CVE List - 2025 / May
Showing 1701 - 1800 of 3982 CVEs for May 2025 (Page 18 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-24510 | 2025-05-13 | A vulnerability has been identified in MS/TP Point Pickup Module (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same... |
| CVE-2025-26389 | 2025-05-13 | A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for... |
| CVE-2025-26390 | 2025-05-13 | A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication... |
| CVE-2025-30174 | 2025-05-13 | A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally... |
| CVE-2025-30175 | 2025-05-13 | A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally... |
| CVE-2025-30176 | 2025-05-13 | A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally... |
| CVE-2025-31929 | 2025-05-13 | A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions), IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1)... |
| CVE-2025-31930 | 2025-05-13 | A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW... |
| CVE-2025-32454 | 2025-05-13 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.14), Teamcenter Visualization V2312 (All versions < V2312.0010), Teamcenter Visualization V2406 (All versions < V2406.0008), Teamcenter Visualization V2412... |
| CVE-2025-32469 | 2025-05-13 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500... |
| CVE-2025-33024 | 2025-05-13 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500... |
| CVE-2025-33025 | 2025-05-13 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500... |
| CVE-2025-40555 | 2025-05-13 | A vulnerability has been identified in APOGEE PXC+TALON TC Series (BACnet) (All versions). Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could... |
| CVE-2025-40556 | 2025-05-13 | A vulnerability has been identified in BACnet ATEC 550-440 (All versions), BACnet ATEC 550-441 (All versions), BACnet ATEC 550-445 (All versions), BACnet ATEC 550-446 (All versions). Affected devices improperly handle... |
| CVE-2025-40566 | 2025-05-13 | A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not... |
| CVE-2025-40571 | 2025-05-13 | A vulnerability has been identified in Mendix OIDC SSO (Mendix 10 compatible) (All versions < V4.1.0), Mendix OIDC SSO (Mendix 10.12 compatible) (All versions < V4.0.1), Mendix OIDC SSO (Mendix... |
| CVE-2025-40572 | 2025-05-13 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local... |
| CVE-2025-40573 | 2025-05-13 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to... |
| CVE-2025-40574 | 2025-05-13 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local... |
| CVE-2025-40575 | 2025-05-13 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this... |
| CVE-2025-40576 | 2025-05-13 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this... |
| CVE-2025-40577 | 2025-05-13 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this... |
| CVE-2025-40578 | 2025-05-13 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly handle multiple incoming Profinet packets received in rapid succession. An unauthenticated remote attacker can... |
| CVE-2025-40579 | 2025-05-13 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker... |
| CVE-2025-40580 | 2025-05-13 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker... |
| CVE-2025-40581 | 2025-05-13 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a... |
| CVE-2025-40582 | 2025-05-13 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration parameters. This could allow a... |
| CVE-2025-40583 | 2025-05-13 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext. This could allow a... |
| CVE-2025-4648 | 2025-05-13 | A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. |
| CVE-2025-32917 | 2025-05-13 | Privilege escalation in jar_signature |
| CVE-2025-4649 | 2025-05-13 | ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. |
| CVE-2024-42446 | 2025-05-13 | TOCTOU in SmmWhea |
| CVE-2024-36340 | 2025-05-13 | A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure. |
| CVE-2024-35281 | 2025-05-13 | An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an... |
| CVE-2025-22859 | 2025-05-13 | A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write... |
| CVE-2025-32756 | 2025-05-13 | A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions... |
| CVE-2024-12533 | 2025-05-13 | Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573,... |
| CVE-2025-30159 | 2025-05-13 | Kirby vulnerable to path traversal of snippet names in the `snippet()` helper |
| CVE-2025-22460 | 2025-05-13 | Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges. |
| CVE-2025-22462 | 2025-05-13 | An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access... |
| CVE-2025-30207 | 2025-05-13 | Kirby vulnerable to path traversal in the router for PHP's built-in server |
| CVE-2025-31493 | 2025-05-13 | Path traversal of collection names during file system lookup |
| CVE-2025-46721 | 2025-05-13 | nosurf vulnerable to CSRF due to non-functional same-origin request checks |
| CVE-2025-47276 | 2025-05-13 | Actualizer Uses OpenSSL's "-passwd" Function Which Uses SHA512 Under The Hood Instead of Proper Password Hasher like Yescript/Argon2i |
| CVE-2025-4427 | 2025-05-13 | Authentication Bypass |
| CVE-2025-4428 | 2025-05-13 | Remote Code Execution |
| CVE-2025-47278 | 2025-05-13 | Flask uses fallback key instead of current signing key |
| CVE-2025-3757 | 2025-05-13 | Authentication Bypass in OpenPubKey |
| CVE-2025-4658 | 2025-05-13 | Authentication Bypass in OPKSSH |
| CVE-2025-30310 | 2025-05-13 | Dreamweaver Desktop | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843) |
| CVE-2024-21960 | 2025-05-13 | Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. |
| CVE-2024-36339 | 2025-05-13 | A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |
| CVE-2025-26684 | 2025-05-13 | Microsoft Defender Elevation of Privilege Vulnerability |
| CVE-2025-29959 | 2025-05-13 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-29960 | 2025-05-13 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-29964 | 2025-05-13 | Windows Media Remote Code Execution Vulnerability |
| CVE-2025-29966 | 2025-05-13 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2025-29967 | 2025-05-13 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2025-29968 | 2025-05-13 | Active Directory Certificate Services (AD CS) Denial of Service Vulnerability |
| CVE-2025-29969 | 2025-05-13 | MS-EVEN RPC Remote Code Execution Vulnerability |
| CVE-2025-29970 | 2025-05-13 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-29971 | 2025-05-13 | Web Threat Defense (WTD.sys) Denial of Service Vulnerability |
| CVE-2025-29973 | 2025-05-13 | Microsoft Azure File Sync Elevation of Privilege Vulnerability |
| CVE-2025-29975 | 2025-05-13 | Microsoft PC Manager Elevation of Privilege Vulnerability |
| CVE-2025-29976 | 2025-05-13 | Microsoft SharePoint Server Elevation of Privilege Vulnerability |
| CVE-2025-29977 | 2025-05-13 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-29978 | 2025-05-13 | Microsoft PowerPoint Remote Code Execution Vulnerability |
| CVE-2025-29979 | 2025-05-13 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-30375 | 2025-05-13 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-30376 | 2025-05-13 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-30377 | 2025-05-13 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-30378 | 2025-05-13 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2025-30379 | 2025-05-13 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-30381 | 2025-05-13 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-30382 | 2025-05-13 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2025-30383 | 2025-05-13 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-30384 | 2025-05-13 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2025-30386 | 2025-05-13 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-30387 | 2025-05-13 | Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability |
| CVE-2025-27468 | 2025-05-13 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2025-30393 | 2025-05-13 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-29826 | 2025-05-13 | Microsoft Dataverse Elevation of Privilege Vulnerability |
| CVE-2025-30394 | 2025-05-13 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CVE-2025-30400 | 2025-05-13 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-32701 | 2025-05-13 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-32703 | 2025-05-13 | Visual Studio Information Disclosure Vulnerability |
| CVE-2025-32706 | 2025-05-13 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-21264 | 2025-05-13 | Visual Studio Code Security Feature Bypass Vulnerability |
| CVE-2025-32709 | 2025-05-13 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-26677 | 2025-05-13 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CVE-2025-27488 | 2025-05-13 | Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability |
| CVE-2025-26685 | 2025-05-13 | Microsoft Defender for Identity Spoofing Vulnerability |
| CVE-2025-29829 | 2025-05-13 | Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability |
| CVE-2025-29830 | 2025-05-13 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-29831 | 2025-05-13 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-29832 | 2025-05-13 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-29833 | 2025-05-13 | Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability |
| CVE-2025-29835 | 2025-05-13 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2025-29836 | 2025-05-13 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-29837 | 2025-05-13 | Windows Installer Information Disclosure Vulnerability |