CVE List - 2025 / May
Showing 3301 - 3400 of 3982 CVEs for May 2025 (Page 34 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-51101 | 2025-05-23 | PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php. |
| CVE-2024-51102 | 2025-05-23 | PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/login.php via the username and password parameters. |
| CVE-2024-51103 | 2025-05-23 | PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/password-recovery.php via the emailid and id parameters. |
| CVE-2024-51107 | 2025-05-23 | Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2024-51108 | 2025-05-23 | Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2024-51360 | 2025-05-23 | An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file |
| CVE-2025-44998 | 2025-05-23 | A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter. |
| CVE-2025-46176 | 2025-05-23 | Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis. |
| CVE-2025-48695 | 2025-05-23 | An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of... |
| CVE-2025-48701 | 2025-05-23 | openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used. |
| CVE-2025-48708 | 2025-05-23 | gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. |
| CVE-2025-48735 | 2025-05-23 | A SQL Injection issue in the request body processing in BOS IPCs with firmware 21.45.8.2.2_220219 before 21.45.8.2.3_230220 allows remote attackers to obtain sensitive information from the database via crafted input... |
| CVE-2025-48738 | 2025-05-23 | An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature... |
| CVE-2025-48739 | 2025-05-23 | A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions (allowing... |
| CVE-2025-48740 | 2025-05-23 | A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on... |
| CVE-2025-48741 | 2025-05-23 | A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables,... |
| CVE-2025-2394 | 2025-05-23 | Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications |
| CVE-2025-5099 | 2025-05-23 | KL-001-2025-004: Mobile Dynamix PrinterShare Mobile Print Out-of-bounds Write |
| CVE-2025-5098 | 2025-05-23 | KL-001-2025-003: Mobile Dynamix PrinterShare Mobile Print Gmail Oauth Token Disclosure |
| CVE-2025-5100 | 2025-05-23 | KL-001-2025-005: Mobile Dynamix PrinterShare Mobile Print Double-Free Memory Write |
| CVE-2025-4594 | 2025-05-23 | Tournamatch <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5096 | 2025-05-23 | TablePress <= 3.1.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters |
| CVE-2025-47149 | 2025-05-23 | The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If... |
| CVE-2024-13945 | 2025-05-23 | Stored Absolute Path Traversal |
| CVE-2025-4379 | 2025-05-23 | Reflected XSS in DobryCMS |
| CVE-2025-3893 | 2025-05-23 | SQL Injection in MegaBIP |
| CVE-2025-3894 | 2025-05-23 | Stored XSS in MegaBIP |
| CVE-2025-3895 | 2025-05-23 | Low token entropy in MegaBIP |
| CVE-2025-36527 | 2025-05-23 | SQL Injection |
| CVE-2025-41407 | 2025-05-23 | SQL Injection |
| CVE-2025-5105 | 2025-05-23 | TOZED ZLT W51 Service Port 7777 heap inspection |
| CVE-2025-5106 | 2025-05-23 | Fujian Kelixun Filename fax_view.php os command injection |
| CVE-2025-1123 | 2025-05-23 | Solid Mail – SMTP email and logging made by SolidWP <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting via Email |
| CVE-2025-5107 | 2025-05-23 | Fujian Kelixun xml_cdr_details.php sql injection |
| CVE-2025-5108 | 2025-05-23 | zongzhige ShopXO ZIP File Payment.php Upload unrestricted upload |
| CVE-2024-9163 | 2025-05-23 | User Interface (UI) Misrepresentation of Critical Information in GitLab |
| CVE-2024-7803 | 2025-05-23 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-41377 | 2025-05-23 | SQL injection vulnerability in Gandia Integra Total |
| CVE-2025-41378 | 2025-05-23 | Injection vulnerability in Iridium Certus 700 |
| CVE-2025-41379 | 2025-05-23 | Injection vulnerability in Iridium Certus 700 |
| CVE-2025-41380 | 2025-05-23 | Injection vulnerability in Iridium Certus 700 |
| CVE-2025-48292 | 2025-05-23 | WordPress Tourmaster plugin <= 5.3.8 - Local File Inclusion vulnerability |
| CVE-2025-48289 | 2025-05-23 | WordPress Kids Planet <= 2.2.14 - PHP Object Injection Vulnerability |
| CVE-2025-48287 | 2025-05-23 | WordPress Pix 4x sem juros - Pagaleve <= 1.6.9 - PHP Object Injection Vulnerability |
| CVE-2025-48286 | 2025-05-23 | WordPress ReDi Restaurant Reservation plugin <= 24.1209 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48283 | 2025-05-23 | WordPress Majestic Support <= 1.1.0 - SQL Injection Vulnerability |
| CVE-2025-48275 | 2025-05-23 | WordPress Visual Header <= 1.3 - Broken Access Control Vulnerability |
| CVE-2025-48273 | 2025-05-23 | WordPress WP Job Portal <= 2.3.2 - Arbitrary File Download Vulnerability |
| CVE-2025-48271 | 2025-05-23 | WordPress Leadinfo <= 1.1 - Settings Change Vulnerability |
| CVE-2025-48245 | 2025-05-23 | WordPress Quick Contact Form plugin <= 8.2.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48241 | 2025-05-23 | WordPress Verge3D plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47690 | 2025-05-23 | WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2025-47687 | 2025-05-23 | WordPress StoreKeeper for WooCommerce <= 14.4.4 - Arbitrary File Upload Vulnerability |
| CVE-2025-47680 | 2025-05-23 | WordPress xili-tidy-tags plugin <= 1.12.06 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47678 | 2025-05-23 | WordPress FunnelCockpit plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47673 | 2025-05-23 | WordPress Arconix Shortcodes plugin <= 2.1.16 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47672 | 2025-05-23 | WordPress miniOrange Discord Integration <= 2.2.2 - Local File Inclusion Vulnerability |
| CVE-2025-47671 | 2025-05-23 | WordPress Binary MLM Plan <= 3.0 - SQL Injection Vulnerability |
| CVE-2025-47670 | 2025-05-23 | WordPress WordPress Social Login and Register <= 7.6.10 - Local File Inclusion Vulnerability |
| CVE-2025-47663 | 2025-05-23 | WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability |
| CVE-2025-47660 | 2025-05-23 | WordPress WC Affiliate <= 2.9.1 - PHP Object Injection Vulnerability |
| CVE-2025-47658 | 2025-05-23 | WordPress ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.7 - Arbitrary File Upload Vulnerability |
| CVE-2025-47646 | 2025-05-23 | WordPress PSW Front-end Login & Registration <= 1.13 - Broken Authentication Vulnerability |
| CVE-2025-47642 | 2025-05-23 | WordPress Ajar in5 Embed <= 3.1.5 - Arbitrary File Upload Vulnerability |
| CVE-2025-47641 | 2025-05-23 | WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - Arbitrary File Upload Vulnerability |
| CVE-2025-47640 | 2025-05-23 | WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - SQL Injection Vulnerability |
| CVE-2025-47637 | 2025-05-23 | WordPress STAGGS <= 2.11.0 - Arbitrary File Upload Vulnerability |
| CVE-2025-47631 | 2025-05-23 | WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Privilege Escalation vulnerability |
| CVE-2025-47619 | 2025-05-23 | WordPress 6Storage Rentals <= 2.19.4 - Broken Access Control Vulnerability |
| CVE-2025-47618 | 2025-05-23 | WordPress BMI Adult & Kid Calculator plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47613 | 2025-05-23 | WordPress School Management System for Wordpress plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47611 | 2025-05-23 | WordPress User Meta plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47603 | 2025-05-23 | WordPress belingoGeo <= 1.12.0 - Arbitrary File Download Vulnerability |
| CVE-2025-47599 | 2025-05-23 | WordPress Facturante <= 1.11 - SQL Injection Vulnerability |
| CVE-2025-47575 | 2025-05-23 | WordPress School Management plugin <= 92.0.0 - SQL Injection vulnerability |
| CVE-2025-47568 | 2025-05-23 | WordPress ZoomSounds plugin <= 6.91 - PHP Object Injection vulnerability |
| CVE-2025-47558 | 2025-05-23 | WordPress MapSVG plugin < 8.6.13 - Broken Access Control vulnerability |
| CVE-2025-47541 | 2025-05-23 | WordPress Mail Mint <= 1.17.7 - Sensitive Data Exposure Vulnerability |
| CVE-2025-47539 | 2025-05-23 | WordPress Eventin <= 4.0.26 - Privilege Escalation Vulnerability |
| CVE-2025-47535 | 2025-05-23 | WordPress Opal Woo Custom Product Variation <= 1.2.0 - Arbitrary File Deletion Vulnerability |
| CVE-2025-47532 | 2025-05-23 | WordPress CoinPayments.net Payment Gateway for WooCommerce <= 1.0.17 - PHP Object Injection Vulnerability |
| CVE-2025-47530 | 2025-05-23 | WordPress WPFunnels <= 3.5.18 - PHP Object Injection Vulnerability |
| CVE-2025-47529 | 2025-05-23 | WordPress Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Settings Change Vulnerability |
| CVE-2025-47513 | 2025-05-23 | WordPress Infocob CRM Forms plugin <= 2.4.0 - Arbitrary File Download vulnerability |
| CVE-2025-47512 | 2025-05-23 | WordPress Tainacan plugin <= 0.21.14 - Arbitrary File Deletion vulnerability |
| CVE-2025-47492 | 2025-05-23 | WordPress Drag and Drop File Upload for Elementor Forms <= 1.4.3 - Arbitrary File Deletion Vulnerability |
| CVE-2025-47478 | 2025-05-23 | WordPress ProfileGrid <= 5.9.5.0 - SQL Injection Vulnerability |
| CVE-2025-47461 | 2025-05-23 | WordPress Subaccounts for WooCommerce plugin <= 1.6.6 - Account Takeover vulnerability |
| CVE-2025-47458 | 2025-05-23 | WordPress B2i Investor Tools plugin <= 1.0.7.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47453 | 2025-05-23 | WordPress WP Smart Import <= 1.1.3 - Local File Inclusion Vulnerability |
| CVE-2025-47438 | 2025-05-23 | WordPress WP Job Portal plugin <= 2.3.1 - Local File Inclusion vulnerability |
| CVE-2025-46539 | 2025-05-23 | WordPress Fable Extra <= 1.0.6 - SQL Injection Vulnerability |
| CVE-2025-46537 | 2025-05-23 | WordPress Section Widget plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46527 | 2025-05-23 | WordPress Web3Press – Decentralize Publishing with Writing NFT plugin <= 3.2.0 - Arbitrary File Read vulnerability |
| CVE-2025-46526 | 2025-05-23 | WordPress My Custom Widgets plugin <= 2.0.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46518 | 2025-05-23 | WordPress IGIT Related Posts With Thumb Image After Posts <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46515 | 2025-05-23 | WordPress Category Widget plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46493 | 2025-05-23 | WordPress Crossword Compiler Puzzles <= 5.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46490 | 2025-05-23 | WordPress Crossword Compiler Puzzles <= 5.2 - Arbitrary File Upload Vulnerability |
| CVE-2025-46488 | 2025-05-23 | WordPress Visual Builder plugin <= 1.2.2 - Broken Access Control vulnerability |