Lista CVE - 2025 / Aprile
Visualizzazione 501 - 600 di 4033 CVE per Aprile 2025 (Pagina 6 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-31726 | 2025-04-02 | Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended... |
| CVE-2025-31727 | 2025-04-02 | Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission... |
| CVE-2025-31728 | 2025-04-02 | Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. |
| CVE-2024-56341 | 2025-04-02 | IBM Content Navigator cross-site scripting |
| CVE-2025-0154 | 2025-04-02 | IBM TXSeries for Multiplatforms information disclosure |
| CVE-2024-56474 | 2025-04-02 | IBM TXSeries for Multiplatforms cross-site request forgery |
| CVE-2024-56475 | 2025-04-02 | IBM TXSeries for Multiplatforms cross-site scripting |
| CVE-2024-56476 | 2025-04-02 | IBM TXSeries for Multiplatforms information disclosure |
| CVE-2025-0014 | 2025-04-02 | Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |
| CVE-2025-20212 | 2025-04-02 | A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service... |
| CVE-2025-20139 | 2025-04-02 | A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is... |
| CVE-2024-36337 | 2025-04-02 | Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of confidentiality, integrity or availability. |
| CVE-2025-20120 | 2025-04-02 | A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting... |
| CVE-2025-20203 | 2025-04-02 | A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting... |
| CVE-2024-36328 | 2025-04-02 | Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of integrity or availability. |
| CVE-2024-36336 | 2025-04-02 | Integer overflow within the AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to a loss of confidentiality, integrity, or availability. |
| CVE-2025-31282 | 2025-04-02 | A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of... |
| CVE-2025-31283 | 2025-04-02 | A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of... |
| CVE-2025-31284 | 2025-04-02 | A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the... |
| CVE-2025-31285 | 2025-04-02 | A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of... |
| CVE-2025-31286 | 2025-04-02 | An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the... |
| CVE-2025-3118 | 2025-04-02 | SourceCodester Online Tutor Portal view_course.php sql injection |
| CVE-2025-2704 | 2025-04-02 | OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase |
| CVE-2025-27608 | 2025-04-02 | Self Cross-Site Scripting in Arduino IDE |
| CVE-2025-31479 | 2025-04-02 | canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output |
| CVE-2025-31477 | 2025-04-02 | Improper Scope Validation in the open Endpoint of tauri-plugin-shell |
| CVE-2025-3129 | 2025-04-02 | Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028 |
| CVE-2025-3130 | 2025-04-02 | Obfuscate - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-029 |
| CVE-2025-30218 | 2025-04-02 | Next.js may leak x-middleware-subrequest-id to external hosts |
| CVE-2025-3119 | 2025-04-02 | SourceCodester Online Tutor Portal manage_course.php sql injection |
| CVE-2025-3120 | 2025-04-02 | SourceCodester Apartment Visitors Management System add-apartment.php sql injection |
| CVE-2025-31484 | 2025-04-02 | conda-forge infrastructure uses a bad token for Azure's cf-staging access |
| CVE-2025-3121 | 2025-04-02 | PyTorch torch.jit.jit_module_from_flatbuffer memory corruption |
| CVE-2025-3122 | 2025-04-02 | WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference |
| CVE-2025-0257 | 2025-04-02 | HCL DevOps Deploy / HCL Launch is susceptible to unauthorized access to other services |
| CVE-2025-3154 | 2025-04-02 | Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05 |
| CVE-2025-3123 | 2025-04-02 | WonderCMS Theme Installation/Plugin Installation installUpdateModuleAction unrestricted upload |
| CVE-2024-22611 | 2025-04-03 | OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php and \openemr\controller.php. |
| CVE-2024-45198 | 2025-04-03 | insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses... |
| CVE-2024-45199 | 2025-04-03 | insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver... |
| CVE-2024-47212 | 2025-04-03 | An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive.... |
| CVE-2024-47213 | 2025-04-03 | An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich... |
| CVE-2024-47214 | 2025-04-03 | An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind of malicious payload. As above, it can render Iglu Server... |
| CVE-2024-47215 | 2025-04-03 | An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to events, causing them to be... |
| CVE-2024-47217 | 2025-04-03 | An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47214, but involves an authenticated endpoint. It can render Iglu Server completely unresponsive. If the operation... |
| CVE-2024-56528 | 2025-04-03 | This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and... |
| CVE-2025-22926 | 2025-04-03 | An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename. |
| CVE-2025-22927 | 2025-04-03 | An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename. |
| CVE-2025-22928 | 2025-04-03 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php. |
| CVE-2025-22929 | 2025-04-03 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php. |
| CVE-2025-22930 | 2025-04-03 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php. |
| CVE-2025-22931 | 2025-04-03 | An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members. |
| CVE-2025-26817 | 2025-04-03 | Netwrix Password Secure 9.2.0.32454 allows OS command injection. |
| CVE-2025-26818 | 2025-04-03 | Netwrix Password Secure through 9.2 allows command injection. |
| CVE-2025-29064 | 2025-04-03 | An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. |
| CVE-2025-29369 | 2025-04-03 | Code-Projects Matrimonial Site V1.0 is vulnerable to SQL Injection in /view_profile.php?id=1. |
| CVE-2025-29462 | 2025-04-03 | A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the... |
| CVE-2025-29504 | 2025-04-03 | Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification. |
| CVE-2025-29570 | 2025-04-03 | An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named rc. |
| CVE-2025-29647 | 2025-04-03 | SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php. |
| CVE-2025-29991 | 2025-04-03 | Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when... |
| CVE-2025-30406 | 2025-04-03 | Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat... |
| CVE-2025-31161 | 2025-04-03 | CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in... |
| CVE-2025-3153 | 2025-04-03 | Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attribute |
| CVE-2025-3134 | 2025-04-03 | code-projects Payroll Management System add_overtime.php sql injection |
| CVE-2025-3135 | 2025-04-03 | fcba_zzm ics-park Smart Park Management System update sql injection |
| CVE-2025-2784 | 2025-04-03 | Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content |
| CVE-2025-3136 | 2025-04-03 | PyTorch CUDACachingAllocator.cpp torch.cuda.memory.caching_allocator_delete memory corruption |
| CVE-2025-3137 | 2025-04-03 | PHPGurukul Online Security Guards Hiring System changeimage.php sql injection |
| CVE-2025-3138 | 2025-04-03 | PHPGurukul Online Security Guards Hiring System edit-guard-detail.php sql injection |
| CVE-2025-3139 | 2025-04-03 | code-projects Bus Reservation System Login Form login buffer overflow |
| CVE-2025-3140 | 2025-04-03 | SourceCodester Online Medicine Ordering System view_category.php sql injection |
| CVE-2025-3141 | 2025-04-03 | SourceCodester Online Medicine Ordering System manage_category.php sql injection |
| CVE-2025-31334 | 2025-04-03 | Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to... |
| CVE-2025-3142 | 2025-04-03 | SourceCodester Apartment Visitor Management System add-apartment.php sql injection |
| CVE-2025-2055 | 2025-04-03 | MapPress Maps for WordPress < 2.94.9 - Contributor+ Stored XSS |
| CVE-2025-3143 | 2025-04-03 | SourceCodester Apartment Visitor Management System visitor-entry.php sql injection |
| CVE-2025-3144 | 2025-04-03 | MindSpore mindspore.numpy.fft.hfftn memory corruption |
| CVE-2025-30485 | 2025-04-03 | UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files,... |
| CVE-2025-3145 | 2025-04-03 | MindSpore mindspore.numpy.fft.rfft2 memory corruption |
| CVE-2025-3146 | 2025-04-03 | PHPGurukul Bus Pass Management System view-pass-detail.php sql injection |
| CVE-2025-3147 | 2025-04-03 | PHPGurukul Boat Booking System add-subadmin.php sql injection |
| CVE-2025-3148 | 2025-04-03 | codeprojects Product Management System Login buffer overflow |
| CVE-2025-21995 | 2025-04-03 | drm/sched: Fix fence reference count leak |
| CVE-2025-21996 | 2025-04-03 | drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() |
| CVE-2025-21997 | 2025-04-03 | xsk: fix an integer overflow in xp_create_and_assign_umem() |
| CVE-2025-21998 | 2025-04-03 | firmware: qcom: uefisecapp: fix efivars registration race |
| CVE-2025-21999 | 2025-04-03 | proc: fix UAF in proc_get_inode() |
| CVE-2025-22000 | 2025-04-03 | mm/huge_memory: drop beyond-EOF folios with the right number of refs |
| CVE-2025-22001 | 2025-04-03 | accel/qaic: Fix integer overflow in qaic_validate_req() |
| CVE-2025-22002 | 2025-04-03 | netfs: Call `invalidate_cache` only if implemented |
| CVE-2025-22003 | 2025-04-03 | can: ucan: fix out of bound read in strscpy() source |
| CVE-2025-22004 | 2025-04-03 | net: atm: fix use after free in lec_send() |
| CVE-2025-22005 | 2025-04-03 | ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). |
| CVE-2025-22006 | 2025-04-03 | net: ethernet: ti: am65-cpsw: Fix NAPI registration sequence |
| CVE-2025-22007 | 2025-04-03 | Bluetooth: Fix error code in chan_alloc_skb_cb() |
| CVE-2024-13673 | 2025-04-03 | Big Boom Directory <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-2874 | 2025-04-03 | User Submitted Posts <= 20241026 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-1663 | 2025-04-03 | Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-3149 | 2025-04-03 | itning Student Homework Management System Edit Job Page fileupload cross site scripting |