CVE List - 2025 / May
Showing 2601 - 2700 of 3982 CVEs for May 2025 (Page 27 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-4870 | 2025-05-18 | itsourcecode Restaurant Management System menu_save.php sql injection |
| CVE-2025-4871 | 2025-05-18 | PCMan FTP Server REST Command buffer overflow |
| CVE-2025-4872 | 2025-05-18 | FreeFloat FTP Server CCC Command buffer overflow |
| CVE-2025-4873 | 2025-05-18 | PHPGurukul News Portal Login index.php sql injection |
| CVE-2025-4874 | 2025-05-18 | PHPGurukul News Portal Project contactus.php sql injection |
| CVE-2025-4875 | 2025-05-18 | Campcodes Online Shopping Portal forgot-password.php sql injection |
| CVE-2025-4880 | 2025-05-18 | PHPGurukul News Portal aboutus.php sql injection |
| CVE-2025-4881 | 2025-05-18 | itsourcecode Restaurant Management System user_save.php sql injection |
| CVE-2025-4882 | 2025-05-18 | itsourcecode Restaurant Management System team_update.php sql injection |
| CVE-2025-4883 | 2025-05-18 | D-Link DI-8100 Connection Limit Page ctxz.asp ctxz_asp stack-based overflow |
| CVE-2025-4884 | 2025-05-18 | itsourcecode Restaurant Management System assign_save.php sql injection |
| CVE-2025-4885 | 2025-05-18 | itsourcecode Sales and Inventory System product_add.php sql injection |
| CVE-2025-4886 | 2025-05-18 | itsourcecode Sales and Inventory System product_update.php sql injection |
| CVE-2025-4887 | 2025-05-18 | SourceCodester Online Student Clearance System cross-site request forgery |
| CVE-2025-4888 | 2025-05-18 | code-projects Pharmacy Management System Add Order Details take_order buffer overflow |
| CVE-2025-4889 | 2025-05-18 | code-projects Tourism Management System User Registration AddUser buffer overflow |
| CVE-2025-4890 | 2025-05-18 | code-projects Tourism Management System Login User LoginUser stack-based overflow |
| CVE-2025-4891 | 2025-05-18 | code-projects Police Station Management System Display Record source.cpp display buffer overflow |
| CVE-2025-4892 | 2025-05-18 | code-projects Police Station Management System Delete Record source.cpp remove stack-based overflow |
| CVE-2025-4893 | 2025-05-18 | jammy928 CoinExchange_CryptoExchange_Java File Upload Endpoint UploadFileUtil.java uploadLocalImage path traversal |
| CVE-2025-4894 | 2025-05-18 | calmkart Django-sso-server crypto.py gen_rsa_keys inadequate encryption |
| CVE-2025-4895 | 2025-05-18 | SourceCodester Doctors Appointment System delete-session.php sql injection |
| CVE-2025-4896 | 2025-05-18 | Tenda AC10 UserCongratulationsExec buffer overflow |
| CVE-2025-4897 | 2025-05-18 | Tenda A15 HTTP POST Request multimodalAdd buffer overflow |
| CVE-2025-4898 | 2025-05-18 | SourceCodester Student Result Management System Logo File update_system.php unlink path traversal |
| CVE-2025-4899 | 2025-05-18 | Campcodes Sales and Inventory System transaction_update.php sql injection |
| CVE-2025-4900 | 2025-05-18 | Campcodes Sales and Inventory System payment.php sql injection |
| CVE-2025-4901 | 2025-05-18 | D-Link DI-7003GV2 HTTP Endpoint state_view.data sub_41E304 information disclosure |
| CVE-2024-51106 | 2025-05-19 | A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via... |
| CVE-2024-55063 | 2025-05-19 | Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated attackers to execute arbitrary code via the (1) lang parameter to /international/keyboard/options; the (2) keyboard_layout or (3)... |
| CVE-2025-28371 | 2025-05-19 | EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit... |
| CVE-2025-30072 | 2025-05-19 | Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass by Capture-replay, leading to physical Access to the protected facilities without triggering an alarm. |
| CVE-2025-43714 | 2025-05-19 | The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern... |
| CVE-2025-44108 | 2025-05-19 | A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious... |
| CVE-2025-4902 | 2025-05-19 | D-Link DI-7003GV2 versionupdate.data sub_48F4F0 information disclosure |
| CVE-2025-4903 | 2025-05-19 | D-Link DI-7003GV2 webgl.asp sub_41F4F0 unverified password change |
| CVE-2025-4904 | 2025-05-19 | D-Link DI-7003GV2 webgl.data sub_41F0FC information disclosure |
| CVE-2025-23167 | 2025-05-19 | A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based... |
| CVE-2025-23164 | 2025-05-19 | A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share Livestream" link to maintain access to the corresponding livestream... |
| CVE-2025-23166 | 2025-05-19 | The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted... |
| CVE-2025-23123 | 2025-05-19 | A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43... |
| CVE-2025-23165 | 2025-05-19 | In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set.... |
| CVE-2025-4905 | 2025-05-19 | iop-apl-uw basestation3 QC.py load_qc_pickl deserialization |
| CVE-2025-4906 | 2025-05-19 | PHPGurukul Notice Board System login.php sql injection |
| CVE-2025-4907 | 2025-05-19 | PHPGurukul Daily Expense Tracker System forgot-password.php sql injection |
| CVE-2025-4908 | 2025-05-19 | PHPGurukul Daily Expense Tracker System expense-datewise-reports-detailed.php sql injection |
| CVE-2025-4909 | 2025-05-19 | SourceCodester Client Database Management System exposure of information through directory listing |
| CVE-2025-4910 | 2025-05-19 | PHPGurukul Zoo Management System edit-animal-details.php sql injection |
| CVE-2025-2892 | 2025-05-19 | All in One SEO Pack <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL |
| CVE-2025-4911 | 2025-05-19 | PHPGurukul Zoo Management System view-foreigner-ticket.php sql injection |
| CVE-2025-4912 | 2025-05-19 | SourceCodester Student Result Management System Image File update_student.php path traversal |
| CVE-2025-4913 | 2025-05-19 | PHPGurukul Auto Taxi Stand Management System index.php sql injection |
| CVE-2025-4477 | 2025-05-19 | TeamT5 ThreatSonar Anti-Ransomware - Privilege Escalation |
| CVE-2025-1625 | 2025-05-19 | Qi Blocks < 1.4 - Contributor+ Stored XSS via Counter Block |
| CVE-2025-1626 | 2025-05-19 | Qi Blocks < 1.4 - Contributor+ Stored XSS vi Countdown Block |
| CVE-2025-1627 | 2025-05-19 | Qi Blocks < 1.4 - Contributor+ Stored XSS via ToC Block |
| CVE-2025-2524 | 2025-05-19 | Ninja Forms < 3.10.1 - Admin+ Stored XSS |
| CVE-2025-2560 | 2025-05-19 | Ninja Forms < 3.10.1 - Admin+ Stored XSS |
| CVE-2025-2561 | 2025-05-19 | Ninja Forms < 3.10.1 - Admin+ Stored XSS |
| CVE-2025-4914 | 2025-05-19 | PHPGurukul Auto Taxi Stand Management System forgot-password.php sql injection |
| CVE-2025-4915 | 2025-05-19 | PHPGurukul Auto Taxi Stand Management System auto-taxi-entry-detail.php sql injection |
| CVE-2025-4916 | 2025-05-19 | PHPGurukul Auto Taxi Stand Management System admin-profile.php sql injection |
| CVE-2025-46801 | 2025-05-19 | Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the... |
| CVE-2025-37891 | 2025-05-19 | ALSA: ump: Fix buffer overflow at UMP SysEx message conversion |
| CVE-2025-4917 | 2025-05-19 | PHPGurukul Auto Taxi Stand Management System new-autoortaxi-entry-form.php sql injection |
| CVE-2025-47749 | 2025-05-19 | V-SFT v6.2.5.0 and earlier contains an issue with free of pointer not at start of buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck function. Opening specially crafted V7 or V8 files may lead to crash,... |
| CVE-2025-47750 | 2025-05-19 | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6MemInIF!set_temp_type_default function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. |
| CVE-2025-47751 | 2025-05-19 | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6EditData!CDataRomErrorCheck::MacroCommandCheck function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. |
| CVE-2025-47752 | 2025-05-19 | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6ComFile!MakeItemGlidZahyou function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. |
| CVE-2025-47753 | 2025-05-19 | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CDrawSLine::GetRectArea function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. |
| CVE-2025-47754 | 2025-05-19 | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!Conv_Macro_Data function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. |
| CVE-2025-47755 | 2025-05-19 | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!VS4_SaveEnvFile function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. |
| CVE-2025-47756 | 2025-05-19 | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CGamenDataRom::set_mr400_strc function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. |
| CVE-2025-47757 | 2025-05-19 | V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6MemInIF.dll!set_plc_type_default function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution. |
| CVE-2025-47758 | 2025-05-19 | V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6File!CTxSubFile::get_ProgramFile_name function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code... |
| CVE-2025-47759 | 2025-05-19 | V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code... |
| CVE-2025-47760 | 2025-05-19 | V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6MemInIF!set_temp_type_default function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code... |
| CVE-2025-4923 | 2025-05-19 | SourceCodester Client Database Management System user_delivery_update.php unrestricted upload |
| CVE-2025-41429 | 2025-05-19 | a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session. |
| CVE-2025-36560 | 2025-05-19 | Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted... |
| CVE-2025-32999 | 2025-05-19 | Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and... |
| CVE-2025-27566 | 2025-05-19 | Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature,... |
| CVE-2025-4924 | 2025-05-19 | SourceCodester Client Database Management System user_void_transaction.php sql injection |
| CVE-2025-4925 | 2025-05-19 | PHPGurukul Daily Expense Tracker System expense-monthwise-reports-detailed.php sql injection |
| CVE-2025-4926 | 2025-05-19 | PHPGurukul Car Rental Project post-avehical.php unrestricted upload |
| CVE-2025-4927 | 2025-05-19 | PHPGurukul Online Marriage Registration System between-dates-application-report.php sql injection |
| CVE-2025-4928 | 2025-05-19 | projectworlds Online Lawyer Management System save_lawyer_edit_profile.php sql injection |
| CVE-2025-4929 | 2025-05-19 | Campcodes Online Shopping Portal my-account.php sql injection |
| CVE-2025-2099 | 2025-05-19 | Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| CVE-2025-4930 | 2025-05-19 | Campcodes Online Shopping Portal my-cart.php sql injection |
| CVE-2025-4931 | 2025-05-19 | projectworlds Online Lawyer Management System user_registation.php sql injection |
| CVE-2025-4932 | 2025-05-19 | projectworlds Online Lawyer Management System lawyer_registation.php sql injection |
| CVE-2025-4933 | 2025-05-19 | ponaravindb Hospital-Management-System doctor-panel.php sql injection |
| CVE-2025-4934 | 2025-05-19 | PHPGurukul User Registration & Login and User Management System edit-profile.php sql injection |
| CVE-2025-4935 | 2025-05-19 | SourceCodester Stock Management System changePassword.php sql injection |
| CVE-2025-4936 | 2025-05-19 | projectworlds Online Food Ordering System admin-page.php sql injection |
| CVE-2025-48232 | 2025-05-19 | WordPress Xpro Addons For Beaver Builder – Lite <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48233 | 2025-05-19 | WordPress Affiliates Manager Google reCAPTCHA Integration plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48234 | 2025-05-19 | WordPress Ultimate Blocks <= 3.3.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48235 | 2025-05-19 | WordPress WP Image Mask <= 3.1.2 - Cross Site Scripting (XSS) Vulnerability |