CVE List - 2025 / May

Showing 3501 - 3600 of 3984 CVEs for May 2025 (Page 36 of 40)

Back to List Previous Next

CVE ID	Date	Title
CVE-2025-5129	2025-05-24	Sangfor 零信任访问控制系统 aTrust MSASN1.dll uncontrolled search path
CVE-2025-5130	2025-05-24	Tmall Demo uploadProductImage unrestricted upload
CVE-2025-5131	2025-05-24	Tmall Demo uploadCategoryImage unrestricted upload
CVE-2025-5132	2025-05-24	Tmall Demo logout cross-site request forgery
CVE-2025-5133	2025-05-24	Tmall Demo Search Box cross site scripting
CVE-2025-5134	2025-05-24	Tmall Demo Buy Item Page cross site scripting
CVE-2025-5135	2025-05-24	Tmall Demo Product Details Page admin cross site scripting
CVE-2025-5136	2025-05-24	Tmall Demo Payment Identifier pay random values
CVE-2025-5137	2025-05-25	DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection
CVE-2025-5138	2025-05-25	Bitwarden PDF File cross site scripting
CVE-2025-5139	2025-05-25	Qualitor testaConexaoOffice365.php command injection
CVE-2025-5140	2025-05-25	Seeyon Zhiyuan OA Web Application System ThirdMenuController.class this.oursNetService.getData server-side request forgery
CVE-2025-5145	2025-05-25	Netcore POWER13 Query String cgi-bin command injection
CVE-2025-5146	2025-05-25	Netcore NBR200V2 HTTP Header routerd passwd_set command injection
CVE-2025-5147	2025-05-25	Netcore NBR1005GPEV2/NBR200V2/B6V2 network_tools tools_ping command injection
CVE-2025-5148	2025-05-25	FunAudioLLM InspireMusic Pickle Data model.py load_state_dict deserialization
CVE-2025-5149	2025-05-25	WCMS Login getallcon getMemberByUid improper authentication
CVE-2025-5150	2025-05-25	docarray Web API torch_dataset.py __getitem__ prototype pollution
CVE-2025-5151	2025-05-25	defog-ai introspect analysis_tools.py execute_analysis_code_safely code injection
CVE-2025-5152	2025-05-25	Chanjet CRM newActivityedit.php sql injection
CVE-2025-5153	2025-05-25	CMS Made Simple Design Manager Module cross site scripting
CVE-2025-5154	2025-05-25	PhonePe App SQLite Database databases cleartext storage in a file or on disk
CVE-2025-5155	2025-05-25	qianfox FoxCMS Article.php batchCope sql injection
CVE-2025-5156	2025-05-25	H3C GR-5400AX aspForm EditWlanMacList buffer overflow
CVE-2025-5157	2025-05-25	H3C SecCenter SMP-E1114P02 fileContent path traversal
CVE-2025-5158	2025-05-25	H3C SecCenter SMP-E1114P02 downloadSoftware path traversal
CVE-2025-5159	2025-05-25	H3C SecCenter SMP-E1114P02 download path traversal
CVE-2025-2146	2025-05-25	Buffer overflow in WebService Authentication processing of Small Office Multifunction...
CVE-2025-5160	2025-05-26	H3C SecCenter SMP-E1114P02 download path traversal
CVE-2025-5161	2025-05-26	H3C SecCenter SMP-E1114P02 download operationDailyOut path traversal
CVE-2025-5162	2025-05-26	H3C SecCenter SMP-E1114P02 importFile unrestricted upload
CVE-2025-5163	2025-05-26	yangshare 技术杨工 warehouseManager 仓库管理系统 access control
CVE-2025-5164	2025-05-26	PerfreeBlog JWT JwtUtil hard-coded key
CVE-2025-5165	2025-05-26	Open Asset Import Library Assimp MDCLoader.cpp ValidateSurfaceHeader out-of-bounds
CVE-2025-5166	2025-05-26	Open Asset Import Library Assimp MDC File Parser MDCLoader.cpp InternReadFile out-of-bounds
CVE-2025-5167	2025-05-26	Open Asset Import Library Assimp LWOLoader.h GetS0 out-of-bounds
CVE-2025-5168	2025-05-26	Open Asset Import Library Assimp MDLLoader.cpp ImportUVCoordinate_3DGS_MDL345 out-of-bounds
CVE-2025-5169	2025-05-26	Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_3DGS_MDL345 out-of-bounds
CVE-2025-5170	2025-05-26	llisoft MTA Maita Training System AdminShitiController.java AdminShitiListRequestVo sql injection
CVE-2025-5171	2025-05-26	llisoft MTA Maita Training System OpenController.java this.fileService.download unrestricted upload
CVE-2025-5172	2025-05-26	Econtrata valida sql injection
CVE-2025-41441	2025-05-26	Mailform Pro CGI prior to 4.3.4 generates error messages containing...
CVE-2025-5173	2025-05-26	HumanSignal label-studio-ml-backend PT File neural_nets.py load deserialization
CVE-2025-5174	2025-05-26	erdogant pypickle pypickle.py load deserialization
CVE-2025-5175	2025-05-26	erdogant pypickle pypickle.py save improper authorization
CVE-2025-5176	2025-05-26	Realce Tecnologia Queue Ticket Kiosk Admin Login Page index.php sql injection
CVE-2025-1985	2025-05-26	PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by XSS vulnerability
CVE-2025-41654	2025-05-26	PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by information disclosure via the SNMP protocol
CVE-2025-41655	2025-05-26	PEPPERL+FUCHS: Attacker can cause a DoS via URL
CVE-2025-5177	2025-05-26	Realce Tecnologia Queue Ticket Kiosk Admin Login Page index.php cross site scripting
CVE-2025-4057	2025-05-26	Activemq-artemis-operator: amq broker operator starting credentials reuse
CVE-2025-5178	2025-05-26	Realce Tecnologia Queue Ticket Kiosk Image File ajax.php unrestricted upload
CVE-2025-40672	2025-05-26	Privilege Escalation in Panloader.exe
CVE-2025-40671	2025-05-26	SQL injection vulnerability in AES Multimedia's Gestnet
CVE-2025-5179	2025-05-26	Realce Tecnologia Queue Ticket Kiosk Cadastro de Administrador Page index.php cross site scripting
CVE-2025-5180	2025-05-26	Wondershare Filmora Installer NFWCHK.exe uncontrolled search path
CVE-2025-35003	2025-05-26	Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities.
CVE-2025-4053	2025-05-26	Unauthorized creation of master key in Mifare Classic Be-Tech cards
CVE-2025-5181	2025-05-26	Summer Pearl Group Vacation Rental Management Platform updateListing cross site scripting
CVE-2025-5182	2025-05-26	Summer Pearl Group Vacation Rental Management Platform Listing authorization
CVE-2025-5183	2025-05-26	Summer Pearl Group Vacation Rental Management Platform Header redirect
CVE-2025-5184	2025-05-26	Summer Pearl Group Vacation Rental Management Platform HTTP Response Header information disclosure
CVE-2025-5185	2025-05-26	Summer Pearl Group Vacation Rental Management Platform cross-site request forgery
CVE-2025-40664	2025-05-26	Missing authentication vulnerability in TCMAN GIM v11
CVE-2025-40665	2025-05-26	Time-based blind SQL injection vulnerability in TCMAN GIM v11
CVE-2025-40666	2025-05-26	Time-based blind SQL injection vulnerability in TCMAN GIM v11
CVE-2025-40667	2025-05-26	Missing authorization vulnerability in TCMAN GIM v11
CVE-2025-40650	2025-05-26	Insecure Direct Object Reference (IDOR) in Clickedu
CVE-2025-40652	2025-05-26	Cross-Site Scripting (XSS) in CoverManager
CVE-2025-40653	2025-05-26	User enumeration in M3M Printer Server Web
CVE-2025-40663	2025-05-26	Stored Cross-Site Scripting (XSS) in i2A-Cronos by i2A
CVE-2025-5186	2025-05-26	thinkgem JeeSite URI Scheme form ResourceLoader.getResource server-side request forgery
CVE-2025-46805	2025-05-26	Screen has a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root
CVE-2025-5196	2025-05-26	Wing FTP Server Lua Admin Console unnecessary privileges
CVE-2025-46804	2025-05-26	Screen 5.0.0 and older versions allow file existence tests when installed setuid-root
CVE-2025-39498	2025-05-26	WordPress Spotlight - Social Media Feeds (Premium) plugin <= 1.7.1 - Sensitive Data Exposure vulnerability
CVE-2025-37992	2025-05-26	net_sched: Flush gso_skb list too during ->change()
CVE-2025-46803	2025-05-26	Screen creates by default world-writable PTYs
CVE-2025-46802	2025-05-26	Temporary chown() of users' TTY to mode 0666 allows PTY hijacking in screen
CVE-2025-23395	2025-05-26	Local root exploit via `logfile_reopen()` in screen 5.0.0 with setuid-root bit set
CVE-2025-23394	2025-05-26	daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root
CVE-2025-23392	2025-05-26	Reflected XSS in SystemsController.java in spacewalk-java
CVE-2025-5200	2025-05-26	Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_Quake1 out-of-bounds
CVE-2025-5201	2025-05-26	Open Asset Import Library Assimp LWOLoader.cpp CountVertsAndFacesLWO2 out-of-bounds
CVE-2025-5202	2025-05-26	Open Asset Import Library Assimp HL1MDLLoader.cpp validate_header out-of-bounds
CVE-2025-5203	2025-05-26	Open Asset Import Library Assimp ParsingUtils.h SkipSpaces out-of-bounds
CVE-2025-5204	2025-05-26	Open Asset Import Library Assimp MDLMaterialLoader.cpp ParseSkinLump_3DGS_MDL7 out-of-bounds
CVE-2025-5205	2025-05-26	1000 Projects Daily College Class Work Report Book dcwr_entry.php sql injection
CVE-2025-5206	2025-05-26	Pixelimity Installation index.php sql injection
CVE-2025-5207	2025-05-26	SourceCodester Client Database Management System superadmin_update_profile.php sql injection
CVE-2025-5208	2025-05-26	SourceCodester Online Hospital Management System check_availability.php sql injection
CVE-2025-5210	2025-05-26	PHPGurukul Employee Record Management System loginerms.php sql injection
CVE-2025-5211	2025-05-26	PHPGurukul Employee Record Management System myprofile.php sql injection
CVE-2025-5212	2025-05-26	PHPGurukul Employee Record Management System editempexp.php sql injection
CVE-2025-4783	2025-05-26	Exclusive Addons for Elementor <= 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget
CVE-2025-5213	2025-05-26	projectworlds Responsive E-Learning System delete_file.php sql injection
CVE-2025-5214	2025-05-26	Kashipara Responsive Online Learing Platform course_detail_user_new.php sql injection
CVE-2024-49196	2025-05-27	An issue was discovered in the GPU in Samsung Mobile...
CVE-2024-49197	2025-05-27	An issue was discovered in Wi-Fi in Samsung Mobile Processor...
CVE-2025-22377	2025-05-27	An issue was discovered in Samsung Mobile Processor, Wearable Processor,...