CVE List - 2025 / May
Showing 3101 - 3200 of 3982 CVEs for May 2025 (Page 32 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-1417 | 2025-05-21 | Information disclosure in Proget MDM |
| CVE-2025-1418 | 2025-05-21 | Information disclosure in Proget MDM |
| CVE-2025-1419 | 2025-05-21 | XSS in Proget MDM |
| CVE-2025-1420 | 2025-05-21 | XSS in Proget MDM |
| CVE-2025-1421 | 2025-05-21 | Formula injection in a CSV file in Proget MDM |
| CVE-2025-5029 | 2025-05-21 | Kingdee Cloud Galaxy Private Cloud BBC System File deleteFileAction.jhtml path traversal |
| CVE-2024-23337 | 2025-05-21 | jq has signed integer overflow in jv.c:jvp_array_write |
| CVE-2025-4008 | 2025-05-21 | Arbitrary Command Injection in Smartbedded MeteoBridge |
| CVE-2025-20112 | 2025-05-21 | Cisco Unified Communications Products Privilege Escalation Vulnerability |
| CVE-2025-20152 | 2025-05-21 | ISE restart |
| CVE-2025-20114 | 2025-05-21 | Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability |
| CVE-2025-20113 | 2025-05-21 | Cisco Unified Intelligence Center Privilege Escalation Vulnerability |
| CVE-2025-20256 | 2025-05-21 | Cisco Secure Network Analytics Manager Server-Side Template Injection Vulnerability |
| CVE-2025-20257 | 2025-05-21 | Cisco Secure Network Analytics API Authorization Vulnerability |
| CVE-2025-20267 | 2025-05-21 | Cisco Identity Services Stored Cross-Site Scripting Vulnerability |
| CVE-2025-4415 | 2025-05-21 | Piwik PRO - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-058 |
| CVE-2025-4416 | 2025-05-21 | Events Log Track - Moderately critical - Denial of Service - SA-CONTRIB-2025-059 |
| CVE-2025-48009 | 2025-05-21 | Single Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060 |
| CVE-2025-48010 | 2025-05-21 | One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-061 |
| CVE-2025-48011 | 2025-05-21 | One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-062 |
| CVE-2025-48012 | 2025-05-21 | One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-063 |
| CVE-2025-5030 | 2025-05-21 | Ackites KillWxapkg wxapkg File Parser unpack.go processFile os command injection |
| CVE-2025-20242 | 2025-05-21 | A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This... |
| CVE-2025-20255 | 2025-05-21 | A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due... |
| CVE-2025-20258 | 2025-05-21 | A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is... |
| CVE-2025-20246 | 2025-05-21 | A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker... |
| CVE-2025-20247 | 2025-05-21 | A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker... |
| CVE-2025-20250 | 2025-05-21 | A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker... |
| CVE-2025-5031 | 2025-05-21 | Ackites KillWxapkg wxapkg File Decompression resource consumption |
| CVE-2025-5032 | 2025-05-21 | Campcodes Online Shopping Portal edit-category.php sql injection |
| CVE-2025-0372 | 2025-05-21 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1. |
| CVE-2025-5020 | 2025-05-21 | Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox... |
| CVE-2025-2102 | 2025-05-21 | Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1. |
| CVE-2025-46822 | 2025-05-21 | Unauthenticated Arbitrary File Read via Absolute Path |
| CVE-2025-47291 | 2025-05-21 | containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods. |
| CVE-2025-5033 | 2025-05-21 | XiaoBingby TeaCMS addUser cross-site request forgery |
| CVE-2025-48060 | 2025-05-21 | AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt) |
| CVE-2025-48063 | 2025-05-21 | XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right |
| CVE-2025-48064 | 2025-05-21 | GitHub Desktop vulnerable to maliciously crafted file renames leading to information disclosure |
| CVE-2025-48069 | 2025-05-21 | ejson2env has insufficient input sanitization |
| CVE-2025-3751 | 2025-05-21 | TIBCO ActiveMatrix BusinessWorks SQL Injection Vulnerability |
| CVE-2025-2261 | 2025-05-21 | TIBCO BPM Enterprise XSS Vulnerability |
| CVE-2025-5049 | 2025-05-21 | FreeFloat FTP Server APPEND Command buffer overflow |
| CVE-2025-5050 | 2025-05-21 | FreeFloat FTP Server BELL Command buffer overflow |
| CVE-2025-46412 | 2025-05-21 | Vertiv Liebert RDU101 and UNITY Authentication Bypass Using an Alternate Path or Channel |
| CVE-2025-41426 | 2025-05-21 | Vertiv Liebert RDU101 and UNITY Stack-based Buffer Overflow |
| CVE-2025-36535 | 2025-05-21 | AutomationDirect MB-Gateway Missing Authentication for Critical Function |
| CVE-2025-5051 | 2025-05-21 | FreeFloat FTP Server BINARY Command buffer overflow |
| CVE-2025-5052 | 2025-05-21 | FreeFloat FTP Server LS Command buffer overflow |
| CVE-2025-5053 | 2025-05-21 | FreeFloat FTP Server MDIR Command buffer overflow |
| CVE-2025-47942 | 2025-05-21 | Learners on edX Platform can download python_lib.zip |
| CVE-2025-34027 | 2025-05-21 | Versa Concerto Authentication Bypass File Write Remote Code Execution |
| CVE-2025-5056 | 2025-05-21 | Campcodes Online Shopping Portal edit-products.php sql injection |
| CVE-2025-5057 | 2025-05-21 | Campcodes Online Shopping Portal insert-product.php sql injection |
| CVE-2025-34026 | 2025-05-21 | Versa Concerto Actuator Authentication Bypass Information Leak |
| CVE-2025-47947 | 2025-05-21 | ModSecurity Has Possible DoS Vulnerability |
| CVE-2025-48070 | 2025-05-21 | Plane has insecure permissions in UserSerializer |
| CVE-2025-34025 | 2025-05-21 | Versa Concerto Insecure Docker Mount Container Escape |
| CVE-2025-5059 | 2025-05-21 | Campcodes Online Shopping Portal edit-subcategory.php unrestricted upload |
| CVE-2023-47466 | 2025-05-22 | TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk. |
| CVE-2024-40458 | 2025-05-22 | An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets. |
| CVE-2024-40459 | 2025-05-22 | An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function |
| CVE-2024-40460 | 2025-05-22 | An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE |
| CVE-2024-40461 | 2025-05-22 | An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component |
| CVE-2024-40462 | 2025-05-22 | An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component |
| CVE-2024-41195 | 2025-05-22 | An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. |
| CVE-2024-41196 | 2025-05-22 | An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. |
| CVE-2024-41197 | 2025-05-22 | An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. |
| CVE-2024-41198 | 2025-05-22 | An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. |
| CVE-2024-41199 | 2025-05-22 | An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. |
| CVE-2024-52874 | 2025-05-22 | In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks. |
| CVE-2024-54188 | 2025-05-22 | Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access. |
| CVE-2025-32813 | 2025-05-22 | An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur. |
| CVE-2025-32814 | 2025-05-22 | An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur. |
| CVE-2025-32815 | 2025-05-22 | An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur. |
| CVE-2025-45468 | 2025-05-22 | Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account. |
| CVE-2025-45471 | 2025-05-22 | Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account. |
| CVE-2025-45472 | 2025-05-22 | Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account. |
| CVE-2025-3887 | 2025-05-22 | GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-3881 | 2025-05-22 | eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability |
| CVE-2025-3882 | 2025-05-22 | eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability |
| CVE-2025-3883 | 2025-05-22 | eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability |
| CVE-2025-3884 | 2025-05-22 | Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability |
| CVE-2025-3885 | 2025-05-22 | Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability |
| CVE-2025-3484 | 2025-05-22 | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-3483 | 2025-05-22 | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-3482 | 2025-05-22 | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-3481 | 2025-05-22 | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-3480 | 2025-05-22 | MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability |
| CVE-2025-3486 | 2025-05-22 | Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability |
| CVE-2025-2759 | 2025-05-22 | GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability |
| CVE-2025-5062 | 2025-05-22 | WooCommerce <= 9.4.2 - PostMessage-Based Cross-Site Scripting |
| CVE-2025-4133 | 2025-05-22 | Blog2Social: Social Media Auto Post & Scheduler < 8.4.0 - Contributor+ Stored XSS |
| CVE-2025-4123 | 2025-05-22 | A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a... |
| CVE-2024-9544 | 2025-05-22 | MapSVG - All Kinds of Maps and Store Locator for WordPress <= 8.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-4405 | 2025-05-22 | Hot Random Image <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter |
| CVE-2025-4419 | 2025-05-22 | Hot Random Image <= 1.9.2 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path Parameter |
| CVE-2025-4280 | 2025-05-22 | TCC Bypass via Inherited Permissions in Bundled Interpreter in Poedit.app |
| CVE-2024-25010 | 2025-05-22 | Ericsson RAN Compute and Site Controller 6610 - Improper Input Validation Vulnerability |
| CVE-2025-3444 | 2025-05-22 | Local File Inclusion |