CVE List - 2025 / May
Showing 1501 - 1600 of 3982 CVEs for May 2025 (Page 16 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-4543 | 2025-05-11 | LyLme Spage ajax_link.php sql injection |
| CVE-2025-4544 | 2025-05-11 | D-Link DI-8100 jhttpd ddos.asp stack-based overflow |
| CVE-2025-4545 | 2025-05-11 | CTCMS Content Management System File Tpl.php del path traversal |
| CVE-2025-4546 | 2025-05-11 | 1Panel-dev MaxKB Knowledge Base Module csv injection |
| CVE-2025-4547 | 2025-05-11 | SourceCodester Web-based Pharmacy Product Management System Add User Page cross site scripting |
| CVE-2025-4548 | 2025-05-11 | Campcodes Online Food Ordering System router.php sql injection |
| CVE-2025-4549 | 2025-05-11 | Campcodes Online Food Ordering System register-router.php sql injection |
| CVE-2025-4550 | 2025-05-11 | PHPGurukul Apartment Visitors Management System pass-details.php sql injection |
| CVE-2025-4551 | 2025-05-11 | ContiNew Admin file cross site scripting |
| CVE-2025-4552 | 2025-05-11 | ContiNew Admin password unverified password change |
| CVE-2023-34732 | 2025-05-12 | An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords. |
| CVE-2024-55466 | 2025-05-12 | An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2024-56523 | 2025-05-12 | Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method. |
| CVE-2024-56524 | 2025-05-12 | Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by adding a special character to the request. |
| CVE-2025-26841 | 2025-05-12 | Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload. |
| CVE-2025-26846 | 2025-05-12 | An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata. |
| CVE-2025-44022 | 2025-05-12 | An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism. |
| CVE-2025-44175 | 2025-05-12 | Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function. |
| CVE-2025-44176 | 2025-05-12 | Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function. |
| CVE-2025-44830 | 2025-05-12 | EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface. |
| CVE-2025-45779 | 2025-05-12 | Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter. |
| CVE-2025-45835 | 2025-05-12 | A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the... |
| CVE-2025-46610 | 2025-05-12 | ARTEC EMA Mail 6.92 allows CSRF. |
| CVE-2025-46611 | 2025-05-12 | Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 allows an attacker to execute arbitrary code via a crafted script. |
| CVE-2025-4553 | 2025-05-12 | PHPGurukul Apartment Visitors Management System bwdates-reports-details.php sql injection |
| CVE-2025-4554 | 2025-05-12 | PHPGurukul Apartment Visitors Management System bwdates-passreports-details.php sql injection |
| CVE-2025-4555 | 2025-05-12 | ZONG YU Okcat Parking Management Platform - Missing Authentication |
| CVE-2025-4556 | 2025-05-12 | ZONG YU Okcat Parking Management Platform - Arbitrary File Upload |
| CVE-2025-4557 | 2025-05-12 | ZONG YU Parking Management System - Missing Authentication |
| CVE-2025-4558 | 2025-05-12 | WormHole Tech GPM - Unverified Password Change |
| CVE-2025-3597 | 2025-05-12 | Firelight Lightbox < 2.3.15 - Contributor+ Stored XSS |
| CVE-2025-3649 | 2025-05-12 | LightPress Lightbox < 2.3.4 - Contributor+ Stored XSS |
| CVE-2025-4559 | 2025-05-12 | Netvision ISOinsight - SQL Injection |
| CVE-2025-4560 | 2025-05-12 | Netvision ISOinsight - Missing Authentication |
| CVE-2025-4561 | 2025-05-12 | Kinfor KFOX - Arbitrary File Upload |
| CVE-2025-3496 | 2025-05-12 | AUMA Riester: Buffer overflow in service telegram |
| CVE-2025-41393 | 2025-05-12 | Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web... |
| CVE-2025-1533 | 2025-05-12 | A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined... |
| CVE-2025-32390 | 2025-05-12 | EspoCRM vulnerable to HTML Injection into phishing, which may lead to account takeover |
| CVE-2025-46729 | 2025-05-12 | phpDVDProfiler Cross-site Scripting vulnerability |
| CVE-2025-22247 | 2025-05-12 | Insecure file handling vulnerability |
| CVE-2025-47270 | 2025-05-12 | nimiq-network-libp2p Uncontrolled Resource Consumption vulnerability |
| CVE-2025-47271 | 2025-05-12 | OZI-Project/ozi-publish Code Injection vulnerability |
| CVE-2025-40626 | 2025-05-12 | Reflected Cross-Site Scripting (XSS) in AbanteCart |
| CVE-2025-40627 | 2025-05-12 | Reflected Cross-Site Scripting (XSS) in AbanteCart |
| CVE-2025-46717 | 2025-05-12 | sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders |
| CVE-2025-46718 | 2025-05-12 | sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others |
| CVE-2025-47274 | 2025-05-12 | ToolHive stores secrets in the state store with no encryption |
| CVE-2025-47578 | 2025-05-12 | WordPress BNS Twitter Follow Button plugin <= 0.3.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46737 | 2025-05-12 | Origin Validation Error |
| CVE-2025-46738 | 2025-05-12 | Deserialization of Untrusted Data |
| CVE-2025-46739 | 2025-05-12 | Improper Restriction of Excessive Authentication Attempts |
| CVE-2025-46740 | 2025-05-12 | Improper Handling of Insufficient Permissions |
| CVE-2025-46741 | 2025-05-12 | Improper Privilege Management |
| CVE-2025-46742 | 2025-05-12 | Improper Access Control |
| CVE-2025-46744 | 2025-05-12 | Improper Privilege Management |
| CVE-2025-46745 | 2025-05-12 | Improper Privilege Management |
| CVE-2025-46746 | 2025-05-12 | Error Message Contains Sensitive Information |
| CVE-2025-46747 | 2025-05-12 | Exposure of Sensitive System Information |
| CVE-2025-46748 | 2025-05-12 | Unverified Password Change |
| CVE-2025-46749 | 2025-05-12 | Improper Neutralization of Input |
| CVE-2025-46750 | 2025-05-12 | Authentication Bypass |
| CVE-2025-46743 | 2025-05-12 | Cross-Site Request Forgery |
| CVE-2025-3632 | 2025-05-12 | IBM 4769 Developers Toolkit denial of service |
| CVE-2025-47682 | 2025-05-12 | WordPress SMS Alert Order Notifications – WooCommerce <= 3.8.2 - SQL Injection Vulnerability |
| CVE-2024-4981 | 2025-05-12 | Pagure: _update_file_in_git() follows symbolic links in temporary clones |
| CVE-2024-4982 | 2025-05-12 | Pagure: path traversal in view_issue_raw_file() |
| CVE-2025-1079 | 2025-05-12 | RCE In Google Web Designer |
| CVE-2025-3659 | 2025-05-12 | Improper authentication handling for Digi PortServer TS; Digi One SP, SP IA, IA; Digi One IAP |
| CVE-2025-31258 | 2025-05-12 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox. |
| CVE-2025-31219 | 2025-05-12 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5,... |
| CVE-2025-24220 | 2025-05-12 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4. An app may be able to read a persistent device identifier. |
| CVE-2025-31235 | 2025-05-12 | A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be... |
| CVE-2025-31223 | 2025-05-12 | The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously... |
| CVE-2025-24144 | 2025-05-12 | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Ventura... |
| CVE-2025-31215 | 2025-05-12 | The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5.... |
| CVE-2025-30453 | 2025-05-12 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. A malicious app may be able to gain... |
| CVE-2025-31242 | 2025-05-12 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An... |
| CVE-2025-31239 | 2025-05-12 | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia... |
| CVE-2025-31238 | 2025-05-12 | The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously... |
| CVE-2025-31214 | 2025-05-12 | This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept... |
| CVE-2025-31222 | 2025-05-12 | A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5,... |
| CVE-2025-31234 | 2025-05-12 | The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able... |
| CVE-2025-31218 | 2025-05-12 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to observe the hostnames of new network connections. |
| CVE-2025-30448 | 2025-05-12 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia... |
| CVE-2025-31259 | 2025-05-12 | The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.5. An app may be able to gain elevated privileges. |
| CVE-2025-31205 | 2025-05-12 | The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious... |
| CVE-2025-24142 | 2025-05-12 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may... |
| CVE-2025-31213 | 2025-05-12 | A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able... |
| CVE-2025-31244 | 2025-05-12 | A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox. |
| CVE-2025-31209 | 2025-05-12 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia... |
| CVE-2025-31233 | 2025-05-12 | The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5,... |
| CVE-2025-31225 | 2025-05-12 | A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search... |
| CVE-2025-31224 | 2025-05-12 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass certain... |
| CVE-2025-31232 | 2025-05-12 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A sandboxed app may be able to access... |
| CVE-2025-31249 | 2025-05-12 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data. |
| CVE-2025-31208 | 2025-05-12 | The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS... |
| CVE-2025-31228 | 2025-05-12 | The issue was addressed with improved authentication. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able... |
| CVE-2025-31245 | 2025-05-12 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS... |
| CVE-2025-31212 | 2025-05-12 | This issue was addressed through improved state management. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. An app may... |