Lista CVE - 2025 / Aprile
Visualizzazione 1501 - 1600 di 4038 CVE per Aprile 2025 (Pagina 16 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-30286 | 2025-04-08 | ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) |
| CVE-2025-30285 | 2025-04-08 | ColdFusion | Deserialization of Untrusted Data (CWE-502) |
| CVE-2025-30291 | 2025-04-08 | ColdFusion | Information Exposure (CWE-200) |
| CVE-2025-30281 | 2025-04-08 | ColdFusion | Improper Access Control (CWE-284) |
| CVE-2025-24447 | 2025-04-08 | ColdFusion | Deserialization of Untrusted Data (CWE-502) |
| CVE-2025-24446 | 2025-04-08 | ColdFusion | Improper Input Validation (CWE-20) |
| CVE-2025-30288 | 2025-04-08 | ColdFusion | Improper Access Control (CWE-284) |
| CVE-2025-30289 | 2025-04-08 | ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) |
| CVE-2025-30294 | 2025-04-08 | ColdFusion | Improper Input Validation (CWE-20) |
| CVE-2025-30284 | 2025-04-08 | ColdFusion | Deserialization of Untrusted Data (CWE-502) |
| CVE-2025-30282 | 2025-04-08 | ColdFusion | Improper Authentication (CWE-287) |
| CVE-2025-30290 | 2025-04-08 | ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
| CVE-2025-30292 | 2025-04-08 | ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79) |
| CVE-2025-30293 | 2025-04-08 | ColdFusion | Improper Input Validation (CWE-20) |
| CVE-2025-30287 | 2025-04-08 | ColdFusion | Improper Authentication (CWE-287) |
| CVE-2024-12556 | 2025-04-08 | Kibana Prototype Pollution can lead to code injection |
| CVE-2025-22871 | 2025-04-08 | Request smuggling due to acceptance of invalid chunked data in net/http |
| CVE-2025-27189 | 2025-04-08 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2025-27188 | 2025-04-08 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2025-27192 | 2025-04-08 | Adobe Commerce | Insufficiently Protected Credentials (CWE-522) |
| CVE-2025-27191 | 2025-04-08 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2025-27190 | 2025-04-08 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2025-25013 | 2025-04-08 | Elastic Defend Insertion of Sensitive Information into Log Files |
| CVE-2024-55210 | 2025-04-09 | An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers... |
| CVE-2025-29018 | 2025-04-09 | A Stored Cross-Site Scripting (XSS) vulnerability exists in the name... |
| CVE-2025-29189 | 2025-04-09 | Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName... |
| CVE-2025-29389 | 2025-04-09 | PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2#tab=t2. |
| CVE-2025-29390 | 2025-04-09 | jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the... |
| CVE-2025-29391 | 2025-04-09 | horvey Library-Manager v1.0 is vulnerable to SQL Injection in Admin/Controller/BookController.class.php. |
| CVE-2025-29394 | 2025-04-09 | An insecure permissions vulnerability in verydows v2.0 allows a remote... |
| CVE-2025-32460 | 2025-04-09 | GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage... |
| CVE-2025-32461 | 2025-04-09 | wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to... |
| CVE-2025-32464 | 2025-04-09 | HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a... |
| CVE-2025-29988 | 2025-04-09 | Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability.... |
| CVE-2025-3100 | 2025-04-09 | WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-6857 | 2025-04-09 | WP MultiTasking <= 0.1.12 - Header/Footer/Body Script Update via CSRF |
| CVE-2024-6860 | 2025-04-09 | WP MultiTasking <= 0.1.12 - Permalink Suffix Update via CSRF |
| CVE-2024-8243 | 2025-04-09 | Plugin Upgrade Time Out <= 1.0 - Stored XSS via CSRF |
| CVE-2025-3442 | 2025-04-09 | Information Disclosure Vulnerability in TP-Link Tapo IoT Smart Hub |
| CVE-2025-20952 | 2025-04-09 | Improper access control in Mdecservice prior to SMR Apr-2025 Release... |
| CVE-2025-23407 | 2025-04-09 | Incorrect privilege assignment vulnerability in the WEB UI (the setting... |
| CVE-2025-25053 | 2025-04-09 | OS command injection vulnerability in the WEB UI (the setting... |
| CVE-2025-25056 | 2025-04-09 | Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac... |
| CVE-2025-25213 | 2025-04-09 | Improper restriction of rendered UI layers or frames issue exists... |
| CVE-2025-27722 | 2025-04-09 | Cleartext transmission of sensitive information issue exists in Wi-Fi AP... |
| CVE-2025-27797 | 2025-04-09 | OS command injection vulnerability in the specific service exists in... |
| CVE-2025-27934 | 2025-04-09 | Information disclosure of authentication information in the specific service vulnerability... |
| CVE-2025-29870 | 2025-04-09 | Missing authentication for critical function vulnerability exists in Wi-Fi AP... |
| CVE-2025-2222 | 2025-04-09 | CWE-552: Files or Directories Accessible to External Parties vulnerability over... |
| CVE-2025-2223 | 2025-04-09 | CWE-20: Improper Input Validation vulnerability exists that could cause a... |
| CVE-2025-2440 | 2025-04-09 | CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could... |
| CVE-2025-2441 | 2025-04-09 | CWE-1188: Initialization of a Resource with an Insecure Default vulnerability... |
| CVE-2025-2442 | 2025-04-09 | CWE-1188: Initialization of a Resource with an Insecure Default vulnerability... |
| CVE-2017-20197 | 2025-04-09 | propanetank Roommate-Bill-Tracking login.php sql injection |
| CVE-2025-30677 | 2025-04-09 | Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors |
| CVE-2025-31672 | 2025-04-09 | Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names |
| CVE-2025-1968 | 2025-04-09 | Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under... |
| CVE-2023-33844 | 2025-04-09 | IBM Security Verify Governance cross-site scripting |
| CVE-2025-25023 | 2025-04-09 | IBM Security Guardium information disclosure |
| CVE-2025-27391 | 2025-04-09 | Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log |
| CVE-2025-32371 | 2025-04-09 | Unexpected external content may be displayed in DNN ImageHandler |
| CVE-2025-32372 | 2025-04-09 | Server-Side Request Forgery (SSRF) in DotNetNuke.Core |
| CVE-2025-32373 | 2025-04-09 | DNN allows a registered user to enumerate and access files they should not have access to |
| CVE-2025-32374 | 2025-04-09 | Possible Denial of Service (DoS) in DNN.PLATFORM registration |
| CVE-2025-32375 | 2025-04-09 | Insecure Deserialization leads to RCE in BentoML's runner server |
| CVE-2025-32378 | 2025-04-09 | Shopware's default newsletter opt-in settings allow for mass sign-up abuse |
| CVE-2025-32016 | 2025-04-09 | Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs |
| CVE-2025-32379 | 2025-04-09 | XSS at ctx.redirect() function in Koajs |
| CVE-2025-32381 | 2025-04-09 | Denial of Service by abusing xgrammar unbounded cache in memory |
| CVE-2025-32380 | 2025-04-09 | Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing |
| CVE-2025-32694 | 2025-04-09 | WordPress Ultimate WP Mail <= 1.3.2 - Open Redirection Vulnerability |
| CVE-2025-32693 | 2025-04-09 | WordPress WebinarPress <= 1.33.27 - Open Redirection Vulnerability |
| CVE-2025-32692 | 2025-04-09 | WordPress WP Subscription Forms <= 1.2.4 - Local File Inclusion Vulnerability |
| CVE-2025-32691 | 2025-04-09 | WordPress PowerPress Podcasting <= 11.12.4 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-32690 | 2025-04-09 | WordPress PowerPress Podcasting <= 11.12.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-32685 | 2025-04-09 | WordPress WP Inquiries <= 0.2.1 - SQL Injection Vulnerability |
| CVE-2025-32684 | 2025-04-09 | WordPress MapSVG Lite plugin <= 8.5.32 - Broken Access Control Vulnerability |
| CVE-2025-32683 | 2025-04-09 | WordPress MapSVG Lite plugin <= 8.5.32 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-32680 | 2025-04-09 | WordPress Review Stream plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32679 | 2025-04-09 | WordPress User Registration Using Contact Form 7 plugin <= 2.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32678 | 2025-04-09 | WordPress WP Show Stats plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32677 | 2025-04-09 | WordPress WP Social Stream Designer plugin <= 1.3 - SQL Injection vulnerability |
| CVE-2025-32676 | 2025-04-09 | WordPress Verowa Connect plugin <= 3.0.5 - SQL Injection vulnerability |
| CVE-2025-32675 | 2025-04-09 | WordPress SEO Help plugin <= 6.6.0 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-32673 | 2025-04-09 | WordPress Epeken All Kurir plugin <= 1.4.6.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32669 | 2025-04-09 | WordPress Mergado Pack plugin <= 4.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32667 | 2025-04-09 | WordPress Doppler Forms plugin <= 2.4.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-32664 | 2025-04-09 | WordPress Nepali Date Utilities plugin <= 1.0.13 - CSRF to Stored XSS vulnerability |
| CVE-2025-32661 | 2025-04-09 | WordPress Interactive US Map plugin <= 2.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-32659 | 2025-04-09 | WordPress FraudLabs Pro for WooCommerce plugin <= 2.22.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-32645 | 2025-04-09 | WordPress Custom Posts Order Plugin <= 4.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32644 | 2025-04-09 | WordPress IP2Location World Clock Plugin <= 1.1.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-32642 | 2025-04-09 | WordPress Vite Coupon plugin <= 1.0.7 - CSRF to Remote Code Execution (RCE) vulnerability |
| CVE-2025-32641 | 2025-04-09 | WordPress Anant Addons for Elementor plugin <= 1.1.5 - CSRF to Arbitrary Plugin Installation vulnerability |
| CVE-2025-32640 | 2025-04-09 | WordPress One Click Accessibility plugin <= 3.1.0 - Cross-Site Scripting (XSS) vulnerability |
| CVE-2025-32624 | 2025-04-09 | WordPress Czater.pl – live chat i telefon plugin <= 1.0.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32623 | 2025-04-09 | WordPress PlainInventory plugin <= 3.1.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-32621 | 2025-04-09 | WordPress WP Map Route Planner plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32619 | 2025-04-09 | WordPress KeyCAPTCHA plugin <= 2.5.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32617 | 2025-04-09 | WordPress Multiple Location Google Map plugin <= 1.1 - CSRF to Stored XSS vulnerability |