CVE List - 2025 / May
Showing 3001 - 3100 of 3984 CVEs for May 2025 (Page 31 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-37969 | 2025-05-20 | iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo |
| CVE-2025-37970 | 2025-05-20 | iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo |
| CVE-2025-37971 | 2025-05-20 | staging: bcm2835-camera: Initialise dev in v4l2_dev |
| CVE-2025-37972 | 2025-05-20 | Input: mtk-pmic-keys - fix possible null pointer dereference |
| CVE-2025-37973 | 2025-05-20 | wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation |
| CVE-2025-37974 | 2025-05-20 | s390/pci: Fix missing check for zpci_create_device() error return |
| CVE-2025-37975 | 2025-05-20 | riscv: module: Fix out-of-bounds relocation access |
| CVE-2025-37976 | 2025-05-20 | wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process |
| CVE-2025-37977 | 2025-05-20 | scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set |
| CVE-2025-37978 | 2025-05-20 | block: integrity: Do not call set_page_dirty_lock() |
| CVE-2025-37979 | 2025-05-20 | ASoC: qcom: Fix sc7280 lpass potential buffer overflow |
| CVE-2025-37980 | 2025-05-20 | block: fix resource leak in blk_register_queue() error path |
| CVE-2025-37981 | 2025-05-20 | scsi: smartpqi: Use is_kdump_kernel() to check for kdump |
| CVE-2025-37982 | 2025-05-20 | wifi: wl1251: fix memory leak in wl1251_tx_work |
| CVE-2025-37983 | 2025-05-20 | qibfs: fix _another_ leak |
| CVE-2025-37984 | 2025-05-20 | crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() |
| CVE-2025-37985 | 2025-05-20 | USB: wdm: close race between wdm_open and wdm_wwan_port_stop |
| CVE-2025-37986 | 2025-05-20 | usb: typec: class: Invalidate USB device pointers on partner unregistration |
| CVE-2025-37987 | 2025-05-20 | pds_core: Prevent possible adminq overflow/stuck condition |
| CVE-2025-37988 | 2025-05-20 | fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() |
| CVE-2025-37989 | 2025-05-20 | net: phy: leds: fix memory leak |
| CVE-2025-37990 | 2025-05-20 | wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() |
| CVE-2025-37991 | 2025-05-20 | parisc: Fix double SIGFPE crash |
| CVE-2025-46724 | 2025-05-20 | Langroid has a Code Injection vulnerability in TableChatAgent |
| CVE-2025-46725 | 2025-05-20 | Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store |
| CVE-2025-47277 | 2025-05-20 | vLLM Allows Remote Code Execution via PyNcclPipe Communication Service |
| CVE-2025-48391 | 2025-05-20 | In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible... |
| CVE-2025-47850 | 2025-05-20 | In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible... |
| CVE-2025-47851 | 2025-05-20 | In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks... |
| CVE-2025-47852 | 2025-05-20 | In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration... |
| CVE-2025-47853 | 2025-05-20 | In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration... |
| CVE-2025-47854 | 2025-05-20 | In JetBrains TeamCity before 2025.03.2 open redirect was possible on... |
| CVE-2025-4364 | 2025-05-20 | Exposure of Sensitive System Information to an Unauthorized Control Sphere |
| CVE-2025-22157 | 2025-05-20 | This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in... |
| CVE-2025-47290 | 2025-05-20 | Containerd vulnerable to host filesystem access during image unpack |
| CVE-2025-4996 | 2025-05-20 | Intelbras RF 301K Add Static IP cross site scripting |
| CVE-2025-4997 | 2025-05-20 | H3C R2+ProG HTTP POST Request aspForm SetAPInfoById denial of service |
| CVE-2025-48056 | 2025-05-20 | Hubble CLI vulnerable to character injection |
| CVE-2025-4998 | 2025-05-20 | H3C Magic R200G HTTP POST Request aspForm EditWlanMacList denial of service |
| CVE-2025-4999 | 2025-05-20 | Linksys FGW3000-AH/FGW3000-HK HTTP POST Request sysconf.cgi sub_4153FC command injection |
| CVE-2025-5000 | 2025-05-20 | Linksys FGW3000-AH/FGW3000-HK HTTP POST Request sysconf.cgi control_panel_sw command injection |
| CVE-2025-5001 | 2025-05-20 | GNU PSPP pspp-convert.c calloc integer overflow |
| CVE-2025-5002 | 2025-05-20 | SourceCodester Client Database Management System user_proposal_update_order.php sql injection |
| CVE-2025-5003 | 2025-05-20 | projectworlds Online Time Table Generator semester_ajax.php sql injection |
| CVE-2025-5004 | 2025-05-20 | projectworlds Online Time Table Generator add_course.php sql injection |
| CVE-2025-5006 | 2025-05-20 | Campcodes Online Shopping Portal category.php sql injection |
| CVE-2025-5007 | 2025-05-20 | Part-DB Profile Picture Feature AttachmentSubmitHandler.php handleUpload cross site scripting |
| CVE-2025-5008 | 2025-05-20 | projectworlds Online Time Table Generator add_teacher.php sql injection |
| CVE-2025-5010 | 2025-05-20 | moonlightL hexo-boot Blog Backend index.html cross site scripting |
| CVE-2024-42922 | 2025-05-21 | AAPanel v7.0.7 was discovered to contain an OS command injection... |
| CVE-2024-56428 | 2025-05-21 | The local iLabClient database in itech iLabClient 3.7.1 allows local... |
| CVE-2024-56429 | 2025-05-21 | itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found... |
| CVE-2024-57529 | 2025-05-21 | Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows... |
| CVE-2025-25539 | 2025-05-21 | Local File Inclusion vulnerability in Vasco v3.14and before allows a... |
| CVE-2025-27558 | 2025-05-21 | IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks.... |
| CVE-2025-27997 | 2025-05-21 | An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate... |
| CVE-2025-27998 | 2025-05-21 | An issue in Valvesoftware Steam Client Steam Client 1738026274 allows... |
| CVE-2025-44040 | 2025-05-21 | An issue in OrangeHRM v.5.7 allows an attacker to escalate... |
| CVE-2025-44083 | 2025-05-21 | An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker... |
| CVE-2025-44892 | 2025-05-21 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-44895 | 2025-05-21 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-45752 | 2025-05-21 | A vulnerability in SeedDMS 6.0.32 allows an attacker with admin... |
| CVE-2025-45753 | 2025-05-21 | A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows... |
| CVE-2025-45754 | 2025-05-21 | A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32.... |
| CVE-2025-45755 | 2025-05-21 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM... |
| CVE-2025-48200 | 2025-05-21 | The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code... |
| CVE-2025-48201 | 2025-05-21 | The ns_backup extension through 13.0.0 for TYPO3 has a Predictable... |
| CVE-2025-48202 | 2025-05-21 | The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct... |
| CVE-2025-48203 | 2025-05-21 | The cs_seo extension through 9.2.0 for TYPO3 allows XSS. |
| CVE-2025-48204 | 2025-05-21 | The ns_backup extension through 13.0.0 for TYPO3 allows command injection. |
| CVE-2025-48205 | 2025-05-21 | The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct... |
| CVE-2025-48206 | 2025-05-21 | The ns_backup extension through 13.0.0 for TYPO3 allows XSS. |
| CVE-2025-48207 | 2025-05-21 | The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct... |
| CVE-2025-5011 | 2025-05-21 | moonlightL hexo-boot Dynamic List Page index.html cross site scripting |
| CVE-2025-5013 | 2025-05-21 | HkCms Search index.html cross site scripting |
| CVE-2025-4969 | 2025-05-21 | Libsoup: off-by-one out-of-bounds read in find_boundary() in soup-multipart.c |
| CVE-2025-4094 | 2025-05-21 | Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing |
| CVE-2025-4524 | 2025-05-21 | Madara – Responsive and modern WordPress theme for manga sites <= 2.2.2 - Unauthenticated Local File Inclusion |
| CVE-2025-4949 | 2025-05-21 | XXE vulnerability in Eclipse JGit |
| CVE-2021-25254 | 2025-05-21 | Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. |
| CVE-2021-25255 | 2025-05-21 | Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service. |
| CVE-2021-25262 | 2025-05-21 | Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack. |
| CVE-2019-16536 | 2025-05-21 | Stack overflow leading to DoS can be triggered by a malicious authenticated client. |
| CVE-2025-1712 | 2025-05-21 | Arbitrary file write with vcrtrace |
| CVE-2025-3781 | 2025-05-21 | Raisely Donation Form <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via raisely_donation_form Shortcode |
| CVE-2025-4803 | 2025-05-21 | Glossary by WPPedia <= 1.3.0 - Authenticated (Administrator+) PHP Object Injection |
| CVE-2025-4611 | 2025-05-21 | Slim SEO <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode |
| CVE-2025-4105 | 2025-05-21 | Splitit <= 4.2.8 - Missing Authorization to Multiple Administrative Actions |
| CVE-2025-3750 | 2025-05-21 | Network Posts Extended <= 7.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via post_height Parameter |
| CVE-2025-4217 | 2025-05-21 | WP YouTube Video Optimizer <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12561 | 2025-05-21 | Affiliate Sales in Google Analytics and other tools <= 1.4.9 - Open Redirect |
| CVE-2025-4219 | 2025-05-21 | DPEPress <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-4221 | 2025-05-21 | Animated Buttons <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-41232 | 2025-05-21 | CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods |
| CVE-2025-1415 | 2025-05-21 | Information disclosure in Proget MDM |
| CVE-2025-27803 | 2025-05-21 | Missing Authentication in eCharge Hardy Barth cPH2 / cPP2 charging stations |
| CVE-2025-27804 | 2025-05-21 | OS Command Injection Vulnerability in eCharge Hardy Barth cPH2 / cPP2 charging stations |
| CVE-2025-48413 | 2025-05-21 | Hard-coded OS root credentials in eCharge Hardy Barth cPH2 / cPP2 charging stations |
| CVE-2025-48414 | 2025-05-21 | Hard-coded web interface credentials in eCharge Hardy Barth cPH2 / cPP2 charging stations |
| CVE-2025-48415 | 2025-05-21 | Backdoor Functionality via USB Drive in eCharge Hardy Barth cPH2 / cPP2 charging stations |