CVE List - 2025 / May
Showing 2301 - 2400 of 3982 CVEs for May 2025 (Page 24 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-2247 | 2025-05-15 | WP-PManager <= 1.2 - Category Deletion via CSRF |
| CVE-2025-2248 | 2025-05-15 | WP-PManager <= 1.2 - Admin+ SQL Injection |
| CVE-2023-2334 | 2025-05-15 | Easy Digital Downloads Google Sheet Connector < 1.6.6 - Access Code Update via CSRF |
| CVE-2023-5529 | 2025-05-15 | Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS |
| CVE-2023-5932 | 2025-05-15 | Travelpayouts < 1.1.14 - Reflected XSS |
| CVE-2023-5934 | 2025-05-15 | Travelpayouts < 1.1.13 - Settings Update via CSRF |
| CVE-2023-6030 | 2025-05-15 | LogDash Activity Log < 1.1.4 - Unauthenticated SQLi |
| CVE-2023-6541 | 2025-05-15 | Allow SVG < 1.2.0 - Author+ Stored XSS via SVG |
| CVE-2023-6783 | 2025-05-15 | WolfNet IDX for WordPress <= 1.19.1 - Admin+ Stored XSS |
| CVE-2023-6786 | 2025-05-15 | Payment Gateway for Telcell <= 2.0.1 - Unauthenticated Open Redirect |
| CVE-2023-7086 | 2025-05-15 | SVG Uploads Support <= 2.1.1 - Author+ Stored XSS via SVG |
| CVE-2023-7088 | 2025-05-15 | Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Author+ Stored XSS via SVG |
| CVE-2023-7168 | 2025-05-15 | Better Follow Button for Jetpack <= 8.0 - Admin+ Stored XSS |
| CVE-2023-7174 | 2025-05-15 | aBitGone CommentSafe <= 1.0.0 - Settings Update to Stored XSS via CSRF |
| CVE-2023-7195 | 2025-05-15 | WP-Reply Notify <= 1.1 - Settings Update via CSRF |
| CVE-2023-7196 | 2025-05-15 | Ultimate Noindex Nofollow Tool <= 1.1.2 - Settings Update via CSRF |
| CVE-2023-7197 | 2025-05-15 | Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF |
| CVE-2023-7228 | 2025-05-15 | illi Link Party! <= 1.0 - Unauthenticated Stored XSS |
| CVE-2023-7229 | 2025-05-15 | illi Link Party! <= 1.0 - Settings Update via CSRF |
| CVE-2023-7230 | 2025-05-15 | illi Link Party! <= 1.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-7231 | 2025-05-15 | illi Link Party! <= 1.0 - Unauthenticated Arbitrary Link Deletion |
| CVE-2023-7239 | 2025-05-15 | wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR |
| CVE-2023-7297 | 2025-05-15 | TwitterPosts <= 1.0.2 - Settings Update via CSRF |
| CVE-2024-0249 | 2025-05-15 | Advanced Schedule Posts <= 2.1.8 - Reflected XSS |
| CVE-2024-0852 | 2025-05-15 | coreActivity < 1.8.1 - Unauthenticated Stored XSS |
| CVE-2024-0970 | 2025-05-15 | User Activity Tracking and Log < 4.1.4 - IP Spoofing |
| CVE-2024-12767 | 2025-05-15 | BuddyBoss platform < 2.7.60 - Private Comment Exposure via IDOR |
| CVE-2024-1663 | 2025-05-15 | Ultimate Noindex Nofollow Tool II < 1.3.6 - Admin+ Stored XSS |
| CVE-2024-2643 | 2025-05-15 | My Sticky Bar < 2.6.8 - Admin+ Stored XSS |
| CVE-2024-2869 | 2025-05-15 | Easy Property Listings <= 3.5.3 - Admin+ Stored XSS |
| CVE-2024-3062 | 2025-05-15 | Save as PDF by Pdfcrowd < 3.2.2 - Admin+ Stored XSS |
| CVE-2024-3901 | 2025-05-15 | Genesis Blocks <= 3.1.3 - Contributor+ Stored XSS |
| CVE-2024-3996 | 2025-05-15 | Post Grid, Post Carousel, & List Category Posts < 2.4.28 - Editor+ Stored XSS |
| CVE-2024-4002 | 2025-05-15 | Carousel, Slider, Gallery by WP Carousel < 2.6.9 - Editor+ Stored XSS |
| CVE-2024-4004 | 2025-05-15 | Advanced Cron Manager < 2.5.7 - Admin+ Stored XSS |
| CVE-2024-4091 | 2025-05-15 | Responsive Gallery Grid < 2.3.15 - Admin+ Stored XSS |
| CVE-2024-4665 | 2025-05-15 | EventPrime – Events Calendar, Bookings and Tickets < 3.5.0 - Subscriber+ Arbitrary booking settings update |
| CVE-2024-6711 | 2025-05-15 | Event Tickets with Ticket Scanner < 2.3.8 - Admin+ Stored XSS |
| CVE-2024-8009 | 2025-05-15 | Sensei LMS < 4.20.0 - Teacher+ Users Email Address Disclosure |
| CVE-2025-47928 | 2025-05-15 | Spotipy repo vulnerable to secrets exfiltration via `pull_request_target` |
| CVE-2025-1138 | 2025-05-15 | IBM Information Server information disclosure |
| CVE-2025-47929 | 2025-05-15 | DumbDrop vulnerable to DOM XSS via file upload |
| CVE-2025-4718 | 2025-05-15 | Campcodes Sales and Inventory System customer_add.php sql injection |
| CVE-2025-4719 | 2025-05-15 | Campcodes Sales and Inventory System cash_transaction.php sql injection |
| CVE-2025-4720 | 2025-05-15 | SourceCodester Student Result Management System drop_student.php path traversal |
| CVE-2025-4721 | 2025-05-15 | itsourcecode Placement Management System drive.php sql injection |
| CVE-2025-47275 | 2025-05-15 | Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK |
| CVE-2025-47287 | 2025-05-15 | Tornado vulnerable to excessive logging caused by malformed multipart form data |
| CVE-2025-4722 | 2025-05-15 | itsourcecode Placement Management System edit_profile.php sql injection |
| CVE-2025-4723 | 2025-05-15 | itsourcecode Placement Management System all_student.php sql injection |
| CVE-2025-4724 | 2025-05-15 | itsourcecode Placement Management System student_profile.php sql injection |
| CVE-2025-4725 | 2025-05-15 | itsourcecode Placement Management System view_drive.php sql injection |
| CVE-2025-4726 | 2025-05-15 | itsourcecode Placement Management System view_student.php sql injection |
| CVE-2025-0921 | 2025-05-15 | Information Tampering Vulnerability in Multiple Services of GENESIS64, MC Works64, and GENESIS |
| CVE-2025-4727 | 2025-05-15 | Meteor livedata_server.js Object.assign redos |
| CVE-2025-4728 | 2025-05-15 | SourceCodester Best Online News Portal search.php sql injection |
| CVE-2025-47930 | 2025-05-15 | Zulip Server has access control bypass for restrictions on creation of specific channel types |
| CVE-2025-4729 | 2025-05-15 | TOTOLINK A3002R/A3002RU HTTP POST Request formMapDelDevice command injection |
| CVE-2024-40120 | 2025-05-16 | seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go. |
| CVE-2025-32407 | 2025-05-16 | Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites... |
| CVE-2025-47809 | 2025-05-16 | Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter... |
| CVE-2025-47916 | 2025-05-16 | Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss... |
| CVE-2025-48174 | 2025-05-16 | In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. |
| CVE-2025-48175 | 2025-05-16 | In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. |
| CVE-2025-48188 | 2025-05-16 | libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read. |
| CVE-2025-4730 | 2025-05-16 | TOTOLINK A3002R/A3002RU HTTP POST Request formMapDel buffer overflow |
| CVE-2025-4731 | 2025-05-16 | TOTOLINK A3002R/A3002RU HTTP POST Request formPortFw buffer overflow |
| CVE-2025-4732 | 2025-05-16 | TOTOLINK A3002R/A3002RU HTTP POST Request formFilter buffer overflow |
| CVE-2025-4733 | 2025-05-16 | TOTOLINK A3002R/A3002RU HTTP POST Request formIpQoS buffer overflow |
| CVE-2024-51475 | 2025-05-16 | IBM Content Navigator HTML injection |
| CVE-2025-4734 | 2025-05-16 | Campcodes Sales and Inventory System ci_update.php sql injection |
| CVE-2025-4735 | 2025-05-16 | Campcodes Sales and Inventory System product.php unrestricted upload |
| CVE-2025-4736 | 2025-05-16 | PHPGurukul Daily Expense Tracker register.php sql injection |
| CVE-2025-4739 | 2025-05-16 | projectworlds Hospital Database Management System medicines_info.php sql injection |
| CVE-2025-4169 | 2025-05-16 | Posts per Cat [Unmaintained] <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-4740 | 2025-05-16 | BeamCtrl Airiana coef deserialization |
| CVE-2025-4741 | 2025-05-16 | Campcodes Sales and Inventory System purchase_add.php sql injection |
| CVE-2025-4742 | 2025-05-16 | XU-YIJIE grpo-flat grpo_vanilla.py main deserialization |
| CVE-2025-4743 | 2025-05-16 | code-projects Employee Record System getData.php sql injection |
| CVE-2025-4744 | 2025-05-16 | code-projects Employee Record System edit_employee.php cross site scripting |
| CVE-2025-4745 | 2025-05-16 | code-projects Employee Record System current_employees.php cross site scripting |
| CVE-2025-4746 | 2025-05-16 | Campcodes Sales and Inventory System purchase_delete.php sql injection |
| CVE-2025-4759 | 2025-05-16 | Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending... |
| CVE-2025-4747 | 2025-05-16 | Bohua NetDragon Firewall ip_status.php command injection |
| CVE-2025-4749 | 2025-05-16 | D-Link DI-7003GV2 Factory Reset backup.asp sub_4983B0 denial of service |
| CVE-2025-4750 | 2025-05-16 | D-Link DI-7003GV2 Configuration get_version.data information disclosure |
| CVE-2025-3201 | 2025-05-16 | Kali Forms < 2.4.3 - Contributor+ Stored XSS |
| CVE-2025-3516 | 2025-05-16 | Simple Lightbox < 2.9.4 - Contributor+ Stored XSS |
| CVE-2025-4751 | 2025-05-16 | D-Link DI-7003GV2 index.data information disclosure |
| CVE-2025-4752 | 2025-05-16 | D-Link DI-7003GV2 install_base.data information disclosure |
| CVE-2025-1245 | 2025-05-16 | Bypass Connection Restriction Vulnerability in Hitachi Ops Center Analyzer |
| CVE-2025-1531 | 2025-05-16 | Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint OVF |
| CVE-2025-4753 | 2025-05-16 | D-Link DI-7003GV2 login.data information disclosure |
| CVE-2024-8201 | 2025-05-16 | Cross-Site WebSocket Hijacking Vulnerability in Hitachi Ops Center Analyzer |
| CVE-2025-3624 | 2025-05-16 | Missing Authorization Vulnerability in Hitachi Ops Center Analyzer |
| CVE-2025-4755 | 2025-05-16 | D-Link DI-7003GV2 netconfig.asp sub_497DE4 improper authentication |
| CVE-2024-53827 | 2025-05-16 | Ericsson Packet Core Controller (PCC) - Improper Input Validation Vulnerability |
| CVE-2025-4756 | 2025-05-16 | D-Link DI-7003GV2 restart.asp denial of service |
| CVE-2025-4757 | 2025-05-16 | PHPGurukul Beauty Parlour Management System forgot-password.php sql injection |
| CVE-2025-4758 | 2025-05-16 | PHPGurukul Beauty Parlour Management System contact.php sql injection |