CVE List - 2025 / May
Showing 701 - 800 of 3982 CVEs for May 2025 (Page 8 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-46734 | 2025-05-05 | league/commonmark Cross-site Scripting vulnerability in Attributes extension |
| CVE-2025-4287 | 2025-05-05 | PyTorch nccl.py torch.cuda.nccl.reduce denial of service |
| CVE-2025-46813 | 2025-05-05 | Private data leak on login-required Discourse sites |
| CVE-2025-4288 | 2025-05-05 | PCMan FTP Server RNFR Command buffer overflow |
| CVE-2025-1000 | 2025-05-05 | IBM Db2 denial of service |
| CVE-2025-0915 | 2025-05-05 | IBM Db2 denial of service |
| CVE-2025-1493 | 2025-05-05 | IBM Db2 denial of service |
| CVE-2025-4289 | 2025-05-05 | PCMan FTP Server RNTO Command buffer overflow |
| CVE-2025-4290 | 2025-05-05 | PCMan FTP Server SMNT Command buffer overflow |
| CVE-2025-4291 | 2025-05-05 | IdeaCMS saveUpload unrestricted upload |
| CVE-2025-4292 | 2025-05-05 | MRCMS Edit User Page edit.do cross site scripting |
| CVE-2025-4293 | 2025-05-05 | MRCMS Group Edit Page edit.do cross site scripting |
| CVE-2025-4297 | 2025-05-05 | PHPGurukul Men Salon Management System change-password.php sql injection |
| CVE-2025-4298 | 2025-05-05 | Tenda AC1206 setcfm formSetCfm buffer overflow |
| CVE-2023-33770 | 2025-05-06 | Real Estate Management System v1.0 was discovered to contain a SQL injection vulnerability via the message parameter at /contact.php. |
| CVE-2025-26262 | 2025-05-06 | An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a crafted... |
| CVE-2025-44073 | 2025-05-06 | SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php. |
| CVE-2025-44899 | 2025-05-06 | There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow. |
| CVE-2025-44900 | 2025-05-06 | In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow. |
| CVE-2025-45250 | 2025-05-06 | MrDoc v0.95 and before is vulnerable to Server-Side Request Forgery (SSRF) in the validate_url function of the app_doc/utils.py file. |
| CVE-2025-45487 | 2025-05-06 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function. |
| CVE-2025-45488 | 2025-05-06 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter. |
| CVE-2025-45489 | 2025-05-06 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter. |
| CVE-2025-45490 | 2025-05-06 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter. |
| CVE-2025-45491 | 2025-05-06 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. |
| CVE-2025-45492 | 2025-05-06 | Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. |
| CVE-2025-47256 | 2025-05-06 | Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file. |
| CVE-2025-4299 | 2025-05-06 | Tenda AC1206 openSchedWifi setSchedWifi buffer overflow |
| CVE-2025-4300 | 2025-05-06 | itsourcecode Content Management System search_list.php sql injection |
| CVE-2025-4301 | 2025-05-06 | itsourcecode Content Management System search-notice.php sql injection |
| CVE-2025-46728 | 2025-05-06 | cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests |
| CVE-2025-2509 | 2025-05-06 | Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex... |
| CVE-2025-4303 | 2025-05-06 | PHPGurukul Human Metapneumovirus Testing Management System add-phlebotomist.php sql injection |
| CVE-2024-39442 | 2025-05-06 | In sprd ssense service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2025-4304 | 2025-05-06 | PHPGurukul Cyber Cafe Management System adminprofile.php sql injection |
| CVE-2025-4305 | 2025-05-06 | kefaming mayi File.php upload unrestricted upload |
| CVE-2025-3610 | 2025-05-06 | Reales WP STPT <= 2.1.2 - Authenticated (Subscriber+) Privilege Escalation via Password Update |
| CVE-2025-3609 | 2025-05-06 | Reales WP STPT <= 2.1.2 - Unauthorized User Registration |
| CVE-2025-4306 | 2025-05-06 | PHPGurukul Nipah Virus Testing Management System edit-phlebotomist.php sql injection |
| CVE-2025-4307 | 2025-05-06 | PHPGurukul Art Gallery Management System add-art-medium.php sql injection |
| CVE-2025-4308 | 2025-05-06 | PHPGurukul Art Gallery Management System add-art-type.php sql injection |
| CVE-2025-4309 | 2025-05-06 | PHPGurukul Art Gallery Management System add-art-type.php sql injection |
| CVE-2025-4310 | 2025-05-06 | itsourcecode Content Management System add_topic.php unrestricted upload |
| CVE-2025-4311 | 2025-05-06 | itsourcecode Content Management System update_main_topic_img.php sql injection |
| CVE-2025-4312 | 2025-05-06 | SourceCodester Advanced Web Store productdetail.php sql injection |
| CVE-2025-4337 | 2025-05-06 | AHAthat Plugin <= 1.6 - Cross-Site Request Forgery to AHA Page Deletion |
| CVE-2025-2802 | 2025-05-06 | LayoutBoxx <= 0.3.1 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2025-4313 | 2025-05-06 | SourceCodester Advanced Web Store admin_addnew_product.php sql injection |
| CVE-2025-4314 | 2025-05-06 | SourceCodester Advanced Web Store index.php sql injection |
| CVE-2025-4323 | 2025-05-06 | MRCMS Edit Article Page cross site scripting |
| CVE-2025-4324 | 2025-05-06 | MRCMS External Link Management Page edit.do cross site scripting |
| CVE-2025-4325 | 2025-05-06 | MRCMS Category Management Page add.do cross site scripting |
| CVE-2025-4326 | 2025-05-06 | MRCMS Add Fragment Page add.do cross site scripting |
| CVE-2025-4327 | 2025-05-06 | MRCMS cross-site request forgery |
| CVE-2025-4328 | 2025-05-06 | fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect |
| CVE-2025-4329 | 2025-05-06 | 74CMS index path traversal |
| CVE-2025-46584 | 2025-05-06 | Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-46585 | 2025-05-06 | Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-46586 | 2025-05-06 | Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-46587 | 2025-05-06 | Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-58252 | 2025-05-06 | Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-46588 | 2025-05-06 | Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. |
| CVE-2025-46589 | 2025-05-06 | Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. |
| CVE-2025-46590 | 2025-05-06 | Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions. |
| CVE-2025-46591 | 2025-05-06 | Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-46592 | 2025-05-06 | Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-46593 | 2025-05-06 | Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-3281 | 2025-05-06 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion |
| CVE-2025-4331 | 2025-05-06 | SourceCodester Online Student Clearance System login.php sql injection |
| CVE-2025-4332 | 2025-05-06 | PHPGurukul Company Visitor Management System visitor-detail.php sql injection |
| CVE-2025-4333 | 2025-05-06 | feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java uploadFile unrestricted upload |
| CVE-2025-4340 | 2025-05-06 | D-Link DIR-890L/DIR-806A1 soap.cgi sub_175C8 command injection |
| CVE-2025-3020 | 2025-05-06 | Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting |
| CVE-2025-4341 | 2025-05-06 | D-Link DIR-880L Request Header ssdpcgi sub_16570 command injection |
| CVE-2025-4342 | 2025-05-06 | D-Link DIR-600L formEasySetupWizard3 buffer overflow |
| CVE-2024-45554 | 2025-05-06 | Use After Free in DSP Service |
| CVE-2024-45562 | 2025-05-06 | Use After Free in HLOS |
| CVE-2024-45563 | 2025-05-06 | Out-of-bounds Write in Camera Driver |
| CVE-2024-45564 | 2025-05-06 | Use After Free in HLOS |
| CVE-2024-45565 | 2025-05-06 | Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver |
| CVE-2024-45566 | 2025-05-06 | Use After Free in Camera Driver |
| CVE-2024-45567 | 2025-05-06 | Use After Free in Camera Driver |
| CVE-2024-45568 | 2025-05-06 | Buffer Over-read in Camera Driver |
| CVE-2024-45570 | 2025-05-06 | Use of Out-of-range Pointer Offset in Camera Driver |
| CVE-2024-45574 | 2025-05-06 | Improper Validation of Array Index in Camera Driver |
| CVE-2024-45575 | 2025-05-06 | Integer Overflow or Wraparound in Camera Driver |
| CVE-2024-45576 | 2025-05-06 | Improper Validation of Array Index in Camera Driver |
| CVE-2024-45577 | 2025-05-06 | Improper Input Validation in Camera Driver |
| CVE-2024-45578 | 2025-05-06 | Improper Validation of Array Index in Camera Driver |
| CVE-2024-45579 | 2025-05-06 | Improper Input Validation in Camera Driver |
| CVE-2024-45581 | 2025-05-06 | Out-of-bounds Write in Audio |
| CVE-2024-45583 | 2025-05-06 | Use After Free in Secure Processor |
| CVE-2024-49829 | 2025-05-06 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Camera |
| CVE-2024-49830 | 2025-05-06 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio |
| CVE-2024-49835 | 2025-05-06 | Out-of-bounds Write in SPS Applications |
| CVE-2024-49841 | 2025-05-06 | Detection of Error Condition Without Action in Hypervisor |
| CVE-2024-49842 | 2025-05-06 | Improper Access Control in Hypervisor |
| CVE-2024-49844 | 2025-05-06 | Improper Input Validation in Automotive |
| CVE-2024-49845 | 2025-05-06 | Improper Input Validation in HLOS |
| CVE-2024-49846 | 2025-05-06 | Buffer Over-read in Multi-Mode Call Processor |