Lista CVE - 2025 / Aprile
Visualizzazione 3701 - 3800 di 4033 CVE per Aprile 2025 (Pagina 38 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-3957 | 2025-04-27 | opplus springboot-admin SysLogDao.xml sql injection |
| CVE-2025-3958 | 2025-04-27 | withstars Books-Management-System Book Edit Page book_edit_do.html cross site scripting |
| CVE-2025-3959 | 2025-04-27 | withstars Books-Management-System reader_delete.html cross-site request forgery |
| CVE-2025-3960 | 2025-04-27 | withstars Books-Management-System Background Interface allreaders.html authorization |
| CVE-2025-3961 | 2025-04-27 | withstars Books-Management-System do cross site scripting |
| CVE-2025-3962 | 2025-04-27 | withstars Books-Management-System Comment add cross site scripting |
| CVE-2025-3963 | 2025-04-27 | withstars Books-Management-System Background Interface list authorization |
| CVE-2024-52887 | 2025-04-27 | Self-XSS |
| CVE-2024-52888 | 2025-04-27 | Stored-XSS |
| CVE-2025-3964 | 2025-04-27 | withstars Books-Management-System Article del cross-site request forgery |
| CVE-2025-3965 | 2025-04-27 | itwanger paicoding post cross site scripting |
| CVE-2025-3966 | 2025-04-27 | itwanger paicoding Browsing History home information disclosure |
| CVE-2025-3967 | 2025-04-27 | itwanger paicoding Article post improper authorization |
| CVE-2025-3886 | 2025-04-27 | CatoNetworks CatoClient up to 5.8 PrivilegedHelperTool Race Condition |
| CVE-2025-3968 | 2025-04-27 | codeprojects News Publishing Site Dashboard api.php sql injection |
| CVE-2025-3969 | 2025-04-27 | codeprojects News Publishing Site Dashboard Edit Category Page edit-category.php unrestricted upload |
| CVE-2025-3970 | 2025-04-27 | baseweb JSite save cross site scripting |
| CVE-2025-3971 | 2025-04-27 | PHPGurukul COVID19 Testing Management System add-phlebotomist.php sql injection |
| CVE-2025-3972 | 2025-04-27 | PHPGurukul COVID19 Testing Management System bwdates-report-result.php sql injection |
| CVE-2025-3973 | 2025-04-27 | PHPGurukul COVID19 Testing Management System check_availability.php sql injection |
| CVE-2025-3974 | 2025-04-27 | PHPGurukul COVID19 Testing Management System edit-phlebotomist.php sql injection |
| CVE-2025-3975 | 2025-04-27 | ScriptAndTools eCommerce-website-in-PHP subscriber-csv.php information disclosure |
| CVE-2025-3976 | 2025-04-27 | PHPGurukul COVID19 Testing Management System new-user-testing.php sql injection |
| CVE-2025-3977 | 2025-04-27 | iteachyou Dreamer CMS Attachment download improper authorization |
| CVE-2025-3978 | 2025-04-27 | dazhouda lecms user_set.htm information disclosure |
| CVE-2025-3979 | 2025-04-27 | dazhouda lecms Password Change index.php cross-site request forgery |
| CVE-2025-3980 | 2025-04-27 | wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System list improper authorization |
| CVE-2025-3981 | 2025-04-27 | wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System details improper authorization |
| CVE-2025-3982 | 2025-04-27 | nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution |
| CVE-2025-2866 | 2025-04-27 | PDF signature forgery with adbe.pkcs7.sha1 SubFilter |
| CVE-2025-3983 | 2025-04-27 | AMTT Hotel Broadband Operation System nlog_down.php command injection |
| CVE-2025-3984 | 2025-04-27 | Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection |
| CVE-2025-3985 | 2025-04-27 | Apereo CAS ResponseEntity redos |
| CVE-2025-3986 | 2025-04-27 | Apereo CAS CasConfigurationMetadataServerController.java redos |
| CVE-2025-3987 | 2025-04-27 | TOTOLINK N150RT formWsc command injection |
| CVE-2025-3988 | 2025-04-27 | TOTOLINK N150RT formPortFw buffer overflow |
| CVE-2025-3989 | 2025-04-27 | TOTOLINK N150RT formStaticDHCP buffer overflow |
| CVE-2025-3990 | 2025-04-27 | TOTOLINK N150RT formVlan buffer overflow |
| CVE-2025-3991 | 2025-04-27 | TOTOLINK N150RT formWdsEncrypt buffer overflow |
| CVE-2025-26692 | 2025-04-27 | Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, arbitrary code may be executed by... |
| CVE-2025-27937 | 2025-04-27 | Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, an arbitrary file in the affected... |
| CVE-2025-31144 | 2025-04-27 | Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in... |
| CVE-2015-2079 | 2025-04-28 | Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open. |
| CVE-2015-4582 | 2025-04-28 | The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress allows header.php tcp_register_error XSS. NOTE: CVE-2015-4582 is not assigned to any Oracle product. |
| CVE-2022-41871 | 2025-04-28 | SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in the context of the user root. |
| CVE-2023-35814 | 2025-04-28 | DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. |
| CVE-2023-35815 | 2025-04-28 | DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data. |
| CVE-2023-35816 | 2025-04-28 | DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. |
| CVE-2023-35817 | 2025-04-28 | DevExpress before 23.1.3 allows AsyncDownloader SSRF. |
| CVE-2023-42404 | 2025-04-28 | OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution. |
| CVE-2024-32499 | 2025-04-28 | Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed. |
| CVE-2025-25776 | 2025-04-28 | Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full... |
| CVE-2025-45947 | 2025-04-28 | An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component |
| CVE-2025-45949 | 2025-04-28 | A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling... |
| CVE-2025-45953 | 2025-04-28 | A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session... |
| CVE-2025-46614 | 2025-04-28 | In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File. |
| CVE-2025-46661 | 2025-04-28 | IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions, aka Server-Side Template-Injection. All instances have been patched by the Supplier. |
| CVE-2025-3992 | 2025-04-28 | TOTOLINK N150RT formWlwds buffer overflow |
| CVE-2025-3993 | 2025-04-28 | TOTOLINK N150RT formWsc buffer overflow |
| CVE-2025-3994 | 2025-04-28 | TOTOLINK N150RT IP Port Filtering home.htm cross site scripting |
| CVE-2025-3995 | 2025-04-28 | TOTOLINK N150RT LAN Settings Page fromStaticDHCP cross site scripting |
| CVE-2025-3996 | 2025-04-28 | TOTOLINK N150RT MAC Filtering Page home.htm cross site scripting |
| CVE-2025-3997 | 2025-04-28 | dazhouda lecms Personal Information Page index.php cross-site request forgery |
| CVE-2025-3706 | 2025-04-28 | 104 Corporation eHRMS - Reflected Cross-Site Scripting |
| CVE-2025-3998 | 2025-04-28 | CodeAstro Membership Management System renew.php sql injection |
| CVE-2025-3999 | 2025-04-28 | Seeyon Zhiyuan OA Web Application System URL Parameter date.jsp cross site scripting |
| CVE-2025-4000 | 2025-04-28 | Seeyon Zhiyuan OA Web Application System ssoproxy.jsp cross site scripting |
| CVE-2025-4001 | 2025-04-28 | scipopt scip File Descriptor genRandomLOPInstance.c main file descriptor consumption |
| CVE-2025-4002 | 2025-04-28 | RefindPlusRepo RefindPlus BootLog.c GetDebugLogFile null pointer dereference |
| CVE-2025-4003 | 2025-04-28 | RefindPlusRepo RefindPlus RP_ApfsIo.c InternalApfsTranslateBlock null pointer dereference |
| CVE-2024-13688 | 2025-04-28 | Admin and Site Enhancements (ASE) < 7.6.10 - Password Protection Bypass |
| CVE-2024-9771 | 2025-04-28 | WP-Recall < 16.26.12 - Admin+ Stored XSS |
| CVE-2025-0627 | 2025-04-28 | AI Autotagger < 3.30.0 - Admin+ Stored XSS |
| CVE-2025-4004 | 2025-04-28 | PHPGurukul COVID19 Testing Management System password-recovery.php sql injection |
| CVE-2025-4005 | 2025-04-28 | PHPGurukul COVID19 Testing Management System patient-report.php sql injection |
| CVE-2025-4006 | 2025-04-28 | youyiio BeyongCms Document Management Page Upload.html unrestricted upload |
| CVE-2025-22235 | 2025-04-28 | Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed |
| CVE-2025-4007 | 2025-04-28 | Tenda W12/i24 httpd modules cgidhcpsCfgSet stack-based overflow |
| CVE-2025-4011 | 2025-04-28 | Redmine Custom Query cross site scripting |
| CVE-2025-42598 | 2025-04-28 | Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is... |
| CVE-2025-4012 | 2025-04-28 | playeduxyz PlayEdu 开源培训系统 User Avatar create server-side request forgery |
| CVE-2025-4013 | 2025-04-28 | PHPGurukul Art Gallery Management System aboutus.php sql injection |
| CVE-2025-32470 | 2025-04-28 | Unauthenticated change of IP adress |
| CVE-2025-39367 | 2025-04-28 | WordPress Kleo theme < 5.4.4 - Broken Access Control vulnerability |
| CVE-2025-32471 | 2025-04-28 | Reuse of salt |
| CVE-2025-4014 | 2025-04-28 | PHPGurukul Art Gallery Management System manage-art-medium.php sql injection |
| CVE-2025-3200 | 2025-04-28 | Com-Server Exposed via Weak TLS |
| CVE-2025-4015 | 2025-04-28 | 20120630 Novel-Plus SessionController.java list missing authentication |
| CVE-2025-4016 | 2025-04-28 | 20120630 Novel-Plus LogController.java deleteIndex improper authorization |
| CVE-2025-4017 | 2025-04-28 | 20120630 Novel-Plus LogController.java list improper authorization |
| CVE-2025-4018 | 2025-04-28 | 20120630 Novel-Plus CrawlController.java addCrawlSource missing authentication |
| CVE-2025-4019 | 2025-04-28 | 20120630 Novel-Plus GeneratorController.java genCode missing authentication |
| CVE-2025-32472 | 2025-04-28 | DoS attack by conducting a slowloris-type attack |
| CVE-2025-4020 | 2025-04-28 | PHPGurukul Old Age Home Management System contact.php sql injection |
| CVE-2025-4021 | 2025-04-28 | code-projects Patient Record Management System edit_spatient.php sql injection |
| CVE-2025-4022 | 2025-04-28 | web-arena-x webarena evaluators.py HTMLContentEvaluator code injection |
| CVE-2025-4023 | 2025-04-28 | itsourcecode Placement Management System add_company.php sql injection |
| CVE-2025-23375 | 2025-04-28 | Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation... |
| CVE-2025-4024 | 2025-04-28 | itsourcecode Placement Management System add_drive.php sql injection |
| CVE-2025-23376 | 2025-04-28 | Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could... |