CVE List - 2025 / May
Showing 1401 - 1500 of 3984 CVEs for May 2025 (Page 15 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-37882 | 2025-05-09 | usb: xhci: Fix isochronous Ring Underrun/Overrun event handling |
| CVE-2025-37883 | 2025-05-09 | s390/sclp: Add check for get_zeroed_page() |
| CVE-2025-37884 | 2025-05-09 | bpf: Fix deadlock between rcu_tasks_trace and event_mutex. |
| CVE-2025-37885 | 2025-05-09 | KVM: x86: Reset IRTE to host control if *new* route isn't postable |
| CVE-2025-37886 | 2025-05-09 | pds_core: make wait_context part of q_info |
| CVE-2025-37887 | 2025-05-09 | pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result |
| CVE-2025-37888 | 2025-05-09 | net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() |
| CVE-2025-37889 | 2025-05-09 | ASoC: ops: Consistently treat platform_max as control value |
| CVE-2025-4469 | 2025-05-09 | SourceCodester Online Student Clearance System add-admin.php cross site scripting |
| CVE-2025-4470 | 2025-05-09 | SourceCodester Online Student Clearance System add-student.php cross site scripting |
| CVE-2025-4471 | 2025-05-09 | code-projects Jewelery Store Management system Search Item View stack-based overflow |
| CVE-2025-4472 | 2025-05-09 | code-projects Departmental Store Management System bill stack-based overflow |
| CVE-2025-3949 | 2025-05-09 | Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.18.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure |
| CVE-2025-4403 | 2025-05-09 | Drag and Drop Multiple File Upload for WooCommerce <= 1.1.6 - Unauthenticated Arbitrary File Upload via upload Function |
| CVE-2025-46392 | 2025-05-09 | Apache Commons Configuration: Uncontrolled Resource Consumption when loading untrusted configurations in 1.x |
| CVE-2025-4206 | 2025-05-09 | WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion |
| CVE-2025-3897 | 2025-05-09 | EUCookieLaw <= 2.7.2 - Unauthenticated Arbitrary File Read |
| CVE-2025-1087 | 2025-05-09 | Arbitrary Code Execution in Kong Insomnia Desktop Application |
| CVE-2025-3528 | 2025-05-09 | Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry |
| CVE-2025-4382 | 2025-05-09 | Grub2: grub allow access to encrypted device through cli once root device is unlocked via tpm |
| CVE-2024-11861 | 2025-05-09 | Command injection in EnerSys AMPA 22.09 and prior versions |
| CVE-2024-12442 | 2025-05-09 | Command injection in EnerSys AMPA versions 24.04 through 24.16, inclusive |
| CVE-2024-13944 | 2025-05-09 | Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate (Also affects Avast CleanUp and AVG TuneUp) |
| CVE-2024-13759 | 2025-05-09 | Local Privilege Escalation in Avira Prime 1.1.96.2 on Windows 10 x64 |
| CVE-2024-13959 | 2025-05-09 | Link Following Local Privilege Escalation Vulnerability in AVG TuneUp 24.2.16593.9844 |
| CVE-2024-13960 | 2025-05-09 | Link Following Local Privilege Escalation Vulnerability in AVG TuneUp Version 23.4 |
| CVE-2024-13961 | 2025-05-09 | Avast Cleanup Premium TuneupSvc Link Following Local Privilege Escalation Vulnerability |
| CVE-2024-13962 | 2025-05-09 | Link Following Local Privilege Escalation Vulnerability in Avast Cleanup Premium Version 24.2.16593.17810 |
| CVE-2024-9524 | 2025-05-09 | Privilege Escalation Vulnerability in Avira Prime Version 1.1.96.2 |
| CVE-2025-4432 | 2025-05-09 | Ring: some aes functions may panic when overflow checking is enabled in ring |
| CVE-2025-1278 | 2025-05-09 | Insufficient Granularity of Access Control in GitLab |
| CVE-2025-0549 | 2025-05-09 | Authentication Bypass Using an Alternate Path or Channel in GitLab |
| CVE-2024-8973 | 2025-05-09 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-4480 | 2025-05-09 | code-projects Simple College Management System Add New Student input stack-based overflow |
| CVE-2025-4481 | 2025-05-09 | SourceCodester Apartment Visitor Management System search-result.php sql injection |
| CVE-2025-1993 | 2025-05-09 | IBM App Connect Enterprise Certified Container information disclosure |
| CVE-2025-4482 | 2025-05-09 | Project Worlds Student Project Allocation System forgot_password_sql.php sql injection |
| CVE-2025-4483 | 2025-05-09 | itsourcecode Gym Management System view_pdetails.php sql injection |
| CVE-2025-4484 | 2025-05-09 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-4485 | 2025-05-09 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-4486 | 2025-05-09 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-4487 | 2025-05-09 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-4488 | 2025-05-09 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-4489 | 2025-05-09 | Campcodes Online Food Ordering System user-router.php sql injection |
| CVE-2025-4447 | 2025-05-09 | Buffer Overflow in Eclipse OpenJ9 |
| CVE-2025-47269 | 2025-05-09 | code-server session cookie can be extracted by having user visit specially crafted proxy URL |
| CVE-2025-4490 | 2025-05-09 | Campcodes Online Food Ordering System view-ticket-admin.php sql injection |
| CVE-2025-4491 | 2025-05-09 | Campcodes Online Food Ordering System ticket-status.php sql injection |
| CVE-2025-4492 | 2025-05-09 | Campcodes Online Food Ordering System ticket-message.php sql injection |
| CVE-2025-4494 | 2025-05-09 | JAdmin-JAVA JAdmin Admin Backend NoNeedLoginController.java toLogin improper authentication |
| CVE-2025-3794 | 2025-05-09 | WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter |
| CVE-2025-47814 | 2025-05-10 | libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause... |
| CVE-2025-47815 | 2025-05-10 | libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause... |
| CVE-2025-47816 | 2025-05-10 | libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause... |
| CVE-2025-47817 | 2025-05-10 | In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit... |
| CVE-2025-4495 | 2025-05-10 | JAdmin-JAVA JAdmin save cross site scripting |
| CVE-2025-1137 | 2025-05-10 | IBM Storage Scale command injection |
| CVE-2025-4496 | 2025-05-10 | TOTOLINK T10/A3100R/A950RG/A800R/N600R/A3000RU/A810R cstecgi.cgi CloudACMunualUpdate buffer overflow |
| CVE-2025-2944 | 2025-05-10 | Jeg Elementor Kit <= 2.6.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Button and Countdown Widgets |
| CVE-2025-4497 | 2025-05-10 | code-projects Simple Banking System Sign In buffer overflow |
| CVE-2025-2158 | 2025-05-10 | WordPress Review Plugin: The Ultimate Solution for Building a Review Website <= 5.3.5 - Authenticated (Contributor+) Local File Inclusion via Post Custom Fields |
| CVE-2025-4498 | 2025-05-10 | code-projects Simple Bus Reservation System Install Bus install stack-based overflow |
| CVE-2025-3876 | 2025-05-10 | SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function |
| CVE-2025-3878 | 2025-05-10 | SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode |
| CVE-2025-4499 | 2025-05-10 | code-projects Simple Hospital Management System Add Information add stack-based overflow |
| CVE-2025-4500 | 2025-05-10 | code-projects Hotel Management System Edit Room edit stack-based overflow |
| CVE-2025-4501 | 2025-05-10 | code-projects Album Management System Search Albums searchalbum stack-based overflow |
| CVE-2025-1752 | 2025-05-10 | Denial of Service in run-llama/llama_index |
| CVE-2025-4502 | 2025-05-10 | Campcodes Sales and Inventory System creditor_add.php sql injection |
| CVE-2025-4503 | 2025-05-10 | Campcodes Sales and Inventory System customer_update.php sql injection |
| CVE-2023-53145 | 2025-05-10 | Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition |
| CVE-2025-4504 | 2025-05-10 | SourceCodester Online College Library System index.php sql injection |
| CVE-2025-4505 | 2025-05-10 | PHPGurukul Apartment Visitors Management System category.php sql injection |
| CVE-2025-4506 | 2025-05-10 | Campcodes Online Food Ordering System menu-router.php sql injection |
| CVE-2025-4507 | 2025-05-10 | Campcodes Online Food Ordering System add-item.php sql injection |
| CVE-2025-4508 | 2025-05-10 | PHPGurukul e-Diary Management System my-profile.php sql injection |
| CVE-2025-4509 | 2025-05-10 | PHPGurukul e-Diary Management System manage-notes.php sql injection |
| CVE-2025-4510 | 2025-05-10 | Changjietong UFIDA CRM optntyday.php sql injection |
| CVE-2025-4511 | 2025-05-10 | vector4wang spring-boot-quick quick-img2txt Img2TxtController.java ResponseEntity path traversal |
| CVE-2025-4512 | 2025-05-10 | Inetum IODAS app.jsp cross site scripting |
| CVE-2025-4513 | 2025-05-10 | Catalyst User Key Authentication Plugin Logout logout.php redirect |
| CVE-2025-4514 | 2025-05-10 | Zhengzhou Jiuhua Electronic Technology mayicms javascript.php sql injection |
| CVE-2025-4515 | 2025-05-10 | Zylon PrivateGPT settings.yaml cross-domain policy |
| CVE-2025-4525 | 2025-05-10 | Discord WINSTA.dll uncontrolled search path |
| CVE-2025-47828 | 2025-05-11 | Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain... |
| CVE-2025-4526 | 2025-05-11 | Dígitro NGC Explorer Configuration Page missing password field masking |
| CVE-2025-4527 | 2025-05-11 | Dígitro NGC Explorer Password Transmission client-side enforcement of server-side security |
| CVE-2025-4528 | 2025-05-11 | Dígitro NGC Explorer session expiration |
| CVE-2025-4529 | 2025-05-11 | Seeyon Zhiyuan OA Web Application System ZIP File M3CoreController.class download path traversal |
| CVE-2025-4530 | 2025-05-11 | feng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversal |
| CVE-2025-4531 | 2025-05-11 | Seeyon Zhiyuan OA Web Application System Beetl Template EhrSalaryPayrollServiceImpl.class postData code injection |
| CVE-2025-4532 | 2025-05-11 | Shanghai Bairui Information Technology SunloginClient sunlogin_guard.exe uncontrolled search path |
| CVE-2025-4533 | 2025-05-11 | JeecgBoot Document Library Upload zip unzipFile resource consumption |
| CVE-2025-4534 | 2025-05-11 | SunGrow Logger1000 weak password |
| CVE-2025-4535 | 2025-05-11 | Gosuncn Technology Group Audio-Visual Integrated Management Platform Configuration File config.properties information disclosure |
| CVE-2025-4536 | 2025-05-11 | Gosuncn Technology Group Audio-Visual Integrated Management Platform listByPage information disclosure |
| CVE-2025-4537 | 2025-05-11 | yangzongzhuan RuoYi-Vue Password login.vue sensitive information in a cookie |
| CVE-2025-4538 | 2025-05-11 | kkFileView fileUpload unrestricted upload |
| CVE-2025-4539 | 2025-05-11 | Hainan ToDesk DLL File Parser profapi.dll uncontrolled search path |
| CVE-2025-4540 | 2025-05-11 | MTSoftware C-Lodop CLodopPrintService unquoted search path |