CVE List - 2025 / May
Showing 801 - 900 of 3982 CVEs for May 2025 (Page 9 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-49847 | 2025-05-06 | Buffer Over-read in Multi-Mode Call Processor |
| CVE-2025-21453 | 2025-05-06 | Use After Free in GPS HLOS Driver |
| CVE-2025-21459 | 2025-05-06 | Buffer Over-read in WLAN Host Communication |
| CVE-2025-21460 | 2025-05-06 | Improper Input Validation in Automotive Software platform based on QNX |
| CVE-2025-21462 | 2025-05-06 | Out-of-bounds Write in Computer Vision |
| CVE-2025-21467 | 2025-05-06 | Out-of-bounds Write in Computer Vision |
| CVE-2025-21468 | 2025-05-06 | Out-of-bounds Write in Computer Vision |
| CVE-2025-21469 | 2025-05-06 | Improper Access Control in Camera Driver |
| CVE-2025-21470 | 2025-05-06 | Improper Access Control in Camera Driver |
| CVE-2025-21475 | 2025-05-06 | Buffer Over-read in Display |
| CVE-2025-25218 | 2025-05-06 | third_party_mksh has a NULL pointer dereference vulnerability |
| CVE-2025-4343 | 2025-05-06 | D-Link DIR-600L formEasySetupWizard buffer overflow |
| CVE-2025-27132 | 2025-05-06 | arkcompiler_ets_runtime has an out-of-bounds write vulnerability |
| CVE-2025-22886 | 2025-05-06 | distributeddatamgr_udmf has a memory leak vulnerability |
| CVE-2025-27248 | 2025-05-06 | ai_neural_network_runtime has a NULL pointer dereference vulnerability |
| CVE-2025-27241 | 2025-05-06 | multimedia_av_codec has a NULL pointer dereference vulnerability |
| CVE-2025-25052 | 2025-05-06 | arkcompiler_ets_runtime has a buffer overflow vulnerability |
| CVE-2025-46762 | 2025-05-06 | Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata |
| CVE-2025-2011 | 2025-05-06 | Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter |
| CVE-2025-3782 | 2025-05-06 | Cision Block <= 4.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2025-4344 | 2025-05-06 | D-Link DIR-600L formLogin buffer overflow |
| CVE-2025-4345 | 2025-05-06 | D-Link DIR-600L formSetLog buffer overflow |
| CVE-2025-4346 | 2025-05-06 | D-Link DIR-600L formSetWAN_Wizard534 buffer overflow |
| CVE-2025-4347 | 2025-05-06 | D-Link DIR-600L formWlSiteSurvey buffer overflow |
| CVE-2025-40620 | 2025-05-06 | Multiple vulnerabilities in TCMAN's GIM |
| CVE-2025-40621 | 2025-05-06 | Multiple vulnerabilities in TCMAN's GIM |
| CVE-2025-40622 | 2025-05-06 | Multiple vulnerabilities in TCMAN's GIM |
| CVE-2025-40623 | 2025-05-06 | Multiple vulnerabilities in TCMAN's GIM |
| CVE-2025-40624 | 2025-05-06 | Multiple vulnerabilities in TCMAN's GIM |
| CVE-2025-40625 | 2025-05-06 | Multiple vulnerabilities in TCMAN's GIM |
| CVE-2025-4348 | 2025-05-06 | D-Link DIR-600L formSetWanL2TP buffer overflow |
| CVE-2025-0984 | 2025-05-06 | Arbitrary File Upload in Netoloji Software's E-Flow |
| CVE-2025-4349 | 2025-05-06 | D-Link DIR-600L formSysCmd command injection |
| CVE-2025-4350 | 2025-05-06 | D-Link DIR-600L wake_on_lan command injection |
| CVE-2025-4352 | 2025-05-06 | Brilliance Golden Link Secondary System tcEntrFlowSelect.htm sql injection |
| CVE-2025-4353 | 2025-05-06 | Brilliance Golden Link Secondary System queryTsDictionaryType.htm sql injection |
| CVE-2025-4354 | 2025-05-06 | Tenda DAP-1520 storage check_dws_cookie stack-based overflow |
| CVE-2025-4355 | 2025-05-06 | Tenda DAP-1520 api set_ws_action heap-based overflow |
| CVE-2025-4356 | 2025-05-06 | Tenda DAP-1520 Authentication storage mod_graph_auth_uri_handler stack-based overflow |
| CVE-2025-4357 | 2025-05-06 | Tenda RX3 telnet command injection |
| CVE-2025-4358 | 2025-05-06 | PHPGurukul Company Visitor Management System admin-profile.php sql injection |
| CVE-2025-4359 | 2025-05-06 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-4360 | 2025-05-06 | itsourcecode Gym Management System view_member.php sql injection |
| CVE-2025-4361 | 2025-05-06 | PHPGurukul Company Visitor Management System department.php sql injection |
| CVE-2025-2898 | 2025-05-06 | IBM Maximo Application Suite privilege escalation |
| CVE-2025-4373 | 2025-05-06 | Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar |
| CVE-2025-4374 | 2025-05-06 | Quay: incorrect privilege assignment |
| CVE-2025-46814 | 2025-05-06 | FastAPI Guard Remote Header Injection via X-Forwarded-For Manipulation |
| CVE-2025-4362 | 2025-05-06 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-23379 | 2025-05-06 | Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with adjacent network access could... |
| CVE-2025-4363 | 2025-05-06 | itsourcecode Gym Management System ajax.php sql injection |
| CVE-2025-4368 | 2025-05-06 | Tenda AC8 MtuSetMacWan formGetRouterStatus buffer overflow |
| CVE-2025-22479 | 2025-05-06 | Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access... |
| CVE-2025-22478 | 2025-05-06 | Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this... |
| CVE-2025-4384 | 2025-05-06 | Certificate validity not properly verified |
| CVE-2025-22477 | 2025-05-06 | Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of... |
| CVE-2025-22476 | 2025-05-06 | Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with adjacent network... |
| CVE-2025-4041 | 2025-05-06 | Use of Hard-coded Credentials Optigo Networks ONS NC600 |
| CVE-2025-30165 | 2025-05-06 | Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration |
| CVE-2025-32022 | 2025-05-06 | Finit has heap based buffer overwrite in urandom.so plugin |
| CVE-2025-46735 | 2025-05-06 | Terraform WinDNS Provider improperly sanitizes input variables in `windns_record` |
| CVE-2025-46736 | 2025-05-06 | Umbraco Makes User Enumeration Feasible Based on Timing of Login Response |
| CVE-2025-46815 | 2025-05-06 | ZITADEL Allows IdP Intent Token Reuse |
| CVE-2025-37730 | 2025-05-06 | Logstash Improper Certificate Validation in TCP output |
| CVE-2025-25014 | 2025-05-06 | Kibana arbitrary code execution via prototype pollution |
| CVE-2025-4388 | 2025-05-06 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA... |
| CVE-2025-46816 | 2025-05-06 | goshs route not protected, allows command execution |
| CVE-2025-46820 | 2025-05-06 | phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact |
| CVE-2025-47417 | 2025-05-06 | Enable Debug Images |
| CVE-2024-12225 | 2025-05-06 | Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass |
| CVE-2025-47418 | 2025-05-06 | Recording |
| CVE-2025-46572 | 2025-05-06 | passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping |
| CVE-2025-0649 | 2025-05-06 | Stack Exhaustion In Tensorflow Serving |
| CVE-2025-46573 | 2025-05-06 | passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling |
| CVE-2025-47419 | 2025-05-06 | Non-Secure Access |
| CVE-2025-0853 | 2025-05-06 | PGS Core <= 5.8.0 - Unauthenticated SQL Injection |
| CVE-2025-47420 | 2025-05-06 | User Permissions on Network API |
| CVE-2025-4372 | 2025-05-06 | Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-0855 | 2025-05-06 | PGS Core <= 5.8.0 - Unauthenticated PHP Object Injection |
| CVE-2025-0856 | 2025-05-06 | PGS Core <= 5.8.0 - Missing Authorization via Multiple Functions |
| CVE-2025-26168 | 2025-05-07 | IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a... |
| CVE-2025-26169 | 2025-05-07 | IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user.... |
| CVE-2025-29152 | 2025-05-07 | Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via multiple components, including Strategic Planning Perspective Registration, Training Request, Perspective Editing, Education Registration, Hierarchical... |
| CVE-2025-29153 | 2025-05-07 | SQL Injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the Data export, filters functions. |
| CVE-2025-29154 | 2025-05-07 | HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacao_treinamento/, .galera.app/rh/metas/perspectiva_estrategica/edicao/, .galera.app/rh/cadastros/perspectivas/listagem/adc/, .galera.app/escolaridade/listagem/, .galera.app/estados_civis/cadastro/, .galera.app/nivel_hierarquico/listagem/, .galera.app/nivel_decisorio/cadastro/, .galera.app/escolaridade/cadastro/, .galera.app/nivel_decisorio/listag... |
| CVE-2025-29448 | 2025-05-07 | Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability. |
| CVE-2025-29602 | 2025-05-07 | flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories. |
| CVE-2025-29746 | 2025-05-07 | Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components |
| CVE-2025-45388 | 2025-05-07 | Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the... |
| CVE-2025-45514 | 2025-05-07 | Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm. |
| CVE-2025-47203 | 2025-05-07 | dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used. |
| CVE-2025-47423 | 2025-05-07 | Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private... |
| CVE-2025-3218 | 2025-05-07 | IBM i improper certificate validation |
| CVE-2025-3853 | 2025-05-07 | WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation |
| CVE-2025-2821 | 2025-05-07 | Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification |
| CVE-2025-3851 | 2025-05-07 | Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure |
| CVE-2025-3844 | 2025-05-07 | PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover |
| CVE-2025-3924 | 2025-05-07 | PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Unauthenticated Email Enumeration |
| CVE-2025-4335 | 2025-05-07 | Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-3852 | 2025-05-07 | WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover |