CVE List - 2025 / May
Showing 501 - 600 of 3982 CVEs for May 2025 (Page 6 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-53101 | 2025-05-02 | ext4: zero i_disksize when initializing the bootloader inode |
| CVE-2023-53102 | 2025-05-02 | ice: xsk: disable txq irq before flushing hw |
| CVE-2023-53103 | 2025-05-02 | bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails |
| CVE-2023-53105 | 2025-05-02 | net/mlx5e: Fix cleanup null-ptr deref on encap lock |
| CVE-2023-53106 | 2025-05-02 | nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition |
| CVE-2023-53107 | 2025-05-02 | veth: Fix use after free in XDP_REDIRECT |
| CVE-2023-53108 | 2025-05-02 | net/iucv: Fix size of interrupt data |
| CVE-2023-53109 | 2025-05-02 | net: tunnels: annotate lockless accesses to dev->needed_headroom |
| CVE-2023-53110 | 2025-05-02 | net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler() |
| CVE-2023-53111 | 2025-05-02 | loop: Fix use-after-free issues |
| CVE-2023-53112 | 2025-05-02 | drm/i915/sseu: fix max_subslices array-index-out-of-bounds access |
| CVE-2023-53113 | 2025-05-02 | wifi: nl80211: fix NULL-ptr deref in offchan check |
| CVE-2023-53114 | 2025-05-02 | i40e: Fix kernel crash during reboot when adapter is in recovery mode |
| CVE-2023-53115 | 2025-05-02 | scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc() |
| CVE-2023-53116 | 2025-05-02 | nvmet: avoid potential UAF in nvmet_req_complete() |
| CVE-2023-53117 | 2025-05-02 | fs: prevent out-of-bounds array speculation when closing a file descriptor |
| CVE-2023-53118 | 2025-05-02 | scsi: core: Fix a procfs host directory removal regression |
| CVE-2023-53119 | 2025-05-02 | nfc: pn533: initialize struct pn533_out_arg properly |
| CVE-2023-53120 | 2025-05-02 | scsi: mpi3mr: Fix config page DMA memory leak |
| CVE-2023-53121 | 2025-05-02 | tcp: tcp_make_synack() can be called from process context |
| CVE-2023-53123 | 2025-05-02 | PCI: s390: Fix use-after-free of PCI resources with per-function hotplug |
| CVE-2023-53124 | 2025-05-02 | scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() |
| CVE-2023-53125 | 2025-05-02 | net: usb: smsc75xx: Limit packet length to skb->len |
| CVE-2023-53126 | 2025-05-02 | scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove() |
| CVE-2023-53127 | 2025-05-02 | scsi: mpi3mr: Fix expander node leak in mpi3mr_remove() |
| CVE-2023-53128 | 2025-05-02 | scsi: mpi3mr: Fix throttle_groups memory leak |
| CVE-2023-53131 | 2025-05-02 | SUNRPC: Fix a server shutdown leak |
| CVE-2023-53132 | 2025-05-02 | scsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove() |
| CVE-2023-53133 | 2025-05-02 | bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() |
| CVE-2023-53134 | 2025-05-02 | bnxt_en: Avoid order-5 memory allocation for TPA data |
| CVE-2023-53135 | 2025-05-02 | riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode |
| CVE-2023-53136 | 2025-05-02 | af_unix: fix struct pid leaks in OOB support |
| CVE-2023-53138 | 2025-05-02 | net: caif: Fix use-after-free in cfusbl_device_notify() |
| CVE-2023-53139 | 2025-05-02 | nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties |
| CVE-2023-53140 | 2025-05-02 | scsi: core: Remove the /proc/scsi/${proc_name} directory earlier |
| CVE-2023-53141 | 2025-05-02 | ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() |
| CVE-2023-53142 | 2025-05-02 | ice: copy last block omitted in ice_get_module_eeprom() |
| CVE-2023-53143 | 2025-05-02 | ext4: fix another off-by-one fsmap error on 1k block filesystems |
| CVE-2023-53144 | 2025-05-02 | erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms |
| CVE-2025-3879 | 2025-05-02 | Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login |
| CVE-2025-46332 | 2025-05-02 | Information Disclosure via Flags override link |
| CVE-2025-4213 | 2025-05-02 | PHPGurukul Online Birth Certificate System search.php sql injection |
| CVE-2025-4214 | 2025-05-02 | PHPGuruku Online DJ Booking Management System booking-bwdates-reports-details.php sql injection |
| CVE-2025-4215 | 2025-05-02 | gorhill uBlock Origin UI 1p-filters.js currentStateChanged redos |
| CVE-2025-4218 | 2025-05-02 | handrew browserpilot gpt_selenium_agent.py GPTSeleniumAgent code injection |
| CVE-2025-21572 | 2025-05-02 | OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into... |
| CVE-2022-21546 | 2025-05-02 | scsi: target: Fix WRITE_SAME No Data Buffer crash |
| CVE-2025-46723 | 2025-05-02 | OpenVM byte decomposition of pc in AUIPC chip can overflow |
| CVE-2025-47229 | 2025-05-03 | libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers a... |
| CVE-2025-47241 | 2025-05-03 | In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component. |
| CVE-2025-47244 | 2025-05-03 | Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop... |
| CVE-2025-47245 | 2025-05-03 | In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role. |
| CVE-2025-4172 | 2025-05-03 | VerticalResponse Newsletter Widget <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-4170 | 2025-05-03 | Xavin's Review Ratings <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-4188 | 2025-05-03 | Advanced Reorder Image Text Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-4168 | 2025-05-03 | Subpage List <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-4198 | 2025-05-03 | Alink Tap <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-3918 | 2025-05-03 | Job Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action Function |
| CVE-2025-4199 | 2025-05-03 | Abundatrade Plugin <= 1.8.02 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-3779 | 2025-05-03 | Personizely <= 0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via widgetId Parameter |
| CVE-2025-4222 | 2025-05-03 | Database Toolset <= 1.8.4 - Unauthenticated Sensitive Information Exposure via Backup Files |
| CVE-2024-13738 | 2025-05-03 | Motors - Car Dealer, Rental & Listing WordPress theme <= 5.6.65 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2025-3815 | 2025-05-03 | SurveyJS <= 1.12.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2024-58135 | 2025-05-03 | Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default |
| CVE-2025-4226 | 2025-05-03 | PHPGurukul/Campcodes Cyber Cafe Management System add-computer.php sql injection |
| CVE-2025-37799 | 2025-05-03 | vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp |
| CVE-2025-4236 | 2025-05-03 | PCMan FTP Server MDIR Command buffer overflow |
| CVE-2025-4237 | 2025-05-03 | PCMan FTP Server MDELETE Command buffer overflow |
| CVE-2024-41753 | 2025-05-03 | IBM Cloud Pak for Business Automation cross-site scripting |
| CVE-2024-58134 | 2025-05-03 | Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default |
| CVE-2025-4238 | 2025-05-03 | PCMan FTP Server MGET Command buffer overflow |
| CVE-2025-1495 | 2025-05-03 | IBM Business Automation Workflow missing authentication |
| CVE-2025-4239 | 2025-05-03 | PCMan FTP Server TYPE Command buffer overflow |
| CVE-2025-4240 | 2025-05-03 | PCMan FTP Server LCD Command buffer overflow |
| CVE-2025-4241 | 2025-05-03 | PHPGurukul Teacher Subject Allocation Management System search.php sql injection |
| CVE-2025-1838 | 2025-05-03 | IBM Cloud Pak for Business Automation denial of service |
| CVE-2025-4242 | 2025-05-03 | PHPGurukul Online Birth Certificate System between-dates-report.php sql injection |
| CVE-2025-4243 | 2025-05-03 | code-projects Online Bus Reservation System print.php sql injection |
| CVE-2025-4244 | 2025-05-03 | code-projects Online Bus Reservation System seatlocation.php sql injection |
| CVE-2025-4247 | 2025-05-04 | SourceCodester Simple To-Do List System delete_task.php sql injection |
| CVE-2025-4248 | 2025-05-04 | SourceCodester Simple To-Do List System complete_task.php sql injection |
| CVE-2025-4249 | 2025-05-04 | PHPGurukul e-Diary Management System manage-categories.php sql injection |
| CVE-2025-4250 | 2025-05-04 | code-projects Nero Social Networking Site index.php sql injection |
| CVE-2025-4251 | 2025-05-04 | PCMan FTP Server RMDIR Command buffer overflow |
| CVE-2025-4252 | 2025-05-04 | PCMan FTP Server APPEND Command buffer overflow |
| CVE-2025-4253 | 2025-05-04 | PCMan FTP Server HASH Command buffer overflow |
| CVE-2025-4254 | 2025-05-04 | PCMan FTP Server LIST Command buffer overflow |
| CVE-2024-57229 | 2025-05-05 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. |
| CVE-2024-57230 | 2025-05-05 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. |
| CVE-2024-57231 | 2025-05-05 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. |
| CVE-2024-57232 | 2025-05-05 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. |
| CVE-2024-57233 | 2025-05-05 | NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. |
| CVE-2024-57234 | 2025-05-05 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. |
| CVE-2024-57235 | 2025-05-05 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. |
| CVE-2025-25504 | 2025-05-05 | An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP... |
| CVE-2025-26241 | 2025-05-05 | A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination. |
| CVE-2025-27920 | 2025-05-05 | Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended... |
| CVE-2025-27921 | 2025-05-05 | A reflected cross-site scripting (XSS) vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input... |
| CVE-2025-28062 | 2025-05-05 | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets, and privilege... |
| CVE-2025-28168 | 2025-05-05 | The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side.... |