CVE List - 2025 / May

Showing 2101 - 2200 of 3984 CVEs for May 2025 (Page 22 of 40)

Back to List Previous Next

CVE ID	Date	Title
CVE-2025-4704	2025-05-15	PHPGurukul Vehicle Parking Management System edit-category.php sql injection
CVE-2025-3440	2025-05-15	IBM Security Guardium cross-site scripting
CVE-2025-4705	2025-05-15	PHPGurukul Vehicle Parking Management System view-incomingvehicle-detail.php sql injection
CVE-2025-30417	2025-05-15	Out of Bounds Write in Library!DecodeBase64() in NI Circuit Design Suite
CVE-2025-30418	2025-05-15	Out of Bounds Write in CheckPins() in NI Circuit Design Suite
CVE-2025-1647	2025-05-15	XSS in Bootstrap title attribute for Tooltip and Popover
CVE-2025-30419	2025-05-15	Out of Bounds Read in GetSymbolBorderRectSize() in NI Circuit Design Suite
CVE-2025-30420	2025-05-15	Out of Bounds Read in Bitmap::InternalDraw() in NI Circuit Design Suite
CVE-2025-4706	2025-05-15	projectworlds Online Examination System Procedure3b_yearwiseVisit.php sql injection
CVE-2025-30421	2025-05-15	Stack-based Buffer Overflow in DrObjectStorage::XML_Serialize() in NI Circuit Design Suite
CVE-2025-4707	2025-05-15	Campcodes Sales and Inventory System transaction_add.php sql injection
CVE-2025-4708	2025-05-15	Campcodes Sales and Inventory System sales_add.php sql injection
CVE-2025-47580	2025-05-15	WordPress Front End Users plugin <= 3.2.32 - Sensitive Data Exposure vulnerability
CVE-2025-43853	2025-05-15	iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature
CVE-2025-47279	2025-05-15	undici Denial of Service attack via bad certificate data
CVE-2025-47285	2025-05-15	Vyper's `concat()` builtin may elide side-effects for zero-length arguments
CVE-2025-4709	2025-05-15	Campcodes Sales and Inventory System transaction_del.php sql injection
CVE-2025-4710	2025-05-15	Campcodes Sales and Inventory System transaction.php sql injection
CVE-2025-47774	2025-05-15	Vyper's `slice()` may elide side-effects when output length is 0
CVE-2025-4711	2025-05-15	Campcodes Sales and Inventory System stockin_add.php sql injection
CVE-2025-32922	2025-05-15	WordPress WP2LEADS plugin <= 3.5.0 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-56006	2025-05-15	WordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerability
CVE-2024-51666	2025-05-15	WordPress Tours plugin <= 1.0.0 - Broken Access Control vulnerability
CVE-2025-4712	2025-05-15	Campcodes Sales and Inventory System account_summary.php sql injection
CVE-2025-4713	2025-05-15	Campcodes Sales and Inventory System print.php sql injection
CVE-2025-30475	2025-05-15	Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper...
CVE-2025-30476	2025-05-15	Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resource consumption...
CVE-2025-4714	2025-05-15	Campcodes Sales and Inventory System reprint.php sql injection
CVE-2025-26481	2025-05-15	Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled...
CVE-2025-47784	2025-05-15	Emlog vulnerable to Deserialization of Untrusted Data
CVE-2025-47161	2025-05-15	Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
CVE-2025-47787	2025-05-15	Emlog Pro Contains a File Upload Vulnerability
CVE-2025-47785	2025-05-15	EMLOG SQL Injection Vulnerability
CVE-2025-4715	2025-05-15	Campcodes Sales and Inventory System view_application.php sql injection
CVE-2025-4716	2025-05-15	Campcodes Sales and Inventory System credit_transaction_add.php sql injection
CVE-2025-47786	2025-05-15	Emlog vulnerable to Stored Cross-site Scripting
CVE-2025-46834	2025-05-15	Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook
CVE-2025-47788	2025-05-15	Missing Path Validation Enables Path Traversal in Controller.php
CVE-2025-47789	2025-05-15	Horilla Open Redirect Vulnerability in Login
CVE-2025-4717	2025-05-15	PHPGurukul Company Visitor Management System visitors-form.php sql injection
CVE-2024-10009	2025-05-15	Website File Changes < 2.1.0 - Admin+ Authenticated SQL Injection
CVE-2024-10054	2025-05-15	Happyforms < 1.26.3 - Admin+ Stored XSS
CVE-2024-10075	2025-05-15	Jetpack < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution
CVE-2024-10076	2025-05-15	Jetpack < 13.8, Boost < 3.4.8 - Contributor+ Stored XSS
CVE-2024-10098	2025-05-15	ApplyOnline – Application Form Builder and Manager < 2.6.3 - Unauthenticated Application File Access
CVE-2024-10107	2025-05-15	Giveaways and Contests by RafflePress < 1.12.17 - Admin+ Stored XSS
CVE-2024-10143	2025-05-15	MB Custom Post Types & Custom Taxonomies < 2.7.7 - Admin+ Stored XSS
CVE-2024-10144	2025-05-15	Photo Gallery, Images, Slider in Rbs Image Gallery < 3.2.22 - Contributor+ Stored XSS
CVE-2024-10145	2025-05-15	Hubbub Lite < 1.34.4 - Admin+ Stored XSS
CVE-2024-10149	2025-05-15	Social Slider Feed < 2.2.9 - Admin+ Stored XSS via Widgets
CVE-2024-10362	2025-05-15	Social Media Share Buttons < 2.9.0 - Admin+ Stored XSS
CVE-2024-10475	2025-05-15	Lead Form Builder < 1.9.8 - Admin+ Stored XSS
CVE-2024-10504	2025-05-15	ARForms Builder < 1.7.1 - Unauthenticated Stored XSS
CVE-2024-10631	2025-05-15	Countdown Timer <= 1.0.5 - Contributor+ Stored XSS
CVE-2024-10632	2025-05-15	Nokaut Offers Box <= 1.4.0 - Admin+ Stored XSS
CVE-2024-10634	2025-05-15	Nokaut Offers Box <= 1.4.0 - Plugin Reset via CSRF
CVE-2024-10639	2025-05-15	Auto Prune Posts < 3.0.0- Admin+ Stored XSS
CVE-2024-10677	2025-05-15	BTEV <= 2.0.2 - Settings Update via CSRF
CVE-2024-10818	2025-05-15	JSFiddle Shortcode < 1.1.3 - Contributor+ XSS via Shortcode
CVE-2024-11109	2025-05-15	WP Google Review Slider < 15.6 - Admin+ Stored XSS
CVE-2024-11140	2025-05-15	Real WP Shop Lite Ajax eCommerce Shopping Cart <= 2.0.8 - Admin+ Stored XSS
CVE-2024-11141	2025-05-15	Sailthru Triggermail < 1.1 - Subscriber+ Stored XSS
CVE-2024-11189	2025-05-15	Social Share And Social Locker – ARSocial < 1.4.2 - Admin+ Stored XSS
CVE-2024-11190	2025-05-15	jwp-a11y <= 4.1.7 - Admin+ Stored XSS
CVE-2024-11221	2025-05-15	Full Screen (Page) Background Image Slideshow <= 1.1 - Admin+ Stored XSS
CVE-2024-11266	2025-05-15	Geocache Stat Bar Widget <= 0.911 - Admin+ Stored XSS
CVE-2024-11267	2025-05-15	JSP Store Locator <= 1.0 - Contributor+ SQL Injection
CVE-2024-11269	2025-05-15	AHAthat Plugin <= 1.6 - Admin+ SQL Injection
CVE-2024-11372	2025-05-15	Connexion Logs <= 3.0.2 - Admin+ SQL Injection
CVE-2024-11373	2025-05-15	Connexion Logs <= 3.0.2 - Log Deletion via CSRF
CVE-2024-11502	2025-05-15	Planning Center Online Giving <= 1.0.0 - Contributor+ XSS via Shortcode
CVE-2024-11718	2025-05-15	tarteaucitron.js for WordPress < 0.3.0 - Author+ Stored XSS
CVE-2024-11719	2025-05-15	tarteaucitron.js for WordPress < 0.3.0 - Stored XSS via CSRF
CVE-2024-11843	2025-05-15	Panorama – WordPress Project Management Plugin <= 1.5.1 - Admin+ Stored XSS
CVE-2024-12282	2025-05-15	WordPress连接微博 <= 2.5.6 - Stored XSS via CSRF
CVE-2024-12301	2025-05-15	JSP Store Locator <= 1.0 - Deletion via Missing CSRF
CVE-2024-12679	2025-05-15	Prisna GWT < 1.4.14 - Admin+ Stored XSS
CVE-2024-12680	2025-05-15	Prisna GWT < 1.4.14 - Admin+ Stored XSS
CVE-2024-12716	2025-05-15	Simple Basic Contact Form < 20250114 - Admin+ Stored XSS
CVE-2024-12722	2025-05-15	Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Stored XSS via Shortcode
CVE-2024-12724	2025-05-15	WP DeskLite <= 1.0.0 - Reflected XSS
CVE-2024-12725	2025-05-15	Clasify Classified Listing <= 1.0.7 - Reflected XSS
CVE-2024-12726	2025-05-15	ClipArt <= 0.2 - Reflected XSS
CVE-2024-12732	2025-05-15	AffiliateImporterEb <= 1.0.6 - Reflected XSS
CVE-2024-12733	2025-05-15	AffiliateImporterEb <= 1.0.6 - Reflected XSS via Search
CVE-2024-12734	2025-05-15	Advance Post Prefix <= 1.1.1 - Reflected XSS
CVE-2024-12735	2025-05-15	Advance Post Prefix <= 1.1.1 - Admin+ SQL Injection
CVE-2024-12739	2025-05-15	Mobile Contact Bar < 3.0.5 - Admin+ Stored XSS
CVE-2024-12743	2025-05-15	MailPoet < 5.5.2 - Admin+ Stored XSS
CVE-2024-12750	2025-05-15	Competition Form <= 2.0 - Competition Deletion via CSRF
CVE-2024-12770	2025-05-15	WP ULike < 4.7.6 - Admin+ Stored XSS
CVE-2024-12800	2025-05-15	IP Based Login < 2.4.1 - Admin+ Stored XSS
CVE-2024-12808	2025-05-15	WP ERP \| Complete HR solution with recruitment < 1.13.4 - Admin+ Stored XSS
CVE-2024-12812	2025-05-15	WP ERP < 1.13.4 - Custom+ Unauthorized Access to Terminated Employee Information
CVE-2024-12873	2025-05-15	Custom Field Manager <= 1.0 - Reflected XSS Vulnerability
CVE-2024-12874	2025-05-15	Top Comments <= 1.0 - Admin+ Stored Cross-Site Scripting
CVE-2024-13053	2025-05-15	Form Maker by 10Web < 1.15.33 - Admin+ Stored XSS via Theme Title
CVE-2024-13127	2025-05-15	LearnPress – WordPress LMS Plugin < 4.2.7.5.1 - Admin+ Stored XSS
CVE-2024-13128	2025-05-15	LearnPress – WordPress LMS Plugin < 4.2.7.5.1 - Admin+ Stored XSS
CVE-2024-13313	2025-05-15	AWeber <= 7.3.20 - Admin+ Stored XSS