-2025-44023 | 2025-05-08 | An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows... |