CVE List - 2025 / May
Showing 3601 - 3700 of 3982 CVEs for May 2025 (Page 37 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-48742 | 2025-05-27 | The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution. |
| CVE-2025-48743 | 2025-05-27 | SIGB PMB before 8.0.1.2 allows SQL injection. |
| CVE-2025-48744 | 2025-05-27 | In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution. |
| CVE-2025-48827 | 2025-05-27 | vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern,... |
| CVE-2025-48828 | 2025-05-27 | Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax,... |
| CVE-2025-5215 | 2025-05-27 | D-Link DCS-5020L ptdc.cgi websReadEvent stack-based overflow |
| CVE-2025-5216 | 2025-05-27 | PHPGurukul Student Record System login.php sql injection |
| CVE-2025-5217 | 2025-05-27 | FreeFloat FTP Server RMDIR Command buffer overflow |
| CVE-2025-5218 | 2025-05-27 | FreeFloat FTP Server LITERAL Command buffer overflow |
| CVE-2025-5219 | 2025-05-27 | FreeFloat FTP Server ASCII Command buffer overflow |
| CVE-2025-33079 | 2025-05-27 | IBM Controller information disclosure |
| CVE-2025-5220 | 2025-05-27 | FreeFloat FTP Server GET Command buffer overflow |
| CVE-2025-4683 | 2025-05-27 | MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.5 - Missing Authorization to Authenticated (Subscriber+) Posts Creation |
| CVE-2025-4682 | 2025-05-27 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider and Post Carousel Widgets |
| CVE-2025-5221 | 2025-05-27 | FreeFloat FTP Server QUOTE Command buffer overflow |
| CVE-2025-5224 | 2025-05-27 | Campcodes Online Hospital Management System add-doctor.php sql injection |
| CVE-2025-5225 | 2025-05-27 | Campcodes Advanced Online Voting System index.php sql injection |
| CVE-2025-5226 | 2025-05-27 | PHPGurukul Small CRM change-password.php sql injection |
| CVE-2025-5227 | 2025-05-27 | PHPGurukul Small CRM manage-tickets.php sql injection |
| CVE-2025-5228 | 2025-05-27 | D-Link DI-8100 jhttpd login.cgi httpd_get_parm stack-based overflow |
| CVE-2025-5229 | 2025-05-27 | Campcodes Online Hospital Management System view-patient.php sql injection |
| CVE-2025-5230 | 2025-05-27 | PHPGurukul Online Nurse Hiring System bwdates-report-details.php sql injection |
| CVE-2025-48054 | 2025-05-27 | Radashi Vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') |
| CVE-2025-5231 | 2025-05-27 | PHPGurukul Company Visitor Management System forgot-password.php sql injection |
| CVE-2025-48382 | 2025-05-27 | Fess has Insecure Temporary File Permissions |
| CVE-2025-5232 | 2025-05-27 | PHPGurukul Student Study Center Management System report.php sql injection |
| CVE-2024-38866 | 2025-05-27 | Livestatus Injection in dynmaps |
| CVE-2024-47090 | 2025-05-27 | XSS via WYSIWYG editor |
| CVE-2025-23393 | 2025-05-27 | Reflected XSS in spacewalk-java |
| CVE-2025-2407 | 2025-05-27 | Missing Authentication & Authorization in Web-API allows adversary unrestricted access |
| CVE-2025-41649 | 2025-05-27 | Weidmueller: Out-of-Bounds Write Vulnerability in Industrial Ethernet Switches |
| CVE-2025-41650 | 2025-05-27 | Weidmueller: Denial-of-Service Vulnerability in Industrial Ethernet Switches |
| CVE-2025-41651 | 2025-05-27 | Weidmueller: Missing Authentication Vulnerability in Industrial Ethernet Switches |
| CVE-2025-41652 | 2025-05-27 | Weidmueller: Authentication Bypass Vulnerability in Industrial Ethernet Switches |
| CVE-2025-41653 | 2025-05-27 | Weidmueller: Denial-of-Service Vulnerability in the web server functionality of Industrial Ethernet Switches |
| CVE-2025-4412 | 2025-05-27 | TCC Bypass via Dylib Loading in Viscosity.app |
| CVE-2025-5117 | 2025-05-27 | Property 1.0.5 - 1.0.6 - Missing Authorization to Authenticated (Author+) Privilege Escalation via property_package_user_role Metadata in PayPal Registration |
| CVE-2025-5262 | 2025-05-27 | A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability... |
| CVE-2025-5263 | 2025-05-27 | Error handling for script execution was incorrectly isolated from web content |
| CVE-2025-5264 | 2025-05-27 | Potential local code execution in “Copy as cURL” command |
| CVE-2025-5265 | 2025-05-27 | Potential local code execution in “Copy as cURL” command |
| CVE-2025-5266 | 2025-05-27 | Script element events leaked cross-origin resource status |
| CVE-2025-5267 | 2025-05-27 | Clickjacking vulnerability could have led to leaking saved payment card details |
| CVE-2025-5268 | 2025-05-27 | Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 |
| CVE-2025-5269 | 2025-05-27 | Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 |
| CVE-2025-5270 | 2025-05-27 | SNI was sometimes unencrypted |
| CVE-2025-5271 | 2025-05-27 | Devtools' preview ignored CSP headers |
| CVE-2025-5272 | 2025-05-27 | Memory safety bugs fixed in Firefox 139 and Thunderbird 139 |
| CVE-2025-5244 | 2025-05-27 | GNU Binutils ld elflink.c elf_gc_sweep memory corruption |
| CVE-2025-48796 | 2025-05-27 | Gimp: stack-based buffer overflows in file-ico |
| CVE-2025-48797 | 2025-05-27 | Gimp: multiple heap buffer overflows in tga parser |
| CVE-2025-48798 | 2025-05-27 | Gimp: multiple use after free in xcf parser |
| CVE-2025-5245 | 2025-05-27 | GNU Binutils objdump debug.c debug_type_samep memory corruption |
| CVE-2025-5246 | 2025-05-27 | Campcodes Online Hospital Management System query-details.php sql injection |
| CVE-2025-3704 | 2025-05-27 | WordPress Volunteer Sign Up Sheets plugin < 5.5.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-5247 | 2025-05-27 | Gowabby HFish url.go LoadUrl improper authentication |
| CVE-2025-2236 | 2025-05-27 | Exposure of Sensitive System Information vulnerability during configuration affecting OpenText Advanced Authentication. |
| CVE-2025-48383 | 2025-05-27 | Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking |
| CVE-2025-48370 | 2025-05-27 | auth-js Vulnerable to Insecure Path Routing from Malformed User Input |
| CVE-2024-56193 | 2025-05-27 | There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2025-27700 | 2025-05-27 | There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2025-27701 | 2025-05-27 | In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL... |
| CVE-2025-5248 | 2025-05-27 | PHPGurukul Company Visitor Management System bwdates-reports-details.php sql injection |
| CVE-2025-5249 | 2025-05-27 | PHPGurukul News Portal Project add-category.php sql injection |
| CVE-2025-48057 | 2025-05-27 | Icinga 2 certificate renewal might incorrectly renew an invalid certificate |
| CVE-2025-23247 | 2025-05-27 | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the... |
| CVE-2025-5250 | 2025-05-27 | PHPGurukul News Portal Project edit-category.php sql injection |
| CVE-2025-5251 | 2025-05-27 | PHPGurukul News Portal Project edit-subcategory.php sql injection |
| CVE-2025-5252 | 2025-05-27 | PHPGurukul News Portal Project edit-subadmin.php sql injection |
| CVE-2024-13966 | 2025-05-27 | ZKTeco BioTime default password |
| CVE-2025-5279 | 2025-05-27 | Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin |
| CVE-2025-5063 | 2025-05-27 | Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-5280 | 2025-05-27 | Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-5064 | 2025-05-27 | Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-5065 | 2025-05-27 | Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-5066 | 2025-05-27 | Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing... |
| CVE-2025-5281 | 2025-05-27 | Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-5283 | 2025-05-27 | Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-5067 | 2025-05-27 | Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2025-5198 | 2025-05-27 | Stackrox: xss in stackrox |
| CVE-2025-5222 | 2025-05-27 | Icu: stack buffer overflow in the srbroot::addtag function |
| CVE-2025-5278 | 2025-05-27 | Coreutils: heap buffer under-read in gnu coreutils sort via key specification |
| CVE-2025-40911 | 2025-05-27 | Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses |
| CVE-2025-32440 | 2025-05-27 | NetAlertX Vulnerable to Authentication Bypass |
| CVE-2024-11185 | 2025-05-27 | On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries. |
| CVE-2025-2796 | 2025-05-27 | On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal |
| CVE-2025-2826 | 2025-05-27 | n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. |
| CVE-2024-45094 | 2025-05-27 | IBM DS8900F and DS8A00 Hardware Management Console (HMC) cross-site scripting |
| CVE-2024-57336 | 2025-05-28 | Incorrect access control in M2Soft CROWNIX Report & ERS affected v7.x to v7.4.3.599 and v8.x to v8.0.3.79 allows unauthorized attackers to obtain Administrator account access. |
| CVE-2024-57337 | 2025-05-28 | An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute... |
| CVE-2024-57338 | 2025-05-28 | An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a... |
| CVE-2025-30087 | 2025-05-28 | Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL. |
| CVE-2025-31500 | 2025-05-28 | Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name. |
| CVE-2025-31501 | 2025-05-28 | Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink. |
| CVE-2025-45343 | 2025-05-28 | An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route. |
| CVE-2025-45997 | 2025-05-28 | Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg. |
| CVE-2025-47748 | 2025-05-28 | Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password. |
| CVE-2025-48746 | 2025-05-28 | Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function. |
| CVE-2025-48747 | 2025-05-28 | Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource. |
| CVE-2025-48749 | 2025-05-28 | Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data. |