CVE List - 2025 / May
Showing 301 - 400 of 3984 CVEs for May 2025 (Page 4 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-49888 | 2025-05-01 | arm64: entry: avoid kprobe recursion |
| CVE-2022-49889 | 2025-05-01 | ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() |
| CVE-2022-49890 | 2025-05-01 | capabilities: fix potential memleak on error path from vfs_getxattr_alloc() |
| CVE-2022-49891 | 2025-05-01 | tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() |
| CVE-2022-49892 | 2025-05-01 | ftrace: Fix use-after-free for dynamic ftrace_ops |
| CVE-2022-49893 | 2025-05-01 | cxl/region: Fix cxl_region leak, cleanup targets at region delete |
| CVE-2022-49894 | 2025-05-01 | cxl/region: Fix region HPA ordering validation |
| CVE-2022-49895 | 2025-05-01 | cxl/region: Fix decoder allocation crash |
| CVE-2022-49896 | 2025-05-01 | cxl/pmem: Fix cxl_pmem_region and cxl_memdev leak |
| CVE-2022-49898 | 2025-05-01 | btrfs: fix tree mod log mishandling of reallocated nodes |
| CVE-2022-49899 | 2025-05-01 | fscrypt: stop using keyrings subsystem for fscrypt_master_key |
| CVE-2022-49900 | 2025-05-01 | i2c: piix4: Fix adapter not be removed in piix4_remove() |
| CVE-2022-49901 | 2025-05-01 | blk-mq: Fix kmemleak in blk_mq_init_allocated_queue |
| CVE-2022-49902 | 2025-05-01 | block: Fix possible memory leak for rq_wb on add_disk failure |
| CVE-2022-49903 | 2025-05-01 | ipv6: fix WARNING in ip6_route_net_exit_late() |
| CVE-2022-49904 | 2025-05-01 | net, neigh: Fix null-ptr-deref in neigh_table_clear() |
| CVE-2022-49905 | 2025-05-01 | net/smc: Fix possible leaked pernet namespace in smc_init() |
| CVE-2022-49906 | 2025-05-01 | ibmvnic: Free rwi on reset success |
| CVE-2022-49907 | 2025-05-01 | net: mdio: fix undefined behavior in bit shift for __mdiobus_register |
| CVE-2022-49908 | 2025-05-01 | Bluetooth: L2CAP: Fix memory leak in vhci_write |
| CVE-2022-49909 | 2025-05-01 | Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() |
| CVE-2022-49910 | 2025-05-01 | Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu |
| CVE-2022-49911 | 2025-05-01 | netfilter: ipset: enforce documented limit to prevent allocating huge memory |
| CVE-2022-49912 | 2025-05-01 | btrfs: fix ulist leaks in error paths of qgroup self tests |
| CVE-2022-49913 | 2025-05-01 | btrfs: fix inode list leak during backref walking at find_parent_nodes() |
| CVE-2022-49914 | 2025-05-01 | btrfs: fix inode list leak during backref walking at resolve_indirect_refs() |
| CVE-2022-49915 | 2025-05-01 | mISDN: fix possible memory leak in mISDN_register_device() |
| CVE-2022-49916 | 2025-05-01 | rose: Fix NULL pointer dereference in rose_send_frame() |
| CVE-2022-49917 | 2025-05-01 | ipvs: fix WARNING in ip_vs_app_net_cleanup() |
| CVE-2022-49918 | 2025-05-01 | ipvs: fix WARNING in __ip_vs_cleanup_batch() |
| CVE-2022-49919 | 2025-05-01 | netfilter: nf_tables: release flow rule object from commit path |
| CVE-2022-49920 | 2025-05-01 | netfilter: nf_tables: netlink notifier might race to release objects |
| CVE-2022-49921 | 2025-05-01 | net: sched: Fix use after free in red_enqueue() |
| CVE-2022-49922 | 2025-05-01 | nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() |
| CVE-2022-49923 | 2025-05-01 | nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() |
| CVE-2022-49924 | 2025-05-01 | nfc: fdp: Fix potential memory leak in fdp_nci_send() |
| CVE-2022-49925 | 2025-05-01 | RDMA/core: Fix null-ptr-deref in ib_core_cleanup() |
| CVE-2022-49926 | 2025-05-01 | net: dsa: Fix possible memory leaks in dsa_loop_init() |
| CVE-2022-49927 | 2025-05-01 | nfs4: Fix kmemleak when allocate slot failed |
| CVE-2022-49928 | 2025-05-01 | SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed |
| CVE-2022-49929 | 2025-05-01 | RDMA/rxe: Fix mr leak in RESPST_ERR_RNR |
| CVE-2022-49930 | 2025-05-01 | RDMA/hns: Fix NULL pointer problem in free_mr_init() |
| CVE-2022-49931 | 2025-05-01 | IB/hfi1: Correctly move list in sc_disable() |
| CVE-2025-23246 | 2025-05-01 | NVIDIA vGPU software for Windows and Linux contains a vulnerability... |
| CVE-2025-4173 | 2025-05-01 | SourceCodester Online Eyewear Shop Master.php delete_cart sql injection |
| CVE-2025-46337 | 2025-05-01 | SQL injection in ADOdb PostgreSQL driver pg_insert_id() method |
| CVE-2025-46345 | 2025-05-01 | Auth0 Account Link Extension JWT Invalid Signature Validation |
| CVE-2025-46565 | 2025-05-01 | Vite's server.fs.deny bypassed with /. for files under project root |
| CVE-2025-46566 | 2025-05-01 | Dataease redshift JDBC Connection Remote Code Execution |
| CVE-2025-46567 | 2025-05-01 | LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py |
| CVE-2025-46568 | 2025-05-01 | Stirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read Vulnerability |
| CVE-2025-35975 | 2025-05-01 | MicroDicom DICOM Viewer Out-of-bounds Write |
| CVE-2025-3517 | 2025-05-01 | Incorrect privilege assignment in PAM JIT elevation feature in Devolutions... |
| CVE-2025-36521 | 2025-05-01 | MicroDicom DICOM Viewer Out-of-bounds Read |
| CVE-2025-24522 | 2025-05-01 | KUNBUS Revolution Pi Authentication Bypass by Primary Weakness |
| CVE-2025-32011 | 2025-05-01 | KUNBUS Revolution Pi Authentication Bypass by Primary Weakness |
| CVE-2025-35996 | 2025-05-01 | KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page |
| CVE-2025-36558 | 2025-05-01 | KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page |
| CVE-2025-4174 | 2025-05-01 | PHPGurukul COVID19 Testing Management System login.php sql injection |
| CVE-2025-46569 | 2025-05-01 | OPA server Data API HTTP path injection of Rego |
| CVE-2025-4175 | 2025-05-01 | AlanBinu007 Spring-Boot-Advanced-Projects Upload Profile API Endpoint UserProfileController.java uploadUserProfileImage path traversal |
| CVE-2025-43595 | 2025-05-01 | MSP360 Backup (for Linux) insecure filesystem permissions |
| CVE-2025-27365 | 2025-05-01 | IBM MQ Operator denial of service |
| CVE-2025-4176 | 2025-05-01 | PHPGurukul Blood Bank & Donor Management System request-received-bydonar.php sql injection |
| CVE-2025-4178 | 2025-05-01 | xiaowei1118 java_server File Upload API FoodController.java path traversal |
| CVE-2025-4180 | 2025-05-01 | PCMan FTP Server TRACE Command buffer overflow |
| CVE-2025-1333 | 2025-05-01 | IBM MQ Operator information disclosure |
| CVE-2024-52903 | 2025-05-01 | IBM Db2 denial of service |
| CVE-2025-4181 | 2025-05-01 | PCMan FTP Server SEND Command buffer overflow |
| CVE-2025-4182 | 2025-05-01 | PCMan FTP Server BELL Command buffer overflow |
| CVE-2025-4183 | 2025-05-01 | PCMan FTP Server RECV Command buffer overflow |
| CVE-2025-4184 | 2025-05-01 | PCMan FTP Server QUOTE Command buffer overflow |
| CVE-2025-4185 | 2025-05-01 | Wangshen SecGate 3600 g=obj_area_export_save path traversal |
| CVE-2024-55069 | 2025-05-02 | ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function... |
| CVE-2024-58253 | 2025-05-02 | In the obfstr crate before 0.4.4 for Rust, the obfstr!... |
| CVE-2025-44868 | 2025-05-02 | Wavlink WL-WN530H4 20220801 was found to contain a command injection... |
| CVE-2025-44872 | 2025-05-02 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection... |
| CVE-2025-44877 | 2025-05-02 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection... |
| CVE-2025-45800 | 2025-05-02 | TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the... |
| CVE-2025-47201 | 2025-05-02 | In Intrexx Portal Server before 12.0.4, multiple Velocity-Scripts are susceptible... |
| CVE-2025-47226 | 2025-05-02 | Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset... |
| CVE-2025-4186 | 2025-05-02 | Wangshen SecGate 3600 g=route_ispinfo_export_save path traversal |
| CVE-2025-4191 | 2025-05-02 | PHPGurukul Employee Record Management System editmyeducation.php sql injection |
| CVE-2025-4192 | 2025-05-02 | itsourcecode Restaurant Management System category_save.php sql injection |
| CVE-2024-55909 | 2025-05-02 | IBM Concert Software denial of service |
| CVE-2024-55912 | 2025-05-02 | IBM Concert Software information disclosure |
| CVE-2024-55913 | 2025-05-02 | IBM Concert Software path traversal |
| CVE-2024-55910 | 2025-05-02 | IBM Concert Software server-side request forgery |
| CVE-2025-4193 | 2025-05-02 | itsourcecode Restaurant Management System category_update.php sql injection |
| CVE-2025-4195 | 2025-05-02 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-29825 | 2025-05-02 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2025-4196 | 2025-05-02 | SourceCodester Patient Record Management System birthing.php sql injection |
| CVE-2025-4197 | 2025-05-02 | code-projects Patient Record Management System edit_xpatient.php sql injection |
| CVE-2025-4131 | 2025-05-02 | GmapsMania <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-3746 | 2025-05-02 | OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation |
| CVE-2025-4179 | 2025-05-02 | Flynax Bridge <= 2.2.0 - Unauthenticated Limited Privilege Escalation |
| CVE-2025-2880 | 2025-05-02 | Yame | Link In Bio <= 0.9.0 - Unauthenticated Information Exposure |
| CVE-2025-4177 | 2025-05-02 | Flynax Bridge <= 2.2.0 - Unauthenticated Arbitrary User Deletion |
| CVE-2025-3670 | 2025-05-02 | KiwiChat NextClient <= 6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter |
| CVE-2025-3707 | 2025-05-02 | Sunnet eHRD CTMS - SQL Injection |