CVE List - 2025 / May
Showing 2301 - 2400 of 3984 CVEs for May 2025 (Page 24 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-1303 | 2025-05-15 | Plugin Oficial – Getnet para WooCommerce <= 1.7.3 - Unauthenticated Reflected XSS |
| CVE-2025-1454 | 2025-05-15 | Ninja Pages <= 1.4.2 - Admin+ Stored XSS |
| CVE-2025-2203 | 2025-05-15 | WooCommerce Checkout & Funnel Builder by FunnelKit < 3.10.2 - Admin+ SQL Injection |
| CVE-2025-2247 | 2025-05-15 | WP-PManager <= 1.2 - Category Deletion via CSRF |
| CVE-2025-2248 | 2025-05-15 | WP-PManager <= 1.2 - Admin+ SQL Injection |
| CVE-2023-2334 | 2025-05-15 | Easy Digital Downloads Google Sheet Connector < 1.6.6 - Access Code Update via CSRF |
| CVE-2023-5529 | 2025-05-15 | Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS |
| CVE-2023-5932 | 2025-05-15 | Travelpayouts < 1.1.14 - Reflected XSS |
| CVE-2023-5934 | 2025-05-15 | Travelpayouts < 1.1.13 - Settings Update via CSRF |
| CVE-2023-6030 | 2025-05-15 | LogDash Activity Log < 1.1.4 - Unauthenticated SQLi |
| CVE-2023-6541 | 2025-05-15 | Allow SVG < 1.2.0 - Author+ Stored XSS via SVG |
| CVE-2023-6783 | 2025-05-15 | WolfNet IDX for WordPress <= 1.19.1 - Admin+ Stored XSS |
| CVE-2023-6786 | 2025-05-15 | Payment Gateway for Telcell <= 2.0.1 - Unauthenticated Open Redirect |
| CVE-2023-7086 | 2025-05-15 | SVG Uploads Support <= 2.1.1 - Author+ Stored XSS via SVG |
| CVE-2023-7088 | 2025-05-15 | Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Author+ Stored XSS via SVG |
| CVE-2023-7168 | 2025-05-15 | Better Follow Button for Jetpack <= 8.0 - Admin+ Stored XSS |
| CVE-2023-7174 | 2025-05-15 | aBitGone CommentSafe <= 1.0.0 - Settings Update to Stored XSS via CSRF |
| CVE-2023-7195 | 2025-05-15 | WP-Reply Notify <= 1.1 - Settings Update via CSRF |
| CVE-2023-7196 | 2025-05-15 | Ultimate Noindex Nofollow Tool <= 1.1.2 - Settings Update via CSRF |
| CVE-2023-7197 | 2025-05-15 | Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF |
| CVE-2023-7228 | 2025-05-15 | illi Link Party! <= 1.0 - Unauthenticated Stored XSS |
| CVE-2023-7229 | 2025-05-15 | illi Link Party! <= 1.0 - Settings Update via CSRF |
| CVE-2023-7230 | 2025-05-15 | illi Link Party! <= 1.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-7231 | 2025-05-15 | illi Link Party! <= 1.0 - Unauthenticated Arbitrary Link Deletion |
| CVE-2023-7239 | 2025-05-15 | wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR |
| CVE-2023-7297 | 2025-05-15 | TwitterPosts <= 1.0.2 - Settings Update via CSRF |
| CVE-2024-0249 | 2025-05-15 | Advanced Schedule Posts <= 2.1.8 - Reflected XSS |
| CVE-2024-0852 | 2025-05-15 | coreActivity < 1.8.1 - Unauthenticated Stored XSS |
| CVE-2024-0970 | 2025-05-15 | User Activity Tracking and Log < 4.1.4 - IP Spoofing |
| CVE-2024-12767 | 2025-05-15 | BuddyBoss platform < 2.7.60 - Private Comment Exposure via IDOR |
| CVE-2024-1663 | 2025-05-15 | Ultimate Noindex Nofollow Tool II < 1.3.6 - Admin+ Stored XSS |
| CVE-2024-2643 | 2025-05-15 | My Sticky Bar < 2.6.8 - Admin+ Stored XSS |
| CVE-2024-2869 | 2025-05-15 | Easy Property Listings <= 3.5.3 - Admin+ Stored XSS |
| CVE-2024-3062 | 2025-05-15 | Save as PDF by Pdfcrowd < 3.2.2 - Admin+ Stored XSS |
| CVE-2024-3901 | 2025-05-15 | Genesis Blocks <= 3.1.3 - Contributor+ Stored XSS |
| CVE-2024-3996 | 2025-05-15 | Post Grid, Post Carousel, & List Category Posts < 2.4.28 - Editor+ Stored XSS |
| CVE-2024-4002 | 2025-05-15 | Carousel, Slider, Gallery by WP Carousel < 2.6.9 - Editor+ Stored XSS |
| CVE-2024-4004 | 2025-05-15 | Advanced Cron Manager < 2.5.7 - Admin+ Stored XSS |
| CVE-2024-4091 | 2025-05-15 | Responsive Gallery Grid < 2.3.15 - Admin+ Stored XSS |
| CVE-2024-4665 | 2025-05-15 | EventPrime – Events Calendar, Bookings and Tickets < 3.5.0 - Subscriber+ Arbitrary booking settings update |
| CVE-2024-6711 | 2025-05-15 | Event Tickets with Ticket Scanner < 2.3.8 - Admin+ Stored XSS |
| CVE-2024-8009 | 2025-05-15 | Sensei LMS < 4.20.0 - Teacher+ Users Email Address Disclosure |
| CVE-2025-47928 | 2025-05-15 | Spotipy repo vulnerable to secrets exfiltration via `pull_request_target` |
| CVE-2025-1138 | 2025-05-15 | IBM Information Server information disclosure |
| CVE-2025-47929 | 2025-05-15 | DumbDrop vulnerable to DOM XSS via file upload |
| CVE-2025-4718 | 2025-05-15 | Campcodes Sales and Inventory System customer_add.php sql injection |
| CVE-2025-4719 | 2025-05-15 | Campcodes Sales and Inventory System cash_transaction.php sql injection |
| CVE-2025-4720 | 2025-05-15 | SourceCodester Student Result Management System drop_student.php path traversal |
| CVE-2025-4721 | 2025-05-15 | itsourcecode Placement Management System drive.php sql injection |
| CVE-2025-47275 | 2025-05-15 | Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK |
| CVE-2025-47287 | 2025-05-15 | Tornado vulnerable to excessive logging caused by malformed multipart form data |
| CVE-2025-4722 | 2025-05-15 | itsourcecode Placement Management System edit_profile.php sql injection |
| CVE-2025-4723 | 2025-05-15 | itsourcecode Placement Management System all_student.php sql injection |
| CVE-2025-4724 | 2025-05-15 | itsourcecode Placement Management System student_profile.php sql injection |
| CVE-2025-4725 | 2025-05-15 | itsourcecode Placement Management System view_drive.php sql injection |
| CVE-2025-4726 | 2025-05-15 | itsourcecode Placement Management System view_student.php sql injection |
| CVE-2025-0921 | 2025-05-15 | Information Tampering Vulnerability in Multi-agent Notification Feature of GENESIS64 and MC Works64 |
| CVE-2025-4727 | 2025-05-15 | Meteor livedata_server.js Object.assign redos |
| CVE-2025-4728 | 2025-05-15 | SourceCodester Best Online News Portal search.php sql injection |
| CVE-2025-47930 | 2025-05-15 | Zulip Server has access control bypass for restrictions on creation of specific channel types |
| CVE-2025-4729 | 2025-05-15 | TOTOLINK A3002R/A3002RU HTTP POST Request formMapDelDevice command injection |
| CVE-2024-40120 | 2025-05-16 | seaweedfs v3.68 was discovered to contain a SQL injection vulnerability... |
| CVE-2025-32407 | 2025-05-16 | Samsung Internet for Galaxy Watch version 5.0.9, available up until... |
| CVE-2025-47809 | 2025-05-16 | Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after... |
| CVE-2025-47916 | 2025-05-16 | Invision Community 5.0.0 before 5.0.7 allows remote code execution via... |
| CVE-2025-48174 | 2025-05-16 | In libavif before 1.3.0, makeRoom in stream.c has an integer... |
| CVE-2025-48175 | 2025-05-16 | In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows... |
| CVE-2025-48188 | 2025-05-16 | libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call... |
| CVE-2025-4730 | 2025-05-16 | TOTOLINK A3002R/A3002RU HTTP POST Request formMapDel buffer overflow |
| CVE-2025-4731 | 2025-05-16 | TOTOLINK A3002R/A3002RU HTTP POST Request formPortFw buffer overflow |
| CVE-2025-4732 | 2025-05-16 | TOTOLINK A3002R/A3002RU HTTP POST Request formFilter buffer overflow |
| CVE-2025-4733 | 2025-05-16 | TOTOLINK A3002R/A3002RU HTTP POST Request formIpQoS buffer overflow |
| CVE-2024-51475 | 2025-05-16 | IBM Content Navigator HTML injection |
| CVE-2025-4734 | 2025-05-16 | Campcodes Sales and Inventory System ci_update.php sql injection |
| CVE-2025-4735 | 2025-05-16 | Campcodes Sales and Inventory System product.php unrestricted upload |
| CVE-2025-4736 | 2025-05-16 | PHPGurukul Daily Expense Tracker register.php sql injection |
| CVE-2025-4739 | 2025-05-16 | projectworlds Hospital Database Management System medicines_info.php sql injection |
| CVE-2025-4169 | 2025-05-16 | Posts per Cat [Unmaintained] <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-4740 | 2025-05-16 | BeamCtrl Airiana coef deserialization |
| CVE-2025-4741 | 2025-05-16 | Campcodes Sales and Inventory System purchase_add.php sql injection |
| CVE-2025-4742 | 2025-05-16 | XU-YIJIE grpo-flat grpo_vanilla.py main deserialization |
| CVE-2025-4743 | 2025-05-16 | code-projects Employee Record System getData.php sql injection |
| CVE-2025-4744 | 2025-05-16 | code-projects Employee Record System edit_employee.php cross site scripting |
| CVE-2025-4745 | 2025-05-16 | code-projects Employee Record System current_employees.php cross site scripting |
| CVE-2025-4746 | 2025-05-16 | Campcodes Sales and Inventory System purchase_delete.php sql injection |
| CVE-2025-4759 | 2025-05-16 | Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to... |
| CVE-2025-4747 | 2025-05-16 | Bohua NetDragon Firewall ip_status.php command injection |
| CVE-2025-4749 | 2025-05-16 | D-Link DI-7003GV2 Factory Reset backup.asp sub_4983B0 denial of service |
| CVE-2025-4750 | 2025-05-16 | D-Link DI-7003GV2 Configuration get_version.data information disclosure |
| CVE-2025-3201 | 2025-05-16 | Kali Forms < 2.4.3 - Contributor+ Stored XSS |
| CVE-2025-3516 | 2025-05-16 | Simple Lightbox < 2.9.4 - Contributor+ Stored XSS |
| CVE-2025-4751 | 2025-05-16 | D-Link DI-7003GV2 index.data information disclosure |
| CVE-2025-4752 | 2025-05-16 | D-Link DI-7003GV2 install_base.data information disclosure |
| CVE-2025-1245 | 2025-05-16 | Bypass Connection Restriction Vulnerability in Hitachi Ops Center Analyzer |
| CVE-2025-1531 | 2025-05-16 | Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint OVF |
| CVE-2025-4753 | 2025-05-16 | D-Link DI-7003GV2 login.data information disclosure |
| CVE-2024-8201 | 2025-05-16 | Cross-Site WebSocket Hijacking Vulnerability in Hitachi Ops Center Analyzer |
| CVE-2025-3624 | 2025-05-16 | Missing Authorization Vulnerability in Hitachi Ops Center Analyzer |
| CVE-2025-4755 | 2025-05-16 | D-Link DI-7003GV2 netconfig.asp sub_497DE4 improper authentication |
| CVE-2024-53827 | 2025-05-16 | Ericsson Packet Core Controller (PCC) - Improper Input Validation Vulnerability |