Lista CVE - 2025 / Aprile
Visualizzazione 2701 - 2800 di 4033 CVE per Aprile 2025 (Pagina 28 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-1568 | 2025-04-16 | Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve... |
| CVE-2024-40124 | 2025-04-17 | Pydio Core <= 8.2.5 is vulnerable to Cross Site Scripting (XSS) via the New URL Bookmark feature. |
| CVE-2024-53924 | 2025-04-17 | Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring. |
| CVE-2024-55211 | 2025-04-17 | An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie. |
| CVE-2024-55238 | 2025-04-17 | OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used... |
| CVE-2024-56518 | 2025-04-17 | Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections... |
| CVE-2025-25454 | 2025-04-17 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2. |
| CVE-2025-25455 | 2025-04-17 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2. |
| CVE-2025-25457 | 2025-04-17 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2. |
| CVE-2025-26268 | 2025-04-17 | DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked. |
| CVE-2025-26269 | 2025-04-17 | DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer. |
| CVE-2025-28009 | 2025-04-17 | A SQL Injection vulnerability exists in the `u` parameter of the progress-body-weight.php endpoint of Dietiqa App v1.0.20. |
| CVE-2025-28101 | 2025-04-17 | An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request. |
| CVE-2025-29015 | 2025-04-17 | Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php. |
| CVE-2025-29039 | 2025-04-17 | An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8 |
| CVE-2025-29040 | 2025-04-17 | An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c |
| CVE-2025-29041 | 2025-04-17 | An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c |
| CVE-2025-29042 | 2025-04-17 | An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c |
| CVE-2025-29043 | 2025-04-17 | An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234 |
| CVE-2025-29044 | 2025-04-17 | Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value |
| CVE-2025-29045 | 2025-04-17 | Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newap_text_0 key value |
| CVE-2025-29046 | 2025-04-17 | Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value |
| CVE-2025-29047 | 2025-04-17 | Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the function StorageEditUser |
| CVE-2025-29180 | 2025-04-17 | In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST parameters are directly concatenated into SQL statements without filtering. |
| CVE-2025-29181 | 2025-04-17 | FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php. |
| CVE-2025-29316 | 2025-04-17 | An issue in DataPatrol Screenshot watermark, printing watermark agent v.3.5.2.0 allows a physically proximate attacker to obtain sensitive information. NOTE: the Supplier disputes the Print Job Watermark Bypass claim because... |
| CVE-2025-29449 | 2025-04-17 | An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function. |
| CVE-2025-29450 | 2025-04-17 | An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component. |
| CVE-2025-29451 | 2025-04-17 | An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component. |
| CVE-2025-29452 | 2025-04-17 | An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component. |
| CVE-2025-29453 | 2025-04-17 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component. |
| CVE-2025-29454 | 2025-04-17 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function. |
| CVE-2025-29455 | 2025-04-17 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function. |
| CVE-2025-29456 | 2025-04-17 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function. |
| CVE-2025-29457 | 2025-04-17 | An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of... |
| CVE-2025-29458 | 2025-04-17 | An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board... |
| CVE-2025-29459 | 2025-04-17 | An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators... |
| CVE-2025-29460 | 2025-04-17 | An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board... |
| CVE-2025-29461 | 2025-04-17 | An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path. |
| CVE-2025-29661 | 2025-04-17 | Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run. |
| CVE-2025-29662 | 2025-04-17 | A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote network access. |
| CVE-2025-29722 | 2025-04-17 | A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoints. |
| CVE-2025-32415 | 2025-04-17 | In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema... |
| CVE-2025-43708 | 2025-04-17 | VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an "insecure deserialization" issue. |
| CVE-2025-43715 | 2025-04-17 | Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and... |
| CVE-2025-43717 | 2025-04-17 | In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, reflect any GET or POST parameters, leading to XSS. |
| CVE-2025-1290 | 2025-04-17 | A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure during an AF_VSOCK connect syscall can... |
| CVE-2025-31340 | 2025-04-17 | Wisdom Master Pro - Improper Control of Filename for Include/Require Statement in PHP Program |
| CVE-2025-31339 | 2025-04-17 | Wisdom Master Pro - Unrestricted Upload of File with Dangerous Type |
| CVE-2025-31338 | 2025-04-17 | Wisdom Master Pro - Missing Authorization |
| CVE-2025-3295 | 2025-04-17 | WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read |
| CVE-2025-3294 | 2025-04-17 | WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update |
| CVE-2024-11924 | 2025-04-17 | Email Subscribers < 5.7.52 - Admin+ Stored XSS |
| CVE-2024-13925 | 2025-04-17 | Klarna Checkout for WooCommerce < 2.13.5 - DoS via Excessive Logging |
| CVE-2025-1523 | 2025-04-17 | Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS |
| CVE-2025-1524 | 2025-04-17 | Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS |
| CVE-2025-1525 | 2025-04-17 | Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS |
| CVE-2025-3113 | 2025-04-17 | Improper Access Control in Delphix Masking Engine |
| CVE-2025-2903 | 2025-04-17 | Privilege Chaining in Delphix |
| CVE-2025-3615 | 2025-04-17 | Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-2197 | 2025-04-17 | Type Confusion Vulnerability in Browser |
| CVE-2025-2188 | 2025-04-17 | Whitelist bypass Vulnerability in GameCenter |
| CVE-2025-1532 | 2025-04-17 | Code Injection Vulnerability in Phoneservice |
| CVE-2025-29931 | 2025-04-17 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses... |
| CVE-2025-3453 | 2025-04-17 | Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure |
| CVE-2025-3487 | 2025-04-17 | Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit' |
| CVE-2025-3479 | 2025-04-17 | Forminator <= 1.42.0 - Order Replay Vulnerability |
| CVE-2025-26478 | 2025-04-17 | Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. |
| CVE-2025-26477 | 2025-04-17 | Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
| CVE-2025-3760 | 2025-04-17 | A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through... |
| CVE-2022-26323 | 2025-04-17 | Incorrect Use of Privileged vulnerability has been discovered on OpenText™ UCMDB and Operation Bridge Manager product. |
| CVE-2025-3651 | 2025-04-17 | Command Injection in iManage Work Desktop for Mac's Agent Service |
| CVE-2025-25234 | 2025-04-17 | Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to... |
| CVE-2025-39464 | 2025-04-17 | WordPress AdminQuickbar plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39462 | 2025-04-17 | WordPress Smart Agreements plugin <= 1.0.3 - Local File Inclusion vulnerability |
| CVE-2025-39461 | 2025-04-17 | WordPress Docket Cache plugin <= 24.07.02 - Local File Inclusion vulnerability |
| CVE-2025-39457 | 2025-04-17 | WordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerability |
| CVE-2025-39456 | 2025-04-17 | WordPress WP Logger plugin <= 2.2 - Broken Access Control vulnerability |
| CVE-2025-39455 | 2025-04-17 | WordPress IP2Location Variables plugin <= 2.9.5 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39453 | 2025-04-17 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.9.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-39452 | 2025-04-17 | WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability |
| CVE-2025-39443 | 2025-04-17 | WordPress Verge3D plugin <= 4.9.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39444 | 2025-04-17 | WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39442 | 2025-04-17 | WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39441 | 2025-04-17 | WordPress Dashboard Notepads plugin <= 1.2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-39440 | 2025-04-17 | WordPress Broken Links Remover plugin <= 1.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-39439 | 2025-04-17 | WordPress wpLike2Get plugin <= 1.2.9 - Sensitive Data Exposure vulnerability |
| CVE-2025-39438 | 2025-04-17 | WordPress Theme Changer plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39437 | 2025-04-17 | WordPress Anthologize plugin <= 0.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39436 | 2025-04-17 | WordPress I Draw <= 1.0 - Arbitrary File Upload Vulnerability |
| CVE-2025-39435 | 2025-04-17 | WordPress My Marginalia plugin <= 1.0.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-39434 | 2025-04-17 | WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2025-39433 | 2025-04-17 | WordPress Bknewsticker plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39432 | 2025-04-17 | WordPress bbPress2 shortcode whitelist plugin <= 2.2.1 - CSRF to XSS vulnerability |
| CVE-2025-39431 | 2025-04-17 | WordPress Amazon Showcase WordPress Plugin plugin <= 2.2 - CSRF to XSS vulnerability |
| CVE-2025-39430 | 2025-04-17 | WordPress mLanguage plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39429 | 2025-04-17 | WordPress Széchenyi 2020 Logo <= 1.1 - Local File Inclusion Vulnerability |
| CVE-2025-39428 | 2025-04-17 | WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39427 | 2025-04-17 | WordPress WP Post to PDF Enhanced plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39426 | 2025-04-17 | WordPress illow – Cookies Consent plugin <= 0.2.0 - Cross Site Request Forgery (CSRF) vulnerability |