CVE List - 2025 / May
Showing 3201 - 3300 of 3982 CVEs for May 2025 (Page 33 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-3836 | 2025-05-22 | SQL Injection |
| CVE-2025-41403 | 2025-05-22 | SQL Injection |
| CVE-2025-5073 | 2025-05-22 | FreeFloat FTP Server MKDIR Command buffer overflow |
| CVE-2025-5074 | 2025-05-22 | FreeFloat FTP Server PROMPT Command buffer overflow |
| CVE-2025-3936 | 2025-05-22 | Incorrect Permission Assignment for Critical Resource |
| CVE-2025-2272 | 2025-05-22 | Privilege Escalation and Arbitrary code execution in F1E Endpoint |
| CVE-2025-46713 | 2025-05-22 | Sandboxie has Pool Buffer Overflow in SbieDrv.sys API (API_SET_SECURE_PARAM) |
| CVE-2025-3937 | 2025-05-22 | Use of Password Hash with Insufficient Computational Effort |
| CVE-2025-46714 | 2025-05-22 | Sandboxie has Pool Buffer Overflow in SbieDrv.sys API (API_GET_SECURE_PARAM) |
| CVE-2025-5075 | 2025-05-22 | FreeFloat FTP Server DEBUG Command buffer overflow |
| CVE-2025-3938 | 2025-05-22 | Missing Cryptographic Step |
| CVE-2025-3939 | 2025-05-22 | Observable Response Discrepancy |
| CVE-2025-3940 | 2025-05-22 | Improper Use of Validation Framework |
| CVE-2025-3941 | 2025-05-22 | Improper Handling of Windows: DATA Alternate Data Stream |
| CVE-2025-3942 | 2025-05-22 | Improper Output Neutralization for Logs |
| CVE-2025-3943 | 2025-05-22 | Use of GET Request Method With sensitive Query Strings |
| CVE-2025-3944 | 2025-05-22 | Incorrect Permission Assignment for Critical Resource |
| CVE-2025-3945 | 2025-05-22 | Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) |
| CVE-2025-4979 | 2025-05-22 | Insufficient Granularity of Access Control in GitLab |
| CVE-2025-3111 | 2025-05-22 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-2853 | 2025-05-22 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-5076 | 2025-05-22 | FreeFloat FTP Server SEND Command buffer overflow |
| CVE-2025-4575 | 2025-05-22 | The x509 application adds trusted use instead of rejected use |
| CVE-2025-5077 | 2025-05-22 | Campcodes Online Shopping Portal edit-subcategory.php sql injection |
| CVE-2025-5078 | 2025-05-22 | PHPGurukul/Campcodes Online Shopping Portal subcategory.php sql injection |
| CVE-2025-1110 | 2025-05-22 | Insufficient Granularity of Access Control in GitLab |
| CVE-2025-32915 | 2025-05-22 | Sensitive data exposed during automatic agent updates |
| CVE-2025-5079 | 2025-05-22 | PHPGurukul/Campcodes Online Shopping Portal updateorder.php sql injection |
| CVE-2025-0993 | 2025-05-22 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-0679 | 2025-05-22 | Exposure of Private Personal Information to an Unauthorized Actor in GitLab |
| CVE-2025-0605 | 2025-05-22 | Weak Authentication in GitLab |
| CVE-2024-12093 | 2025-05-22 | Improper Validation of Consistency within Input in GitLab |
| CVE-2025-5024 | 2025-05-22 | Gnome-remote-desktop: uncontrolled resource consumption due to malformed rdp pdus |
| CVE-2025-5080 | 2025-05-22 | Tenda FH451 webExcptypemanFilter stack-based overflow |
| CVE-2025-2506 | 2025-05-22 | When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can... |
| CVE-2025-23182 | 2025-05-22 | UBtech – CWE-203: Observable Discrepancy |
| CVE-2025-5081 | 2025-05-22 | Campcodes Cybercafe Management System adminprofile.php sql injection |
| CVE-2025-23183 | 2025-05-22 | UBtech – CWE-601: URL Redirection to Untrusted Site ('Open Redirect') |
| CVE-2025-4366 | 2025-05-22 | Request Smuggling Vulnerability in Pingora |
| CVE-2025-33136 | 2025-05-22 | IBM Aspera Faspex data modification |
| CVE-2025-33137 | 2025-05-22 | IBM Aspera Faspex data modification |
| CVE-2025-33138 | 2025-05-22 | IBM Aspera Faspex HTML injection |
| CVE-2024-48853 | 2025-05-22 | Authenticated Escalation to guest to root |
| CVE-2024-48850 | 2025-05-22 | Authenticated Absolute Path Traversal |
| CVE-2025-46715 | 2025-05-22 | Sandboxie Arbitrary Kernel Write in SbieDrv.sys API (API_GET_SECURE_PARAM) |
| CVE-2025-43596 | 2025-05-22 | MSP360 Backup (for Windows) insecure filesystem permissions |
| CVE-2025-46716 | 2025-05-22 | Sandboxie Arbitrary Kernel Read in SbieDrv.sys API (API_SET_SECURE_PARAM) |
| CVE-2025-47779 | 2025-05-22 | Using malformed From header can forge identity with ";" or NULL in name portion |
| CVE-2025-47780 | 2025-05-22 | cli_permissions.conf: deny option does not work for disallowing shell commands |
| CVE-2025-48061 | 2025-05-22 | wire-webapp Has Insufficient Session Invalidation after User Logout |
| CVE-2025-48066 | 2025-05-22 | wire-webapp has no database deletion on client logout |
| CVE-2025-48075 | 2025-05-22 | Fiber panics when fiber.Ctx.BodyParser parses invalid range index |
| CVE-2024-9639 | 2025-05-22 | Authenticated Remote Code Execution |
| CVE-2025-48366 | 2025-05-22 | GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions |
| CVE-2025-48368 | 2025-05-22 | GroupOffice's DOM-Based XSS in all Date Input Fields Allows Arbitrary JavaScript Execution |
| CVE-2025-2410 | 2025-05-22 | Admin Authorized Port (iptables) manipulation (open/close/disable ports) |
| CVE-2025-48369 | 2025-05-22 | GroupOffice vulnerable to Stored XSS in Tasks Comment Section |
| CVE-2025-2409 | 2025-05-22 | Admin Authorized System File corruption |
| CVE-2025-30170 | 2025-05-22 | Admin Authorized Exposure of file path, file size or file existence |
| CVE-2025-30171 | 2025-05-22 | Admin Authorized System File Deletion |
| CVE-2025-30172 | 2025-05-22 | Admin Authorized Remote Code Execution |
| CVE-2025-30173 | 2025-05-22 | Admin Authorized File Upload |
| CVE-2025-30169 | 2025-05-22 | Admin Authorized File Upload and Execute PHP |
| CVE-2024-13928 | 2025-05-22 | Authenticated SQL Injection |
| CVE-2024-13929 | 2025-05-22 | Authenticated Servlet Command Injection |
| CVE-2024-13930 | 2025-05-22 | Authenticated Unchecked Loop Condition |
| CVE-2024-13931 | 2025-05-22 | Authenticated Relative Path Traversal |
| CVE-2024-13946 | 2025-05-22 | Binary Planting / LoadLibrary DLL's not Signed |
| CVE-2024-13947 | 2025-05-22 | External System or Configuration Control |
| CVE-2024-13948 | 2025-05-22 | Insecure Permissions |
| CVE-2024-48848 | 2025-05-22 | LARGECONTENT - device disk overutilization |
| CVE-2024-13949 | 2025-05-22 | Log Forging |
| CVE-2024-13950 | 2025-05-22 | Log Injection |
| CVE-2024-13951 | 2025-05-22 | One way hash with predictable salt |
| CVE-2024-51553 | 2025-05-22 | Predictable Filename |
| CVE-2024-6914 | 2025-05-22 | Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover |
| CVE-2024-13952 | 2025-05-22 | Remote Code Execution |
| CVE-2024-13953 | 2025-05-22 | Sensitive Information disclosed in log files |
| CVE-2024-13954 | 2025-05-22 | Serialization / Deserialization of configuration data |
| CVE-2024-13955 | 2025-05-22 | SQL Injection 2nd Order |
| CVE-2024-13956 | 2025-05-22 | SSL Verification Bypass |
| CVE-2024-13957 | 2025-05-22 | SSRF Server Side Request Forgery |
| CVE-2024-13958 | 2025-05-22 | Stored Cross Site Scripting |
| CVE-2024-51552 | 2025-05-22 | Weak Password Storage |
| CVE-2024-7103 | 2025-05-22 | Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server 7.0.0 Sub-Organization Login Flow |
| CVE-2024-7487 | 2025-05-22 | Improper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native Authentication |
| CVE-2024-5962 | 2025-05-22 | Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding |
| CVE-2025-48372 | 2025-05-22 | Schule Has Insecure OTP Length, is Susceptible to Brute-Force Attacks |
| CVE-2025-48373 | 2025-05-22 | Schule Has Client-Side Role-Based Access Control (RBAC) Bypass Vulnerability |
| CVE-2025-48374 | 2025-05-22 | zot logs secrets |
| CVE-2025-4975 | 2025-05-22 | Tapo privilege escalation on shared devices using notifications |
| CVE-2025-47181 | 2025-05-22 | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability |
| CVE-2025-48371 | 2025-05-22 | OpenFGA Authorization Bypass |
| CVE-2025-4338 | 2025-05-22 | Lantronix Device Installer Improper Restriction of XML External Entity Reference |
| CVE-2025-4692 | 2025-05-22 | ABUP IoT Cloud Platform Incorrect Privilege Assignment |
| CVE-2023-34873 | 2025-05-23 | On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5.2.0.61, the tcpdump feature does not properly validate input, which allows authenticated users to execute code. |
| CVE-2023-53154 | 2025-05-23 | parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called. |
| CVE-2024-48702 | 2025-05-23 | PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter. |
| CVE-2024-48704 | 2025-05-23 | Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes. |
| CVE-2024-51099 | 2025-05-23 | A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context... |