CVE List - 2025 / May
Showing 1901 - 2000 of 3982 CVEs for May 2025 (Page 20 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-20100 | 2025-05-13 | Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2025-20101 | 2025-05-13 | Out-of-bounds read for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable information disclosure or denial of service via local access. |
| CVE-2025-20103 | 2025-05-13 | Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2025-20104 | 2025-05-13 | Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2025-20108 | 2025-05-13 | Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2025-20611 | 2025-05-13 | Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via local... |
| CVE-2025-20612 | 2025-05-13 | Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2025-20616 | 2025-05-13 | Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2025-20618 | 2025-05-13 | Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2025-20623 | 2025-05-13 | Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an authenticated user to potentially enable information... |
| CVE-2025-20624 | 2025-05-13 | Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent... |
| CVE-2025-20629 | 2025-05-13 | Insecure inherited permissions in the NVM Update Utility for some Intel(R) Ethernet Network Adapter E810 Series before version 4.60 may allow an authenticated user to potentially enable escalation of privilege... |
| CVE-2025-21081 | 2025-05-13 | Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2025-21094 | 2025-05-13 | Improper input validation in the UEFI firmware DXE module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable escalation of privilege via local... |
| CVE-2025-21099 | 2025-05-13 | Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2025-21100 | 2025-05-13 | Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2025-22446 | 2025-05-13 | Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2025-22448 | 2025-05-13 | Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2025-22843 | 2025-05-13 | Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2025-22844 | 2025-05-13 | Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access. |
| CVE-2025-22848 | 2025-05-13 | Improper conditions check for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. |
| CVE-2025-22892 | 2025-05-13 | Uncontrolled resource consumption for some OpenVINO™ model server software maintained by Intel(R) before version 2024.4 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| CVE-2025-22895 | 2025-05-13 | Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via local... |
| CVE-2025-23233 | 2025-05-13 | Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2025-24308 | 2025-05-13 | Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2025-24495 | 2025-05-13 | Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2024-28036 | 2025-05-13 | Improper conditions check for some Intel(R) Arc™ GPU may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-28954 | 2025-05-13 | Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-28956 | 2025-05-13 | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2024-29222 | 2025-05-13 | Out-of-bounds write for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-31073 | 2025-05-13 | Uncontrolled search path for some Intel(R) oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-31150 | 2025-05-13 | Out-of-bounds read for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2024-36292 | 2025-05-13 | Improper buffer restrictions for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local... |
| CVE-2024-39758 | 2025-05-13 | Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 31.0.101.4032 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-39833 | 2025-05-13 | Uncontrolled search path for some Intel(R) QAT software before version 2.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-43101 | 2025-05-13 | Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via... |
| CVE-2024-43420 | 2025-05-13 | Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via... |
| CVE-2024-45332 | 2025-05-13 | Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially... |
| CVE-2024-45333 | 2025-05-13 | Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local... |
| CVE-2024-45371 | 2025-05-13 | Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6077 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-46895 | 2025-05-13 | Uncontrolled search path for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-47550 | 2025-05-13 | Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-47795 | 2025-05-13 | Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-47800 | 2025-05-13 | Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-48869 | 2025-05-13 | Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guard Extensions (Intel(R)... |
| CVE-2025-26646 | 2025-05-13 | .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability |
| CVE-2025-4574 | 2025-05-13 | Crossbeam-channel: crossbeam-channel vulnerable to double free on drop |
| CVE-2024-45516 | 2025-05-14 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. A Cross-Site Scripting (XSS) vulnerability in the... |
| CVE-2024-54779 | 2025-05-14 | Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross Site Scripting (XSS) in widgets/log.widget.php. |
| CVE-2024-54780 | 2025-05-14 | Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the... |
| CVE-2024-55569 | 2025-05-14 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123,... |
| CVE-2024-56427 | 2025-05-14 | An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem... |
| CVE-2024-57096 | 2025-05-14 | An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file. |
| CVE-2024-57273 | 2025-05-14 | Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute... |
| CVE-2024-58101 | 2025-05-14 | Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover... |
| CVE-2025-25370 | 2025-05-14 | An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function. |
| CVE-2025-26783 | 2025-05-14 | An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, W1000, Modem 5300, and Modem 5400. Incorrect handling... |
| CVE-2025-26784 | 2025-05-14 | An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem... |
| CVE-2025-26785 | 2025-05-14 | An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem... |
| CVE-2025-27891 | 2025-05-14 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem... |
| CVE-2025-29686 | 2025-05-14 | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java. |
| CVE-2025-29688 | 2025-05-14 | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java. |
| CVE-2025-29689 | 2025-05-14 | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java. |
| CVE-2025-29690 | 2025-05-14 | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java. |
| CVE-2025-29691 | 2025-05-14 | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java. |
| CVE-2025-32363 | 2025-05-14 | mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data. |
| CVE-2025-44024 | 2025-05-14 | Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can... |
| CVE-2025-44184 | 2025-05-14 | SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and address parameters. |
| CVE-2025-44186 | 2025-05-14 | SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/Operation/User.php page. |
| CVE-2025-44879 | 2025-05-14 | WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the component /www/cgi-bin/upload.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| CVE-2025-3623 | 2025-05-14 | Uncanny Automator <= 6.4.0.1 - Unauthenticated PHP Object Injection in automator_api_decode_message Function |
| CVE-2025-4520 | 2025-05-14 | Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update |
| CVE-2024-52290 | 2025-05-14 | Stored XSS in Configuration Key Functionality |
| CVE-2024-13940 | 2025-05-14 | Ninja Forms Webhooks <= 3.0.7 - Authenticated (Admin+) Server-Side Request Forgery via Form Webhook |
| CVE-2024-8988 | 2025-05-14 | PeepSo Core: File Uploads <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_download |
| CVE-2025-2875 | 2025-05-14 | CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to access resources. |
| CVE-2025-4430 | 2025-05-14 | Unauthorized file manipulation in EZD RP |
| CVE-2024-24780 | 2025-05-14 | Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function |
| CVE-2025-26795 | 2025-05-14 | Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver |
| CVE-2025-26864 | 2025-05-14 | Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication |
| CVE-2025-47292 | 2025-05-14 | Cap Collectif vulnerable to insecure deserialization leading to remote code execution |
| CVE-2025-3833 | 2025-05-14 | SQL Injection |
| CVE-2025-3834 | 2025-05-14 | SQL Injection |
| CVE-2025-3769 | 2025-05-14 | Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference |
| CVE-2025-47445 | 2025-05-14 | WordPress Eventin <= 4.0.26 - Arbitrary File Download Vulnerability |
| CVE-2025-3931 | 2025-05-14 | Yggdrasil: local privilege escalation in yggdrasil |
| CVE-2023-53146 | 2025-05-14 | media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() |
| CVE-2025-47436 | 2025-05-14 | Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression |
| CVE-2025-3600 | 2025-05-14 | Unsafe Reflection Vulnerability in Telerik UI for ASP.NET AJAX |
| CVE-2024-10864 | 2025-05-14 | SQL Injection vulnerability has been discovered in OpenText™ Advanced Authentication. |
| CVE-2024-10865 | 2025-05-14 | Reflected Cross-Site Scripting vulnerability in OpenText Advanced Authentication |
| CVE-2024-52601 | 2025-05-14 | iTop portal Insecure Direct Object Reference vulnerability |
| CVE-2024-56157 | 2025-05-14 | iTop vulnerable to Self XSS in CSV Import |
| CVE-2025-24021 | 2025-05-14 | iTop doesn't have mass assignment of fields in the portal form |
| CVE-2025-24022 | 2025-05-14 | iTop server vulnerable to portal code injection |
| CVE-2025-24026 | 2025-05-14 | iTop Inefficient Regular Expression Complexity vulnerability |
| CVE-2025-24785 | 2025-05-14 | iTop dashboard vulnerable to denial of service |
| CVE-2025-24969 | 2025-05-14 | iTop portal user can see any other contact's picture |
| CVE-2025-47775 | 2025-05-14 | Bullfrog's DNS over TCP bypasses domain filtering |
| CVE-2025-47777 | 2025-05-14 | 5ire Client Vulnerable to Cross-Site Scripting (XSS) and Remote Code Execution (RCE) |