CVE List - 2025 / May
Showing 1601 - 1700 of 3982 CVEs for May 2025 (Page 17 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-24155 | 2025-05-12 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to disclose kernel... |
| CVE-2025-31204 | 2025-05-12 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing... |
| CVE-2025-30442 | 2025-05-12 | The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain elevated... |
| CVE-2025-31253 | 2025-05-12 | This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio... |
| CVE-2025-31195 | 2025-05-12 | The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox. |
| CVE-2025-31246 | 2025-05-12 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6. Connecting to a malicious AFP server may corrupt kernel memory. |
| CVE-2025-31207 | 2025-05-12 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps. |
| CVE-2025-31250 | 2025-05-12 | An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data. |
| CVE-2025-31196 | 2025-05-12 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. Processing a maliciously crafted file may lead to... |
| CVE-2025-30436 | 2025-05-12 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri... |
| CVE-2025-31227 | 2025-05-12 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to... |
| CVE-2025-24225 | 2025-05-12 | An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing. |
| CVE-2025-31226 | 2025-05-12 | A logic issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. Processing... |
| CVE-2025-31251 | 2025-05-12 | The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5,... |
| CVE-2025-30440 | 2025-05-12 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass ASLR. |
| CVE-2025-31206 | 2025-05-12 | A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS... |
| CVE-2025-31210 | 2025-05-12 | The issue was addressed with improved UI. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing web content may lead to a denial-of-service. |
| CVE-2025-31247 | 2025-05-12 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An attacker may gain access to protected... |
| CVE-2025-31221 | 2025-05-12 | An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia... |
| CVE-2025-31260 | 2025-05-12 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data. |
| CVE-2025-31237 | 2025-05-12 | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share may lead... |
| CVE-2025-24222 | 2025-05-12 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5. Processing maliciously crafted web content may lead to an unexpected process crash. |
| CVE-2025-31240 | 2025-05-12 | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share may lead... |
| CVE-2025-31217 | 2025-05-12 | The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari... |
| CVE-2025-24111 | 2025-05-12 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and... |
| CVE-2025-31256 | 2025-05-12 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes. |
| CVE-2025-31257 | 2025-05-12 | This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing... |
| CVE-2025-31241 | 2025-05-12 | A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS... |
| CVE-2025-24274 | 2025-05-12 | An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be... |
| CVE-2025-24223 | 2025-05-12 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing... |
| CVE-2025-31236 | 2025-05-12 | An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data. |
| CVE-2025-24258 | 2025-05-12 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain root... |
| CVE-2025-31220 | 2025-05-12 | A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be... |
| CVE-2025-46825 | 2025-05-12 | Kanboard has stored Cross-site Scripting vulnerability in project name |
| CVE-2023-49641 | 2025-05-12 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2024-46506 | 2025-05-13 | NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related... |
| CVE-2024-48766 | 2025-05-13 | NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the... |
| CVE-2024-56526 | 2025-05-13 | An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error. |
| CVE-2025-28055 | 2025-05-13 | upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit |
| CVE-2025-28056 | 2025-05-13 | rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component. |
| CVE-2025-28057 | 2025-05-13 | owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/admin_menus/save_order. |
| CVE-2025-44039 | 2025-05-13 | CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial... |
| CVE-2025-44831 | 2025-05-13 | EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface. |
| CVE-2025-45746 | 2025-05-13 | In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this... |
| CVE-2025-45857 | 2025-05-13 | EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function. |
| CVE-2025-45858 | 2025-05-13 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. |
| CVE-2025-45859 | 2025-05-13 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface. |
| CVE-2025-45861 | 2025-05-13 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface. |
| CVE-2025-45863 | 2025-05-13 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice interface. |
| CVE-2025-45864 | 2025-05-13 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface. |
| CVE-2025-45865 | 2025-05-13 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface. |
| CVE-2025-45866 | 2025-05-13 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface. |
| CVE-2025-45867 | 2025-05-13 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface. |
| CVE-2025-47204 | 2025-05-13 | An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale... |
| CVE-2025-47905 | 2025-05-13 | Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit... |
| CVE-2025-26662 | 2025-05-13 | Cross-Site Scripting (XSS) vulnerability in the SAP Data Services Management Console |
| CVE-2025-30009 | 2025-05-13 | Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit) |
| CVE-2025-30010 | 2025-05-13 | Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit) |
| CVE-2025-30011 | 2025-05-13 | Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit) |
| CVE-2025-30012 | 2025-05-13 | Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit) |
| CVE-2025-30018 | 2025-05-13 | Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit) |
| CVE-2025-31329 | 2025-05-13 | Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2025-42997 | 2025-05-13 | Information Disclosure vulnerability in SAP Gateway Client |
| CVE-2025-42999 | 2025-05-13 | Insecure Deserialization in SAP NetWeaver (Visual Composer development server) |
| CVE-2025-43000 | 2025-05-13 | Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW) |
| CVE-2025-43002 | 2025-05-13 | Missing Authorization check in SAP S4/HANA (OData meta-data property) |
| CVE-2025-43003 | 2025-05-13 | Information Disclosure vulnerability in SAP S/4HANA (Private Cloud & On-Premise) |
| CVE-2025-43004 | 2025-05-13 | Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard) |
| CVE-2025-43005 | 2025-05-13 | Information Disclosure vulnerability in SAP GUI for Windows |
| CVE-2025-43006 | 2025-05-13 | Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog) |
| CVE-2025-43007 | 2025-05-13 | Missing Authorization check in SAP Service Parts Management (SPM) |
| CVE-2025-43008 | 2025-05-13 | Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal |
| CVE-2025-43009 | 2025-05-13 | Missing Authorization check in SAP Service Parts Management (SPM) |
| CVE-2025-43010 | 2025-05-13 | Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL)) |
| CVE-2025-43011 | 2025-05-13 | Missing Authorization Check in SAP Landscape Transformation (PCL Basis) |
| CVE-2025-35471 | 2025-05-13 | conda-forge openssl-feedstock writable OPENSSLDIR |
| CVE-2025-4396 | 2025-05-13 | Relevanssi <= 4.24.4 (Free) and <= 2.27.4 (Premium) - Unauthenticated SQL Injection |
| CVE-2025-22249 | 2025-05-13 | VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249) |
| CVE-2025-22246 | 2025-05-13 | CVE-2025-22246 – UAA Private Key Exposure |
| CVE-2025-4632 | 2025-05-13 | Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority. |
| CVE-2025-4473 | 2025-05-13 | Frontend Dashboard 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function |
| CVE-2025-3107 | 2025-05-13 | Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter |
| CVE-2025-4317 | 2025-05-13 | TheGem <= 5.10.3 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-4339 | 2025-05-13 | TheGem <= 5.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Theme Options Update |
| CVE-2025-4474 | 2025-05-13 | Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function |
| CVE-2025-27696 | 2025-05-13 | Apache Superset: Incorrect authorization leading to resource ownership takeover |
| CVE-2025-3916 | 2025-05-13 | CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute arbitrary code while the end user opens a malicious project... |
| CVE-2025-41645 | 2025-05-13 | SMA: Sunny Portal demo system privilege escalation |
| CVE-2025-22248 | 2025-05-13 | [pgpool] Unauthenticated access to postgres through pgpool |
| CVE-2025-4646 | 2025-05-13 | A high privilege user is able to create and use a valid admin API token in centreon-web |
| CVE-2025-4647 | 2025-05-13 | A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG |
| CVE-2025-40628 | 2025-05-13 | SQL Injection in DomainsPRO |
| CVE-2024-23815 | 2025-05-13 | A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo... |
| CVE-2024-51444 | 2025-05-13 | A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an... |
| CVE-2024-51445 | 2025-05-13 | A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx... |
| CVE-2024-51446 | 2025-05-13 | A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The file upload feature of the affected application improperly sanitizes xml files. This could... |
| CVE-2024-51447 | 2025-05-13 | A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when... |
| CVE-2025-24007 | 2025-05-13 | A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak password obfuscation. An attacker with... |
| CVE-2025-24008 | 2025-05-13 | A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not encrypt data in transit. An... |
| CVE-2025-24009 | 2025-05-13 | A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not require authentication to access critical... |