Lista CVE - 2025 / Aprile
Visualizzazione 2101 - 2200 di 4033 CVE per Aprile 2025 (Pagina 22 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-32996 | 2025-04-15 | In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used. |
| CVE-2025-32997 | 2025-04-15 | In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. |
| CVE-2025-33026 | 2025-04-15 | In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of PeaZip. User interaction is required to... |
| CVE-2025-33027 | 2025-04-15 | In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Bandizip. User interaction is required... |
| CVE-2025-33028 | 2025-04-15 | In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations... |
| CVE-2025-3470 | 2025-04-15 | TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.4.6 - Authenticated (Administrator+) SQL Injection via 's' Parameter |
| CVE-2025-3612 | 2025-04-15 | Demtec Graphytics HTTP GET Parameter visualization cross site scripting |
| CVE-2025-3613 | 2025-04-15 | Demtec Graphytics visualization cross site scripting |
| CVE-2025-29983 | 2025-04-15 | Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,... |
| CVE-2025-29984 | 2025-04-15 | Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
| CVE-2025-3573 | 2025-04-15 | Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate... |
| CVE-2025-2225 | 2025-04-15 | Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'rael_title_tag' |
| CVE-2025-3622 | 2025-04-15 | Xorbits Inference model.py load deserialization |
| CVE-2025-3576 | 2025-04-15 | Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions |
| CVE-2024-13207 | 2025-04-15 | Widget for Social Page Feeds < 6.4.2 - Admin+ Stored XSS |
| CVE-2024-13610 | 2025-04-15 | Simple Social Media Share Buttons < 6.0.0 - Admin+ Stored XSS |
| CVE-2024-45712 | 2025-04-15 | SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability |
| CVE-2025-3578 | 2025-04-15 | Adversarial Input Handling Vulnerability in AiDex |
| CVE-2025-3579 | 2025-04-15 | Code Injection Vulnerability in AiDex |
| CVE-2025-3574 | 2025-04-15 | Insecure Direct Object Reference on Deporsite by T-INNOVA |
| CVE-2025-3575 | 2025-04-15 | Insecure Direct Object Reference en Deporsite de T-INNOVA |
| CVE-2025-2083 | 2025-04-15 | Logo Carousel Gutenberg Block <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sliderId Parameter |
| CVE-2025-1688 | 2025-04-15 | System configuration password reset |
| CVE-2025-32943 | 2025-04-15 | PeerTube HLS Video Files Path Traversal |
| CVE-2025-26992 | 2025-04-15 | WordPress Landing Page Cat plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32929 | 2025-04-15 | WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Arbitrary Content Deletion vulnerability |
| CVE-2025-26741 | 2025-04-15 | WordPress Email Notifications for Updates <= 1.1.6 - Privilege Escalation Vulnerability |
| CVE-2025-26743 | 2025-04-15 | WordPress Advance WP Query Search Filter plugin <= 1.0.10 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26744 | 2025-04-15 | WordPress JetBlog plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26745 | 2025-04-15 | WordPress RS Elements Elementor Addon plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26889 | 2025-04-15 | WordPress hockeydata LOS plugin <= 1.2.4 - Local File Inclusion vulnerability |
| CVE-2025-26894 | 2025-04-15 | WordPress Coming Soon, Maintenance Mode plugin <= 1.1.1 - Local File Inclusion vulnerability |
| CVE-2025-26942 | 2025-04-15 | WordPress JetTricks <= 1.5.1 - Broken Access Control Vulnerability |
| CVE-2025-26944 | 2025-04-15 | WordPress JetPopup <= 2.0.11 - Broken Access Control Vulnerability |
| CVE-2025-26954 | 2025-04-15 | WordPress ZooEffect plugin <= 1.11 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26955 | 2025-04-15 | WordPress Industrial Lite theme <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2025-26958 | 2025-04-15 | WordPress JetBlog <= 2.4.3 - Broken Access Control Vulnerability |
| CVE-2025-26959 | 2025-04-15 | WordPress Administrator Z <= 2025.03.24 - Privilege Escalation Vulnerability |
| CVE-2025-26982 | 2025-04-15 | WordPress DSGVO Youtube plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26990 | 2025-04-15 | WordPress Royal Elementor Addons plugin <= 1.7.1006 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-30962 | 2025-04-15 | WordPress FS Poster plugin <= 6.5.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30964 | 2025-04-15 | WordPress Photography theme <= 7.5.2 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-30965 | 2025-04-15 | WordPress WPJobBoard plugin < 5.11.1 - Multiple Cross Site Request Forgery (CSRF) vulnerabilities vulnerability |
| CVE-2025-30985 | 2025-04-15 | WordPress GNUCommerce plugin <= 1.5.4 - PHP Object Injection vulnerability |
| CVE-2025-31011 | 2025-04-15 | WordPress SimplyRETS Real Estate IDX plugin <= 3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32944 | 2025-04-15 | PeerTube User Import Authenticated Persistent Denial of Service |
| CVE-2025-32945 | 2025-04-15 | PeerTube Arbitrary Playlist Creation via REST API |
| CVE-2025-3608 | 2025-04-15 | A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2. |
| CVE-2025-32946 | 2025-04-15 | PeerTube Arbitrary Playlist Creation via ActivityPub Protocol |
| CVE-2025-32947 | 2025-04-15 | PeerTube ActivityPub Crawl Infinite Loop DoS |
| CVE-2025-32948 | 2025-04-15 | PeerTube ActivityPub Playlist Creation Blind SSRF and DoS |
| CVE-2025-32949 | 2025-04-15 | PeerTube User Import Authenticated Resource Exhaustion |
| CVE-2025-3522 | 2025-04-15 | Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to... |
| CVE-2025-2830 | 2025-04-15 | By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded... |
| CVE-2025-3523 | 2025-04-15 | When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used... |
| CVE-2024-13177 | 2025-04-15 | Symlink Following in Netskope Client Postinstall Script |
| CVE-2024-11084 | 2025-04-15 | Potential Username Enumeration in Helix ALM |
| CVE-2025-32911 | 2025-04-15 | Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value |
| CVE-2025-29817 | 2025-04-15 | Microsoft Power Automate Desktop Information Disclosure Vulnerability |
| CVE-2025-32776 | 2025-04-15 | OpenRazer Vulnerable to Out of Bounds Read |
| CVE-2025-32779 | 2025-04-15 | labsai/eddi Vulnerable to Path Traversal (Zip Slip) in ZIP Import Function |
| CVE-2025-32780 | 2025-04-15 | BleachBit for Windows Has DLL Untrusted Path Vulnerability |
| CVE-2025-3617 | 2025-04-15 | Local Privilege Escalation in ThinManager® |
| CVE-2025-3618 | 2025-04-15 | Local Privilege Escalation Vulnerability |
| CVE-2024-42200 | 2025-04-15 | HCL BigFix Web Reports is potentially susceptible to a Stored Cross-Site Scripting (XSS) attack |
| CVE-2024-42189 | 2025-04-15 | HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack |
| CVE-2024-42193 | 2025-04-15 | HCL BigFix Web Reports is susceptible to a Man-In-The-Middle (MITM) attack |
| CVE-2023-5616 | 2025-04-15 | In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine... |
| CVE-2025-24358 | 2025-04-15 | gorilla/csrf CSRF vulnerability due to broken Referer validation |
| CVE-2025-27791 | 2025-04-15 | Collabora Online Vulnerable to Arbitrary File Write |
| CVE-2025-30206 | 2025-04-15 | Dpanel's hard-coded JWT secret leads to remote code execution |
| CVE-2025-32445 | 2025-04-15 | Users can gain privileged access to the host system and cluster with EventSource and Sensor CR |
| CVE-2025-32439 | 2025-04-15 | pleezer allows resource exhaustion through uncollected hook script processes |
| CVE-2025-1292 | 2025-04-15 | TPM2 Out-Of-Bounds Write Leading to Potential Operating System Verification Bypass in ChromeOS |
| CVE-2025-1122 | 2025-04-15 | Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting... |
| CVE-2025-32438 | 2025-04-15 | Local privilege escalation in make-initrd-ng |
| CVE-2025-2567 | 2025-04-15 | Lantronix Xport Missing Authentication for Critical Function |
| CVE-2025-31497 | 2025-04-15 | TEIGarage XML External Entity (XXE) Injection in Document Conversion Service |
| CVE-2025-32012 | 2025-04-15 | Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing |
| CVE-2025-30511 | 2025-04-15 | Growatt Cloud Applications Cross-site Scripting |
| CVE-2025-31933 | 2025-04-15 | Growatt Cloud Applications Authorization Bypass Through User-Controlled Key |
| CVE-2025-31949 | 2025-04-15 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key |
| CVE-2025-32778 | 2025-04-15 | Web-Check allows command Injection via Unvalidated URL in Screenshot API |
| CVE-2025-31357 | 2025-04-15 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key |
| CVE-2025-31941 | 2025-04-15 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key |
| CVE-2025-21573 | 2025-04-15 | Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to... |
| CVE-2025-21574 | 2025-04-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2025-21575 | 2025-04-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2025-21576 | 2025-04-15 | Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged... |
| CVE-2025-21577 | 2025-04-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2025-21578 | 2025-04-15 | Vulnerability in Oracle Secure Backup (component: General). Supported versions that are affected are 12.1.0.1, 12.1.0.2, 12.1.0.3, 18.1.0.0, 18.1.0.1 and 18.1.0.2. Easily exploitable vulnerability allows high privileged attacker with logon to... |
| CVE-2025-21579 | 2025-04-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2025-21580 | 2025-04-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2025-21581 | 2025-04-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2025-21582 | 2025-04-15 | Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2025-21583 | 2025-04-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.4.0 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2025-21584 | 2025-04-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2025-21585 | 2025-04-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2025-21586 | 2025-04-15 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2025-21587 | 2025-04-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441,... |