CVE List - 2025 / May

Showing 2501 - 2600 of 3984 CVEs for May 2025 (Page 26 of 40)

Back to List Previous Next

CVE ID	Date	Title
CVE-2025-31640	2025-05-16	WordPress Magic Responsive Slider and Carousel WordPress <= 1.4 - SQL Injection Vulnerability
CVE-2025-31639	2025-05-16	WordPress Spare <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-31637	2025-05-16	WordPress SHOUT <= 3.5.3 - SQL Injection Vulnerability
CVE-2025-31630	2025-05-16	WordPress The Business <= 1.6.1 - Broken Access Control Vulnerability
CVE-2025-31071	2025-05-16	WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - Broken Access Control Vulnerability
CVE-2025-31068	2025-05-16	WordPress Seven Stars <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-31066	2025-05-16	WordPress Acerola <= 1.6.5 - Broken Access Control Vulnerability
CVE-2025-31065	2025-05-16	WordPress Rozario <= 1.4 - Broken Access Control Vulnerability
CVE-2025-31063	2025-05-16	WordPress Wishlist <= 2.1.0 - Broken Access Control Vulnerability
CVE-2025-31062	2025-05-16	WordPress Wishlist <= 2.1.0 - Sensitive Data Exposure Vulnerability
CVE-2025-4787	2025-05-16	SourceCodester/oretnom23 Stock Management System view_sale sql injection
CVE-2025-4788	2025-05-16	FreeFloat FTP Server DELETE Command buffer overflow
CVE-2025-4789	2025-05-16	FreeFloat FTP Server LCD Command buffer overflow
CVE-2025-4790	2025-05-16	FreeFloat FTP Server GLOB Command buffer overflow
CVE-2025-4791	2025-05-16	FreeFloat FTP Server HASH Command buffer overflow
CVE-2025-4792	2025-05-16	FreeFloat FTP Server MDELETE Command buffer overflow
CVE-2025-4476	2025-05-16	Libsoup: null pointer dereference in libsoup may lead to denial of service
CVE-2025-4793	2025-05-16	PHPGurukul Online Course Registration edit-student-profile.php sql injection
CVE-2025-4794	2025-05-16	PHPGurukul Online Course Registration news.php sql injection
CVE-2025-4795	2025-05-16	gongfuxiang schoolcms index.php SaveInfo sql injection
CVE-2025-4806	2025-05-16	SourceCodester/oretnom23 Stock Management System view_bo sql injection
CVE-2025-22233	2025-05-16	Spring Framework DataBinder Case Sensitive Match Exception
CVE-2025-4807	2025-05-16	SourceCodester Online Student Clearance System exposure of information through directory listing
CVE-2025-4802	2025-05-16	Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library...
CVE-2025-4808	2025-05-16	PHPGurukul Park Ticketing Management System add-normal-ticket.php sql injection
CVE-2025-4809	2025-05-16	Tenda AC7 setMacFilterCfg fromSafeSetMacFilter stack-based overflow
CVE-2025-4804	2025-05-16	WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Hotpot Configuration
CVE-2025-4805	2025-05-16	WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Acces Portal Configuration
CVE-2025-4810	2025-05-16	Tenda AC7 SetRebootTimer formSetRebootTimer stack-based overflow
CVE-2022-4363	2025-05-16	Wholesale Market <= 2.2.2 - Settings Update via CSRF
CVE-2025-4811	2025-05-16	CodeAstro Pharmacy Management System Login index.php sql injection
CVE-2025-4812	2025-05-16	PHPGurukul Human Metapneumovirus Testing Management System profile.php sql injection
CVE-2025-4813	2025-05-16	PHPGurukul Human Metapneumovirus Testing Management System edit-phlebotomist.php sql injection
CVE-2025-48187	2025-05-17	RAGFlow through 0.18.1 allows account takeover because it is possible...
CVE-2025-1706	2025-05-17	GPU DDK - Improper locking when accessing the pvr_exp_fence object
CVE-2024-47893	2025-05-17	GPU DDK - OOB read and write of the shared KMD/FW memory heap (VZ/TEE setups)
CVE-2025-4814	2025-05-17	Campcodes Sales and Inventory System supplier_add.php sql injection
CVE-2025-4815	2025-05-17	Campcodes Sales and Inventory System supplier_update.php sql injection
CVE-2025-4816	2025-05-17	SourceCodester Doctor's Appointment System GET Parameter appointment.php sql injection
CVE-2025-4189	2025-05-17	Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-4194	2025-05-17	AlT Monitoring <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-4817	2025-05-17	Sourcecodester Doctor's Appointment System GET Parameter delete-appointment.php sql injection
CVE-2025-4818	2025-05-17	SourceCodester Doctor's Appointment System GET Parameter delete-doctor.php sql injection
CVE-2025-4389	2025-05-17	Crawlomatic Multipage Scraper Post Generator <= 2.6.8.1 - Unauthenticated Arbitrary File Upload
CVE-2025-4391	2025-05-17	Echo RSS Feed Post Generator <= 5.4.8.1 - Unauthenticated Arbitrary File Upload
CVE-2025-3812	2025-05-17	WPBot Pro Wordpress Chatbot <= 13.6.2 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-4190	2025-05-17	CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload
CVE-2025-4819	2025-05-17	y_project RuoYi Offline Logout batchForceLogout improper authorization
CVE-2025-4610	2025-05-17	WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode
CVE-2025-4823	2025-05-17	TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formReflashClientTbl submit-url buffer overflow
CVE-2025-4824	2025-05-17	TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formWsc buffer overflow
CVE-2025-4825	2025-05-17	TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formDMZ buffer overflow
CVE-2025-4826	2025-05-17	TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formWirelessTbl buffer overflow
CVE-2025-3527	2025-05-17	EventON - WordPress Virtual Event Calendar Plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2025-3888	2025-05-17	Jupiterx Core <= 4.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Inline SVG
CVE-2025-4669	2025-05-17	Booking Calendar <= 10.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpbc Shortcode
CVE-2024-13613	2025-05-17	Wise Chat <= 3.3.3 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
CVE-2025-4101	2025-05-17	MultiVendorX – WooCommerce Multivendor Marketplace Solutions <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post Deletion
CVE-2025-4827	2025-05-17	TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formSaveConfig buffer overflow
CVE-2025-4829	2025-05-17	TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formStats sub_40BE30 buffer overflow
CVE-2025-4830	2025-05-17	TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formSysCmd buffer overflow
CVE-2025-47273	2025-05-17	setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
CVE-2025-47931	2025-05-17	LibreNMS stored Cross-site Scripting vulnerability in poller group name
CVE-2025-33103	2025-05-17	IBM i privilege escalation
CVE-2025-4831	2025-05-17	TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formSiteSurveyProfile buffer overflow
CVE-2025-4832	2025-05-17	TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formDosCfg buffer overflow
CVE-2025-4833	2025-05-17	TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formNtp buffer overflow
CVE-2025-47945	2025-05-17	Donetick Has Weak Default JWT Secret
CVE-2025-47948	2025-05-17	Cocotais Bot has builtin .echo command injection
CVE-2025-4834	2025-05-17	TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formSetLg buffer overflow
CVE-2025-4835	2025-05-17	TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formWlanRedirect buffer overflow
CVE-2025-4836	2025-05-17	Projectworlds Life Insurance Management System deleteAgent.php sql injection
CVE-2025-4837	2025-05-17	projectworlds Student Project Allocation System make_group_sql.php sql injection
CVE-2025-4918	2025-05-17	An attacker was able to perform an out-of-bounds read or...
CVE-2025-4919	2025-05-17	An attacker was able to perform an out-of-bounds read or...
CVE-2025-4838	2025-05-17	kanwangzjm Funiture Login LoginServlet.java doPost redirect
CVE-2025-4839	2025-05-17	itwanger paicoding CrossUtil.java cross-domain policy
CVE-2025-4841	2025-05-17	D-Link DCS-932L gpio sub_404780 stack-based overflow
CVE-2025-4842	2025-05-17	D-Link DCS-932L ucp isUCPCameraNameChanged stack-based overflow
CVE-2025-4843	2025-05-17	D-Link DCS-932L udev SubUPnPCSInit stack-based overflow
CVE-2025-48219	2025-05-18	O2 UK before 2025-05-19 allows subscribers to determine the Cell...
CVE-2025-4844	2025-05-18	FreeFloat FTP Server CD Command buffer overflow
CVE-2025-4845	2025-05-18	FreeFloat FTP Server TRACE Command buffer overflow
CVE-2025-4846	2025-05-18	FreeFloat FTP Server MPUT Command buffer overflow
CVE-2025-4847	2025-05-18	FreeFloat FTP Server MLS Command buffer overflow
CVE-2025-4848	2025-05-18	FreeFloat FTP Server RECV Command buffer overflow
CVE-2025-4849	2025-05-18	TOTOLINK N300RH cstecgi.cgi CloudACMunualUpdateUserdata command injection
CVE-2025-4850	2025-05-18	TOTOLINK N300RH cstecgi.cgi setUnloadUserData command injection
CVE-2025-4851	2025-05-18	TOTOLINK N300RH cstecgi.cgi setUploadUserData command injection
CVE-2025-4852	2025-05-18	TOTOLINK A3002R VPN Page cross site scripting
CVE-2025-4858	2025-05-18	D-Link DAP-2695 ARP Spoofing Prevention Page adv_arpspoofing.php cross site scripting
CVE-2025-4859	2025-05-18	D-Link DAP-2695 MAC Bypass Settings Page adv_macbypass.php cross site scripting
CVE-2025-4860	2025-05-18	D-Link DAP-2695 Static Pool Settings Page adv_dhcps.php cross site scripting
CVE-2025-3715	2025-05-18	Bold Page Builder <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter
CVE-2025-4861	2025-05-18	PHPGurukul Beauty Parlour Management System admin-profile.php sql injection
CVE-2025-4862	2025-05-18	PHPGurukul Directory Management System searchdata.php cross site scripting
CVE-2025-4863	2025-05-18	Advaya Softech GEMS ERP Portal studentLogin.action sql injection
CVE-2025-4864	2025-05-18	itsourcecode Restaurant Management System finished.php sql injection
CVE-2025-4865	2025-05-18	itsourcecode Restaurant Management System member_save.php sql injection
CVE-2025-4866	2025-05-18	weibocom rill-flow Management Console code injection