CVE List - 2025 / May
Showing 3601 - 3700 of 3984 CVEs for May 2025 (Page 37 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-26211 | 2025-05-27 | Gibbon before 29.0.00 allows CSRF. |
| CVE-2025-45475 | 2025-05-27 | maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in... |
| CVE-2025-45529 | 2025-05-27 | An arbitrary file read vulnerability in the ReadTextAsynchronous function of... |
| CVE-2025-46173 | 2025-05-27 | code-projects Online Exam Mastering System 1.0 is vulnerable to Cross... |
| CVE-2025-48742 | 2025-05-27 | The installer in SIGB PMB before and fixed in v.8.0.1.2... |
| CVE-2025-48743 | 2025-05-27 | SIGB PMB before 8.0.1.2 allows SQL injection. |
| CVE-2025-48744 | 2025-05-27 | In SIGB PMB before 8.0.1.2, attackers can achieve Local File... |
| CVE-2025-48827 | 2025-05-27 | vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated... |
| CVE-2025-48828 | 2025-05-27 | Certain vBulletin versions might allow attackers to execute arbitrary PHP... |
| CVE-2025-5215 | 2025-05-27 | D-Link DCS-5020L ptdc.cgi websReadEvent stack-based overflow |
| CVE-2025-5216 | 2025-05-27 | PHPGurukul Student Record System login.php sql injection |
| CVE-2025-5217 | 2025-05-27 | FreeFloat FTP Server RMDIR Command buffer overflow |
| CVE-2025-5218 | 2025-05-27 | FreeFloat FTP Server LITERAL Command buffer overflow |
| CVE-2025-5219 | 2025-05-27 | FreeFloat FTP Server ASCII Command buffer overflow |
| CVE-2025-33079 | 2025-05-27 | IBM Controller information disclosure |
| CVE-2025-5220 | 2025-05-27 | FreeFloat FTP Server GET Command buffer overflow |
| CVE-2025-4683 | 2025-05-27 | MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.5 - Missing Authorization to Authenticated (Subscriber+) Posts Creation |
| CVE-2025-4682 | 2025-05-27 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider and Post Carousel Widgets |
| CVE-2025-5221 | 2025-05-27 | FreeFloat FTP Server QUOTE Command buffer overflow |
| CVE-2025-5224 | 2025-05-27 | Campcodes Online Hospital Management System add-doctor.php sql injection |
| CVE-2025-5225 | 2025-05-27 | Campcodes Advanced Online Voting System index.php sql injection |
| CVE-2025-5226 | 2025-05-27 | PHPGurukul Small CRM change-password.php sql injection |
| CVE-2025-5227 | 2025-05-27 | PHPGurukul Small CRM manage-tickets.php sql injection |
| CVE-2025-5228 | 2025-05-27 | D-Link DI-8100 jhttpd login.cgi httpd_get_parm stack-based overflow |
| CVE-2025-5229 | 2025-05-27 | Campcodes Online Hospital Management System view-patient.php sql injection |
| CVE-2025-5230 | 2025-05-27 | PHPGurukul Online Nurse Hiring System bwdates-report-details.php sql injection |
| CVE-2025-48054 | 2025-05-27 | Radashi Vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') |
| CVE-2025-5231 | 2025-05-27 | PHPGurukul Company Visitor Management System forgot-password.php sql injection |
| CVE-2025-48382 | 2025-05-27 | Fess has Insecure Temporary File Permissions |
| CVE-2025-5232 | 2025-05-27 | PHPGurukul Student Study Center Management System report.php sql injection |
| CVE-2024-38866 | 2025-05-27 | Livestatus Injection in dynmaps |
| CVE-2024-47090 | 2025-05-27 | XSS via WYSIWYG editor |
| CVE-2025-23393 | 2025-05-27 | Reflected XSS in spacewalk-java |
| CVE-2025-2407 | 2025-05-27 | Missing Authentication & Authorization in Web-API allows adversary unrestricted access |
| CVE-2025-41649 | 2025-05-27 | Weidmueller: Out-of-Bounds Write Vulnerability in Industrial Ethernet Switches |
| CVE-2025-41650 | 2025-05-27 | Weidmueller: Denial-of-Service Vulnerability in Industrial Ethernet Switches |
| CVE-2025-41651 | 2025-05-27 | Weidmueller: Missing Authentication Vulnerability in Industrial Ethernet Switches |
| CVE-2025-41652 | 2025-05-27 | Weidmueller: Authentication Bypass Vulnerability in Industrial Ethernet Switches |
| CVE-2025-41653 | 2025-05-27 | Weidmueller: Denial-of-Service Vulnerability in the web server functionality of Industrial Ethernet Switches |
| CVE-2025-4412 | 2025-05-27 | TCC Bypass via Dylib Loading in Viscosity.app |
| CVE-2025-5117 | 2025-05-27 | Property 1.0.5 - 1.0.6 - Missing Authorization to Authenticated (Author+) Privilege Escalation via property_package_user_role Metadata in PayPal Registration |
| CVE-2025-5263 | 2025-05-27 | Error handling for script execution was incorrectly isolated from web... |
| CVE-2025-5264 | 2025-05-27 | Due to insufficient escaping of the newline character in the... |
| CVE-2025-5265 | 2025-05-27 | Due to insufficient escaping of the ampersand character in the... |
| CVE-2025-5266 | 2025-05-27 | Script elements loading cross-origin resources generated load and error events... |
| CVE-2025-5267 | 2025-05-27 | A clickjacking vulnerability could have been used to trick a... |
| CVE-2025-5268 | 2025-05-27 | Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox... |
| CVE-2025-5269 | 2025-05-27 | Memory safety bug present in Firefox ESR 128.10, and Thunderbird... |
| CVE-2025-5270 | 2025-05-27 | In certain cases, SNI could have been sent unencrypted even... |
| CVE-2025-5271 | 2025-05-27 | Previewing a response in Devtools ignored CSP headers, which could... |
| CVE-2025-5272 | 2025-05-27 | Memory safety bugs present in Firefox 138 and Thunderbird 138.... |
| CVE-2025-5244 | 2025-05-27 | GNU Binutils ld elflink.c elf_gc_sweep memory corruption |
| CVE-2025-48796 | 2025-05-27 | Gimp: stack-based buffer overflows in file-ico |
| CVE-2025-48797 | 2025-05-27 | Gimp: multiple heap buffer overflows in tga parser |
| CVE-2025-48798 | 2025-05-27 | Gimp: multiple use after free in xcf parser |
| CVE-2025-5245 | 2025-05-27 | GNU Binutils objdump debug.c debug_type_samep memory corruption |
| CVE-2025-5246 | 2025-05-27 | Campcodes Online Hospital Management System query-details.php sql injection |
| CVE-2025-3704 | 2025-05-27 | WordPress Volunteer Sign Up Sheets plugin < 5.5.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-5247 | 2025-05-27 | Gowabby HFish url.go LoadUrl improper authentication |
| CVE-2025-2236 | 2025-05-27 | Exposure of Sensitive System Information vulnerability during configuration affecting OpenText Advanced Authentication. |
| CVE-2025-48383 | 2025-05-27 | Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking |
| CVE-2025-48370 | 2025-05-27 | auth-js Vulnerable to Insecure Path Routing from Malformed User Input |
| CVE-2024-56193 | 2025-05-27 | There is a possible disclosure of Bluetooth adapter details due... |
| CVE-2025-27700 | 2025-05-27 | There is a possible bypass of carrier restrictions due to... |
| CVE-2025-27701 | 2025-05-27 | In the function process_crypto_cmd, the values of ptrs[i] can be... |
| CVE-2025-5248 | 2025-05-27 | PHPGurukul Company Visitor Management System bwdates-reports-details.php sql injection |
| CVE-2025-5249 | 2025-05-27 | PHPGurukul News Portal Project add-category.php sql injection |
| CVE-2025-48057 | 2025-05-27 | Icinga 2 certificate renewal might incorrectly renew an invalid certificate |
| CVE-2025-23247 | 2025-05-27 | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in... |
| CVE-2025-5250 | 2025-05-27 | PHPGurukul News Portal Project edit-category.php sql injection |
| CVE-2025-5251 | 2025-05-27 | PHPGurukul News Portal Project edit-subcategory.php sql injection |
| CVE-2025-5252 | 2025-05-27 | PHPGurukul News Portal Project edit-subadmin.php sql injection |
| CVE-2024-13966 | 2025-05-27 | ZKTeco BioTime default password |
| CVE-2025-5279 | 2025-05-27 | Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin |
| CVE-2025-5063 | 2025-05-27 | Use after free in Compositing in Google Chrome prior to... |
| CVE-2025-5280 | 2025-05-27 | Out of bounds write in V8 in Google Chrome prior... |
| CVE-2025-5064 | 2025-05-27 | Inappropriate implementation in Background Fetch API in Google Chrome prior... |
| CVE-2025-5065 | 2025-05-27 | Inappropriate implementation in FileSystemAccess API in Google Chrome prior to... |
| CVE-2025-5066 | 2025-05-27 | Inappropriate implementation in Messages in Google Chrome on Android prior... |
| CVE-2025-5281 | 2025-05-27 | Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55... |
| CVE-2025-5283 | 2025-05-27 | Use after free in libvpx in Google Chrome prior to... |
| CVE-2025-5067 | 2025-05-27 | Inappropriate implementation in Tab Strip in Google Chrome prior to... |
| CVE-2025-5198 | 2025-05-27 | Stackrox: xss in stackrox |
| CVE-2025-5222 | 2025-05-27 | Icu: stack buffer overflow in the srbroot::addtag function |
| CVE-2025-5278 | 2025-05-27 | Coreutils: heap buffer under-read in gnu coreutils sort via key specification |
| CVE-2025-40911 | 2025-05-27 | Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses |
| CVE-2025-32440 | 2025-05-27 | NetAlertX Vulnerable to Authentication Bypass |
| CVE-2024-11185 | 2025-05-27 | On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries. |
| CVE-2025-2796 | 2025-05-27 | On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal |
| CVE-2025-2826 | 2025-05-27 | n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. |
| CVE-2024-45094 | 2025-05-27 | IBM DS8900F and DS8A00 Hardware Management Console (HMC) cross-site scripting |
| CVE-2024-57336 | 2025-05-28 | Incorrect access control in M2Soft CROWNIX Report & ERS affected... |
| CVE-2024-57337 | 2025-05-28 | An arbitrary file upload vulnerability in the opcode 500 functionality... |
| CVE-2024-57338 | 2025-05-28 | An arbitrary file upload vulnerability in M2Soft CROWNIX Report &... |
| CVE-2025-30087 | 2025-05-28 | Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0... |
| CVE-2025-31500 | 2025-05-28 | Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS... |
| CVE-2025-31501 | 2025-05-28 | Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS... |
| CVE-2025-45343 | 2025-05-28 | An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker... |
| CVE-2025-45997 | 2025-05-28 | Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file... |
| CVE-2025-47748 | 2025-05-28 | Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains... |