CVE List - 2025 / May
Showing 3701 - 3800 of 3984 CVEs for May 2025 (Page 38 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-48746 | 2025-05-28 | Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as... |
| CVE-2025-48747 | 2025-05-28 | Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0... |
| CVE-2025-48749 | 2025-05-28 | Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before &... |
| CVE-2025-48925 | 2025-05-28 | The TeleMessage service through 2025-05-05 relies on the client side... |
| CVE-2025-48926 | 2025-05-28 | The admin panel in the TeleMessage service through 2025-05-05 allows... |
| CVE-2025-48927 | 2025-05-28 | The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with... |
| CVE-2025-48928 | 2025-05-28 | The TeleMessage service through 2025-05-05 is based on a JSP... |
| CVE-2025-48929 | 2025-05-28 | The TeleMessage service through 2025-05-05 implements authentication through a long-lived... |
| CVE-2025-48930 | 2025-05-28 | The TeleMessage service through 2025-05-05 stores certain cleartext information in... |
| CVE-2025-48931 | 2025-05-28 | The TeleMessage service through 2025-05-05 relies on MD5 for password... |
| CVE-2025-25025 | 2025-05-28 | IBM Security Guardium information disclosure |
| CVE-2025-25026 | 2025-05-28 | IBM Security Guardium information disclosure |
| CVE-2025-25029 | 2025-05-28 | IBM Security Guardium information disclosure |
| CVE-2025-4800 | 2025-05-28 | MasterStudy LMS Pro <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-4947 | 2025-05-28 | QUIC certificate check skip with wolfSSL |
| CVE-2025-5025 | 2025-05-28 | No QUIC certificate pinning with wolfSSL |
| CVE-2025-4009 | 2025-05-28 | Unauthenticated Arbitrary Command Injection in Evertz SDVN |
| CVE-2025-5082 | 2025-05-28 | WP Attachments <= 5.0.12 - Reflected Cross-Site Scripting via attachment_id Parameter |
| CVE-2025-25251 | 2025-05-28 | An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through... |
| CVE-2025-47295 | 2025-05-28 | A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3,... |
| CVE-2024-54020 | 2025-05-28 | A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1,... |
| CVE-2025-47294 | 2025-05-28 | A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0... |
| CVE-2025-22252 | 2025-05-28 | A missing authentication for critical function in Fortinet FortiProxy versions... |
| CVE-2025-24473 | 2025-05-28 | A exposure of sensitive system information to an unauthorized control... |
| CVE-2025-46777 | 2025-05-28 | A insertion of sensitive information into log file in Fortinet... |
| CVE-2025-27522 | 2025-05-28 | Apache InLong: JDBC Vulnerability during verification processing |
| CVE-2025-27526 | 2025-05-28 | Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass |
| CVE-2025-27528 | 2025-05-28 | Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read |
| CVE-2025-5287 | 2025-05-28 | Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection |
| CVE-2025-4963 | 2025-05-28 | WP Extended <= 3.0.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2025-1753 | 2025-05-28 | Command Injection in LLama-Index CLI in run-llama/llama_index |
| CVE-2025-40673 | 2025-05-28 | Missing Authorization in DinoRANK |
| CVE-2025-5295 | 2025-05-28 | FreeFloat FTP Server PORT Command buffer overflow |
| CVE-2025-3864 | 2025-05-28 | Connection pool exhaustion in hackney |
| CVE-2025-5297 | 2025-05-28 | SourceCodester Computer Store System main.c Add stack-based overflow |
| CVE-2025-5298 | 2025-05-28 | Campcodes Online Hospital Management System betweendates-detailsreports.php sql injection |
| CVE-2025-5299 | 2025-05-28 | SourceCodester Client Database Management System user_order_customer_update.php unrestricted upload |
| CVE-2025-4493 | 2025-05-28 | Improper privilege assignment in PAM JIT privilege sets in Devolutions... |
| CVE-2025-5277 | 2025-05-28 | aws-mcp-server MCP server is vulnerable to command injection. An attacker... |
| CVE-2025-40651 | 2025-05-28 | Reflected Cross Site Scripting (XSS) in Real Easy Store |
| CVE-2025-48734 | 2025-05-28 | Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default |
| CVE-2025-4134 | 2025-05-28 | Lack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files |
| CVE-2025-3357 | 2025-05-28 | IBM Tivoli Monitoring code execution |
| CVE-2024-38341 | 2025-05-28 | IBM Sterling Secure Proxy information disclosure |
| CVE-2024-51453 | 2025-05-28 | IBM Sterling Secure Proxy directory traversal |
| CVE-2025-36572 | 2025-05-28 | Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials... |
| CVE-2025-5257 | 2025-05-28 | Predictable Page Indexing Might Lead to Sensitive Data Exposure |
| CVE-2024-47056 | 2025-05-28 | Mautic does not shield .env files from web traffic |
| CVE-2025-32801 | 2025-05-28 | Loading a malicious hook library can lead to local privilege escalation |
| CVE-2025-32802 | 2025-05-28 | Insecure handling of file paths allows multiple local attacks |
| CVE-2025-32803 | 2025-05-28 | Insecure file permissions can result in confidential information leakage |
| CVE-2024-47057 | 2025-05-28 | User name enumeration possible due to response time difference on password reset form |
| CVE-2025-1461 | 2025-05-28 | Vuetify XSS through 'eventMoreText' prop of VCalendar |
| CVE-2024-47055 | 2025-05-28 | Segment cloning doesn't have a proper permission check |
| CVE-2025-5256 | 2025-05-28 | Open Redirect vulnerability on user unlock path |
| CVE-2025-27702 | 2025-05-28 | Permissions bypass in the management console of Absolute Secure Access prior to version 13.54 |
| CVE-2025-27703 | 2025-05-28 | Privilege escalation in the management console of Absolute Secure Access prior to version 13.54 |
| CVE-2025-27706 | 2025-05-28 | Cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.54 |
| CVE-2023-41591 | 2025-05-29 | An issue in Open Network Foundation ONOS v2.7.0 allows attackers... |
| CVE-2024-22653 | 2025-05-29 | yasm commit 9defefae was discovered to contain a NULL pointer... |
| CVE-2024-22654 | 2025-05-29 | tcpreplay v4.4.4 was discovered to contain an infinite loop via... |
| CVE-2024-51392 | 2025-05-29 | An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker... |
| CVE-2024-53423 | 2025-05-29 | An issue in Open Network Foundation ONOS v2.7.0 allows attackers... |
| CVE-2024-54952 | 2025-05-29 | MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption... |
| CVE-2025-29632 | 2025-05-29 | Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker... |
| CVE-2025-45474 | 2025-05-29 | maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in... |
| CVE-2025-46078 | 2025-05-29 | HuoCMS V3.5.1 and before is vulnerable to file upload, which... |
| CVE-2025-46080 | 2025-05-29 | HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can... |
| CVE-2025-48748 | 2025-05-29 | Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a... |
| CVE-2025-4583 | 2025-05-29 | Smash Balloon Instagram Feed <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-plugin` Attribute |
| CVE-2025-3755 | 2025-05-29 | Information Disclosure and Denial-of-Service(DoS) Vulnerability in MELSEC iQ-F Series CPU module |
| CVE-2025-5273 | 2025-05-29 | All versions of the package mcp-markdownify-server are vulnerable to Files... |
| CVE-2025-5276 | 2025-05-29 | All versions of the package mcp-markdownify-server are vulnerable to Server-Side... |
| CVE-2025-5122 | 2025-05-29 | Map Block Leaflet <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter |
| CVE-2025-4670 | 2025-05-29 | Easy Digital Downloads <= 3.3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via edd_receipt Shortcode |
| CVE-2025-5286 | 2025-05-29 | Bold Builder <= 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter |
| CVE-2025-4687 | 2025-05-29 | Account pre-hijacking through invite misuse |
| CVE-2024-52588 | 2025-05-29 | Strapi allows Server-Side Request Forgery in Webhook function |
| CVE-2025-27151 | 2025-05-29 | redis-check-aof may lead to stack overflow and potential RCE |
| CVE-2025-48388 | 2025-05-29 | FreeScout Has Insufficient Protection Against CRLF-injection |
| CVE-2025-48045 | 2025-05-29 | MICI Network Co. Ltd. NetFax Server Default Administrator Credentials Disclosure |
| CVE-2025-48046 | 2025-05-29 | MICI Network Co. Ltd. NetFax Server Disclosure of Stored Passwords in Cleartext |
| CVE-2025-48047 | 2025-05-29 | MICI Network Co. Ltd. NetFax Server Command Injection |
| CVE-2025-37993 | 2025-05-29 | can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe |
| CVE-2025-37994 | 2025-05-29 | usb: typec: ucsi: displayport: Fix NULL pointer access |
| CVE-2025-37995 | 2025-05-29 | module: ensure that kobject_put() is safe for module type kobjects |
| CVE-2025-37996 | 2025-05-29 | KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort() |
| CVE-2025-37997 | 2025-05-29 | netfilter: ipset: fix region locking in hash types |
| CVE-2025-37998 | 2025-05-29 | openvswitch: Fix unsafe attribute parsing in output_userspace() |
| CVE-2025-37999 | 2025-05-29 | fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio() |
| CVE-2025-5320 | 2025-05-29 | gradio-app gradio CORS is_valid_origin privilege escalation |
| CVE-2025-33043 | 2025-05-29 | SMM buffer Integrity |
| CVE-2025-4081 | 2025-05-29 | TCC Bypass via Dylib Substitution in DaVinci Resolve |
| CVE-2025-5334 | 2025-05-29 | Exposure of private personal information to an unauthorized actor in... |
| CVE-2025-5321 | 2025-05-29 | aimhubio aim run_view Object query.py RestrictedPythonQuery privilege escalation |
| CVE-2025-3913 | 2025-05-29 | Team Privacy Settings Authorization Bypass in Mattermost Server |
| CVE-2025-48389 | 2025-05-29 | FreeScout Vulnerable to Deserialization of Untrusted Data |
| CVE-2025-48390 | 2025-05-29 | FreeScout Vulnerable to Remote Code Execution (RCE) |
| CVE-2025-48471 | 2025-05-29 | FreeScout Vulnerable to Arbitrary File Upload |
| CVE-2025-48472 | 2025-05-29 | FreeScout Vulnerable to Insufficient Authorization |