VULNMAP - Vulnerabilità di Sicurezza

Lista CVE - 2025 / Aprile

Visualizzazione 1 - 100 di 4038 CVE per Aprile 2025 (Pagina 1 di 41)

ID CVE Data Titolo
CVE-2003-20001 2025-04-01 An issue was discovered on Mitel ICP VoIP 3100 devices....
CVE-2023-46988 2025-04-01 Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows...
CVE-2025-26054 2025-04-01 Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting...
CVE-2025-26055 2025-04-01 An OS Command Injection vulnerability exists in the Infinxt iEdge...
CVE-2025-26056 2025-04-01 A command injection vulnerability exists in the Infinxt iEdge 100...
CVE-2025-27829 2025-04-01 An issue was discovered in Stormshield Network Security (SNS) 4.3.x...
CVE-2025-28131 2025-04-01 A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3...
CVE-2025-28132 2025-04-01 A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows...
CVE-2025-28395 2025-04-01 D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the...
CVE-2025-28398 2025-04-01 D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the...
CVE-2025-29033 2025-04-01 An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker...
CVE-2025-29036 2025-04-01 An issue in hackathon-starter v.8.1.0 allows a remote attacker to...
CVE-2025-29049 2025-04-01 Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and...
CVE-2025-29069 2025-04-01 A heap buffer overflow vulnerability has been identified in the...
CVE-2025-29070 2025-04-01 A heap buffer overflow vulnerability has been identified in thesmooth2()...
CVE-2025-29208 2025-04-01 CodeZips Gym Management System v1.0 is vulnerable to SQL injection...
CVE-2025-3042 2025-04-01 Project Worlds Online Time Table Generator updateprofile.php unrestricted upload
CVE-2025-3043 2025-04-01 GuoMinJim PersonManage login preHandle path traversal
CVE-2025-3045 2025-04-01 oretnom23/SourceCodester Apartment Visitor Management System remove-apartment.php sql injection
CVE-2025-21384 2025-04-01 Azure Health Bot Elevation of Privilege Vulnerability
CVE-2025-30672 2025-04-01 Mite for Perl generates code with an untrusted search path vulnerability
CVE-2025-30673 2025-04-01 Sub::HandlesVia for Perl allows untrusted code to be included from the current working directory
CVE-2025-3051 2025-04-01 Linux::Statm::Tiny for Perl allows untrusted code to be included from the current working directory
CVE-2025-1534 2025-04-01 Cross-site Scripting (Stored)
CVE-2025-0418 2025-04-01 Valmet DNA user passwords in plain text
CVE-2025-0417 2025-04-01 Valmet DNA Lack of protection against brute force attacks
CVE-2025-0416 2025-04-01 Valmet DNA Local privilege escalation through insecure DCOM configuration
CVE-2025-2007 2025-04-01 Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-2008 2025-04-01 Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-13567 2025-04-01 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
CVE-2025-1665 2025-04-01 Avada Builder <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-30520 2025-04-01 WordPress Breezing Forms plugin <= 1.2.8.11 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30544 2025-04-01 WordPress OK Poster Group plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30547 2025-04-01 WordPress WP Cards plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30548 2025-04-01 WordPress Advanced Post Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30559 2025-04-01 WordPress Kento WordPress Stats plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30563 2025-04-01 WordPress Tidekey plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30579 2025-04-01 WordPress Pesapal Gateway for Woocommerce plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30589 2025-04-01 WordPress Flickr set slideshows plugin <= 0.9 - SQL Injection Vulnerability
CVE-2025-30594 2025-04-01 WordPress Include URL <= 0.3.5 Arbitrary File Download Vulnerability
CVE-2025-30607 2025-04-01 WordPress Quick Localization plugin <= 0.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30613 2025-04-01 WordPress Nmedia MailChimp plugin <= 5.4 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30614 2025-04-01 WordPress Google Font Fix plugin <= 2.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30622 2025-04-01 WordPress PostMash <= 1.0.3 - SQL Injection Vulnerability
CVE-2025-30774 2025-04-01 WordPress Quiz Maker plugin <= 6.6.8.7 - SQL Injection vulnerability
CVE-2025-30782 2025-04-01 WordPress Subscribe to Download Lite plugin <= 1.2.9 - Local File Inclusion vulnerability
CVE-2025-30793 2025-04-01 WordPress Houzez Property Feed plugin <= 2.5.4 - Arbitrary File Download Vulnerability
CVE-2025-30794 2025-04-01 WordPress Event Tickets plugin <= 5.20.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30796 2025-04-01 WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30797 2025-04-01 WordPress Greek Multi Tool – Fix peralinks, accents, auto create menus and more plugin <= 2.3.1 - Broken Access Control Vulnerability
CVE-2025-30798 2025-04-01 WordPress Better WishList API plugin <= 1.1.4 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30802 2025-04-01 WordPress Our Team Members plugin <= 2.2 - Sensitive Data Exposure vulnerability
CVE-2025-30808 2025-04-01 WordPress About Author plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30827 2025-04-01 WordPress WP2LEADS plugin <= 3.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30834 2025-04-01 WordPress Bit Assist plugin <= 1.5.4 - Path Traversal vulnerability
CVE-2025-30837 2025-04-01 WordPress WooCommerce Fattureincloud plugin <= 2.6.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30840 2025-04-01 WordPress xili-dictionary plugin <= 2.12.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30848 2025-04-01 WordPress Hostel plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30849 2025-04-01 WordPress Essential Real Estate plugin <= 5.2.0 - Local File Inclusion Vulnerability
CVE-2025-30869 2025-04-01 WordPress Image Wall plugin <= 3.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30870 2025-04-01 WordPress WP Travel Engine plugin <= 6.3.5 - Local File Inclusion vulnerability
CVE-2025-30876 2025-04-01 WordPress Ads by WPQuads plugin <= 2.0.87.1 - SQL Injection Vulnerability
CVE-2025-30878 2025-04-01 WordPress JS Help Desk plugin <= 2.9.2 - Arbitrary File Deletion vulnerability
CVE-2025-30880 2025-04-01 WordPress JS Help Desk plugin <= 2.9.2 - Broken Access Control vulnerability
CVE-2025-30882 2025-04-01 WordPress JS Help Desk plugin <= 2.9.1 - Arbitrary File Download vulnerability
CVE-2025-30886 2025-04-01 WordPress JS Help Desk plugin <= 2.9.2 - SQL Injection vulnerability
CVE-2025-30901 2025-04-01 WordPress JS Help Desk plugin <= 2.9.2 - Local File Inclusion vulnerability
CVE-2025-30902 2025-04-01 WordPress AEC Kiosque plugin <= 1.9.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30910 2025-04-01 WordPress CM Download Manager plugin <= 2.9.6 - Arbitrary File Deletion vulnerability
CVE-2025-30911 2025-04-01 WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability
CVE-2025-30917 2025-04-01 WordPress SKU Generator for WooCommerce plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) Vulnerability
CVE-2025-30924 2025-04-01 WordPress Primer MyData for Woocommerce plugin < 4.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30926 2025-04-01 WordPress King Addons for Elementor plugin <= 24.12.58 - Broken Access Control Vulnerability
CVE-2025-31074 2025-04-01 WordPress MDJM Event Management plugin <= 1.7.5.2 - PHP Object Injection vulnerability
CVE-2025-31084 2025-04-01 WordPress Sunshine Photo Cart <= 3.4.10 - PHP Object Injection Vulnerability
CVE-2025-31087 2025-04-01 WordPress Multiple Shipping And Billing Address For Woocommerce <= 1.5 - PHP Object Injection Vulnerability
CVE-2025-31095 2025-04-01 WordPress Material Dashboard <= 1.4.5 - Privilege Escalation Vulnerability
CVE-2025-31415 2025-04-01 WordPress YayExtra <= 1.5.2 - Broken Access Control Vulnerability
CVE-2025-22277 2025-04-01 WordPress Vitepos plugin <= 3.1.4 - Broken Authentication vulnerability
CVE-2025-30971 2025-04-01 WordPress XV Random Quotes plugin <= 1.40 - SQL Injection vulnerability
CVE-2025-31001 2025-04-01 WordPress GTM Kit plugin <= 2.3.1 - Sensitive Data Exposure vulnerability
CVE-2025-31024 2025-04-01 WordPress RJ Quickcharts plugin <= 0.6.1 - SQL Injection vulnerability
CVE-2025-31409 2025-04-01 WordPress Bridge Core plugin < 3.3.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-1986 2025-04-01 Gutentor < 3.4.7 - Admin+ SQL Injection
CVE-2025-2048 2025-04-01 Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal
CVE-2024-12278 2025-04-01 Booster for WooCommerce <= 7.2.5 - Unauthenticated Stored Cross-Site Scripting
CVE-2024-12189 2025-04-01 WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-1267 2025-04-01 Groundhogg <= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter
CVE-2025-1512 2025-04-01 PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-27427 2025-04-01 Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission
CVE-2025-2891 2025-04-01 WP Pro Real Estate 7 <= 3.5.4 - Authenticated (Custom) Arbitrary File Upload
CVE-2025-30065 2025-04-01 Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
CVE-2025-29868 2025-04-01 Apache Answer: Using externally referenced images can leak user privacy.
CVE-2025-27130 2025-04-01 Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data...
CVE-2024-56325 2025-04-01 Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required
CVE-2025-3082 2025-04-01 User may override a view's collation and gain unauthorized access to underlying data
CVE-2025-2906 2025-04-01 Contempo Real Estate Core <= 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-13553 2025-04-01 SMS Alert Order Notifications – WooCommerce <= 3.7.9 - Unauthenticated Account Takeover/Privilege Escalation
CVE-2025-2237 2025-04-01 WP RealEstate <= 1.6.26 - Authentication Bypass via 'process_register'
CVE-2025-3083 2025-04-01 Malformed MongoDB wire protocol messages may cause mongos to crash