CVE List - 2025 / May
Showing 1301 - 1400 of 3982 CVEs for May 2025 (Page 14 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-28203 | 2025-05-09 | Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability. |
| CVE-2025-29509 | 2025-05-09 | Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening external website in the app... |
| CVE-2025-45513 | 2025-05-09 | Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter. |
| CVE-2025-45885 | 2025-05-09 | PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter 'emailcont' and use it directly in SQL... |
| CVE-2025-45887 | 2025-05-09 | Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent. |
| CVE-2025-46188 | 2025-05-09 | SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php. |
| CVE-2025-46189 | 2025-05-09 | SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter. |
| CVE-2025-46190 | 2025-05-09 | SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter. |
| CVE-2025-46191 | 2025-05-09 | Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploaded_file_cancelled field. Due to the absence of proper file... |
| CVE-2025-46192 | 2025-05-09 | SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter. |
| CVE-2025-46193 | 2025-05-09 | SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php. |
| CVE-2025-47424 | 2025-05-09 | Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated. |
| CVE-2025-47735 | 2025-05-09 | inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization. |
| CVE-2025-47736 | 2025-05-09 | dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8. |
| CVE-2025-47737 | 2025-05-09 | lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero. |
| CVE-2025-4445 | 2025-05-09 | D-Link DIR-605L wake_on_lan command injection |
| CVE-2025-4446 | 2025-05-09 | H3C GR-5400AX aspForm Edit_List_SSID buffer overflow |
| CVE-2025-4448 | 2025-05-09 | D-Link DIR-619L formEasySetupWizard buffer overflow |
| CVE-2025-4449 | 2025-05-09 | D-Link DIR-619L formEasySetupWizard3 buffer overflow |
| CVE-2025-4450 | 2025-05-09 | D-Link DIR-619L formSetEasy_Wizard buffer overflow |
| CVE-2025-4451 | 2025-05-09 | D-Link DIR-619L formSetWAN_Wizard52 buffer overflow |
| CVE-2025-4452 | 2025-05-09 | D-Link DIR-619L formSetWizard2 buffer overflow |
| CVE-2025-3810 | 2025-05-09 | WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover |
| CVE-2025-3811 | 2025-05-09 | WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update |
| CVE-2025-4453 | 2025-05-09 | D-Link DIR-619L formSysCmd command injection |
| CVE-2025-4454 | 2025-05-09 | D-Link DIR-619L wake_on_lan command injection |
| CVE-2025-4455 | 2025-05-09 | Patch My PC Home Updater System.IO uncontrolled search path |
| CVE-2025-4456 | 2025-05-09 | Project Worlds Car Rental Project signup.php sql injection |
| CVE-2025-4457 | 2025-05-09 | Project Worlds Car Rental Project approve.php sql injection |
| CVE-2025-4458 | 2025-05-09 | code-projects Patient Record Management System edit_upatient.php sql injection |
| CVE-2025-3710 | 2025-05-09 | ATEN LCD KVM over IP Switch CL5708IM - Stack-based Buffer Overflow |
| CVE-2025-3711 | 2025-05-09 | ATEN LCD KVM over IP Switch CL5708IM - Stack-based Buffer Overflow |
| CVE-2025-4459 | 2025-05-09 | code-projects Patient Record Management System fecalysis_form.php sql injection |
| CVE-2025-4460 | 2025-05-09 | TOTOLINK N150RT URL Filtering Page cross site scripting |
| CVE-2025-3712 | 2025-05-09 | ATEN LCD KVM over IP Switch CL5708IM - Heap-based Buffer Overflow |
| CVE-2025-3713 | 2025-05-09 | ATEN LCD KVM over IP Switch CL5708IM - Heap-based Buffer Overflow |
| CVE-2025-3714 | 2025-05-09 | ATEN LCD KVM over IP Switch CL5708IM - Stack-based Buffer Overflow |
| CVE-2025-4461 | 2025-05-09 | TOTOLINK N150RT Virtual Server Page cross site scripting |
| CVE-2025-4462 | 2025-05-09 | TOTOLINK N150RT formWsc buffer overflow |
| CVE-2025-4463 | 2025-05-09 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-4375 | 2025-05-09 | Cross-Site Request Forgery vulnerability in Pro Cloud Server's WebEA |
| CVE-2025-4376 | 2025-05-09 | Cross-Site Scripting vulnerability in Model Search in Pro Cloud Server's WebEA |
| CVE-2025-4377 | 2025-05-09 | Path traversal vulnerability in Sparx Pro Cloud Server WebEA webconfig in logview.php |
| CVE-2025-4464 | 2025-05-09 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-4465 | 2025-05-09 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-3462 | 2025-05-09 | "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the... |
| CVE-2025-3463 | 2025-05-09 | "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system... |
| CVE-2025-4466 | 2025-05-09 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-4467 | 2025-05-09 | SourceCodester Online Student Clearance System edit-admin.php sql injection |
| CVE-2025-4468 | 2025-05-09 | SourceCodester Online Student Clearance System edit-photo.php unrestricted upload |
| CVE-2025-37836 | 2025-05-09 | PCI: Fix reference leak in pci_register_host_bridge() |
| CVE-2025-37837 | 2025-05-09 | iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() |
| CVE-2025-37839 | 2025-05-09 | jbd2: remove wrong sb->s_sequence check |
| CVE-2025-37840 | 2025-05-09 | mtd: rawnand: brcmnand: fix PM resume warning |
| CVE-2025-37841 | 2025-05-09 | pm: cpupower: bench: Prevent NULL dereference on malloc failure |
| CVE-2025-37842 | 2025-05-09 | spi: fsl-qspi: use devm function instead of driver remove |
| CVE-2025-37843 | 2025-05-09 | PCI: pciehp: Avoid unnecessary device replacement check |
| CVE-2025-37844 | 2025-05-09 | cifs: avoid NULL pointer dereference in dbg call |
| CVE-2025-37845 | 2025-05-09 | tracing: fprobe events: Fix possible UAF on modules |
| CVE-2025-37846 | 2025-05-09 | arm64: mops: Do not dereference src reg for a set operation |
| CVE-2025-37847 | 2025-05-09 | accel/ivpu: Fix deadlock in ivpu_ms_cleanup() |
| CVE-2025-37848 | 2025-05-09 | accel/ivpu: Fix PM related deadlocks in MS IOCTLs |
| CVE-2025-37849 | 2025-05-09 | KVM: arm64: Tear down vGIC on failed vCPU creation |
| CVE-2025-37850 | 2025-05-09 | pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() |
| CVE-2025-37851 | 2025-05-09 | fbdev: omapfb: Add 'plane' value check |
| CVE-2025-37852 | 2025-05-09 | drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() |
| CVE-2025-37853 | 2025-05-09 | drm/amdkfd: debugfs hang_hws skip GPU with MES |
| CVE-2025-37854 | 2025-05-09 | drm/amdkfd: Fix mode1 reset crash issue |
| CVE-2025-37855 | 2025-05-09 | drm/amd/display: Guard Possible Null Pointer Dereference |
| CVE-2025-37856 | 2025-05-09 | btrfs: harden block_group::bg_list against list_del() races |
| CVE-2025-37857 | 2025-05-09 | scsi: st: Fix array overflow in st_setup() |
| CVE-2025-37858 | 2025-05-09 | fs/jfs: Prevent integer overflow in AG size calculation |
| CVE-2025-37859 | 2025-05-09 | page_pool: avoid infinite loop to schedule delayed worker |
| CVE-2025-37861 | 2025-05-09 | scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue |
| CVE-2025-37862 | 2025-05-09 | HID: pidff: Fix null pointer dereference in pidff_find_fields |
| CVE-2025-3605 | 2025-05-09 | Frontend Login and Registration Blocks <= 1.0.7 - Unauthenticated Privilege Escalation via Account Takeover |
| CVE-2025-2253 | 2025-05-09 | IMITHEMES Listing <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password Reset |
| CVE-2024-11617 | 2025-05-09 | Envolve Plugin <= 1.0 - Unauthenticated Arbitrary File Upload via language_file and fonts_file |
| CVE-2025-3455 | 2025-05-09 | 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-37863 | 2025-05-09 | ovl: don't allow datadir only |
| CVE-2025-37864 | 2025-05-09 | net: dsa: clean up FDB, MDB, VLAN entries on unbind |
| CVE-2025-37865 | 2025-05-09 | net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported |
| CVE-2025-37866 | 2025-05-09 | mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show() |
| CVE-2025-37867 | 2025-05-09 | RDMA/core: Silence oversized kvmalloc() warning |
| CVE-2025-37868 | 2025-05-09 | drm/xe/userptr: fix notifier vs folio deadlock |
| CVE-2025-37869 | 2025-05-09 | drm/xe: Use local fence in error path of xe_migrate_clear |
| CVE-2025-37870 | 2025-05-09 | drm/amd/display: prevent hang on link training fail |
| CVE-2025-37871 | 2025-05-09 | nfsd: decrease sc_count directly if fail to queue dl_recall |
| CVE-2025-37872 | 2025-05-09 | net: txgbe: fix memory leak in txgbe_probe() error path |
| CVE-2025-37873 | 2025-05-09 | eth: bnxt: fix missing ring index trim on error path |
| CVE-2025-37874 | 2025-05-09 | net: ngbe: fix memory leak in ngbe_probe() error path |
| CVE-2025-37875 | 2025-05-09 | igc: fix PTM cycle trigger logic |
| CVE-2025-37876 | 2025-05-09 | netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS |
| CVE-2025-37877 | 2025-05-09 | iommu: Clear iommu-dma ops on cleanup |
| CVE-2025-37878 | 2025-05-09 | perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init |
| CVE-2025-37879 | 2025-05-09 | 9p/net: fix improper handling of bogus negative read/write replies |
| CVE-2025-37880 | 2025-05-09 | um: work around sched_yield not yielding in time-travel mode |
| CVE-2025-37881 | 2025-05-09 | usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() |
| CVE-2025-37882 | 2025-05-09 | usb: xhci: Fix isochronous Ring Underrun/Overrun event handling |
| CVE-2025-37883 | 2025-05-09 | s390/sclp: Add check for get_zeroed_page() |