Lista CVE - 2025 / Aprile
Visualizzazione 3401 - 3500 di 4033 CVE per Aprile 2025 (Pagina 35 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-3903 | 2025-04-23 | UEditor - 百度编辑器 - Critical - Unsupported - SA-CONTRIB-2025-044 |
| CVE-2025-3904 | 2025-04-23 | Sportsleague - Critical - Unsupported - SA-CONTRIB-2025-045 |
| CVE-2025-3907 | 2025-04-23 | Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046 |
| CVE-2025-32818 | 2025-04-23 | A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition. |
| CVE-2025-46397 | 2025-04-23 | Xfig: fig2dev stack-overflow |
| CVE-2025-46398 | 2025-04-23 | Xfig: fig2dev stack-overflow via read_objects |
| CVE-2025-46399 | 2025-04-23 | Xfig: transfig: fig2dev segmentation fault vulnerability |
| CVE-2025-46400 | 2025-04-23 | Xfig: fig2dev segmentation fault in read_arcobject |
| CVE-2024-22351 | 2025-04-23 | IBM InfoSphere Information Server session fixation |
| CVE-2025-25045 | 2025-04-23 | IBM InfoSphere Information Server information disclosure |
| CVE-2025-25046 | 2025-04-23 | IBM InfoSphere Information Server information disclosure |
| CVE-2025-25777 | 2025-04-24 | Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access... |
| CVE-2025-29529 | 2025-04-24 | ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx. |
| CVE-2025-29568 | 2025-04-24 | A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/class_sched.php. Manipulating the class parameter can... |
| CVE-2025-44134 | 2025-04-24 | A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the file /Scheduling/pages/class_save.php. Manipulation of parameter class will lead to SQL injection attacks. |
| CVE-2025-44135 | 2025-04-24 | A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Scheduling/pages/profile_update.php. Manipulating the parameter username will cause SQL injection attacks. |
| CVE-2025-46417 | 2025-04-24 | The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS after deserialization. |
| CVE-2025-46419 | 2025-04-24 | Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet. |
| CVE-2025-1976 | 2025-04-24 | Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6 |
| CVE-2025-3435 | 2025-04-24 | MangBoard WP <= 1.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Board Header And Footer |
| CVE-2025-1453 | 2025-04-24 | Category Posts Widget < 4.9.20 - Admin+ Stored XSS |
| CVE-2025-2558 | 2025-04-24 | The Wound <= 0.0.1 - Unauthenticated LFI |
| CVE-2025-32730 | 2025-04-24 | Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool affects the network system for i-PRO Co., Ltd. surveillance cameras and recorders. This vulnerability allows a local authenticated attacker to... |
| CVE-2025-41395 | 2025-04-24 | Webapp DoS via malicious retrospective post in Playbooks |
| CVE-2025-35965 | 2025-04-24 | DoS in Mattermost Playbooks via Excessive Task Actions |
| CVE-2025-41423 | 2025-04-24 | Unauthorized Playbooks Post Deletion in Mattermost Playbooks Plugin |
| CVE-2025-3761 | 2025-04-24 | My Tickets – Accessible Event Ticketing <= 2.0.16 - Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-1908 | 2025-04-24 | Business Logic Errors in GitLab |
| CVE-2025-0639 | 2025-04-24 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2024-12244 | 2025-04-24 | Missing Authorization in GitLab |
| CVE-2025-3065 | 2025-04-24 | Database Toolset <= 1.8.4 - Unauthenticated Arbitrary File Deletion |
| CVE-2025-3058 | 2025-04-24 | Xelion Webchat <= 9.1.0 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-3101 | 2025-04-24 | Configurator Theme Core <= 1.4.7 - Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-1284 | 2025-04-24 | Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure |
| CVE-2025-2543 | 2025-04-24 | Advanced Accordion Gutenberg Block <= 5.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2025-3604 | 2025-04-24 | Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover |
| CVE-2025-3607 | 2025-04-24 | Frontend Login and Registration Blocks <= 1.0.7 - Authenticated (Subscriber+) Privilege Escalation via Password Reset |
| CVE-2025-2579 | 2025-04-24 | Lottie Player <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload |
| CVE-2025-3832 | 2025-04-24 | FuseDesk <= 6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via successredirect Parameter |
| CVE-2025-3300 | 2025-04-24 | WPMasterToolKit (WPMTK) – All in one plugin <= 2.5.2 - Authenticated (Administrator+) to Arbitrary File Read and Write |
| CVE-2024-13307 | 2025-04-24 | Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates |
| CVE-2025-3280 | 2025-04-24 | ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Subscriber+) SQL Injection |
| CVE-2025-3793 | 2025-04-24 | Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update |
| CVE-2025-3776 | 2025-04-24 | Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution |
| CVE-2025-3603 | 2025-04-24 | Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update |
| CVE-2025-3872 | 2025-04-24 | Privilege escalation by altering payload in contact form |
| CVE-2021-47662 | 2025-04-24 | Unauthenticated remote shutdown of the cobot |
| CVE-2021-47663 | 2025-04-24 | Improper session handling |
| CVE-2021-47664 | 2025-04-24 | Enumeration of valid user names |
| CVE-2025-27820 | 2025-04-24 | Apache HttpComponents: PSL (Public Suffix List) validation bypass |
| CVE-2025-46420 | 2025-04-24 | Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c |
| CVE-2025-46421 | 2025-04-24 | Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server |
| CVE-2025-30408 | 2025-04-24 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 16 (Windows) before build 39938. |
| CVE-2025-30409 | 2025-04-24 | Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904. |
| CVE-2025-43855 | 2025-04-24 | tRPC 11 WebSocket DoS Vulnerability |
| CVE-2025-46261 | 2025-04-24 | WordPress Seriously Simple Podcasting plugin <= 3.9.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46260 | 2025-04-24 | WordPress Sky Addons for Elementor plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46248 | 2025-04-24 | WordPress Frontend Dashboard <= 2.2.5 - SQL Injection Vulnerability |
| CVE-2025-46234 | 2025-04-24 | WordPress Control Listings plugin <= 1.0.4.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46230 | 2025-04-24 | WordPress Popup Builder <= 1.1.35 - Local File Inclusion Vulnerability |
| CVE-2025-46264 | 2025-04-24 | WordPress PowerPress Podcasting <= 11.12.5 - Arbitrary File Upload Vulnerability |
| CVE-2025-39408 | 2025-04-24 | WordPress BruteGuard – Brute Force Login Protection plugin <= 0.1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39404 | 2025-04-24 | WordPress Sassy Social Share plugin <= 3.3.73 - Open Redirection vulnerability |
| CVE-2025-39400 | 2025-04-24 | WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39399 | 2025-04-24 | WordPress License For Envato plugin <= 1.0.0 - Local File Inclusion vulnerability |
| CVE-2025-39397 | 2025-04-24 | WordPress Anything Popup plugin <= 7.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39391 | 2025-04-24 | WordPress Checkout Field Visibility for WooCommerce plugin <= 1.2.3 - Local File Inclusion vulnerability |
| CVE-2025-39390 | 2025-04-24 | WordPress Booking and Rental Manager plugin <= 2.3.8 - Broken Access Control vulnerability |
| CVE-2025-39387 | 2025-04-24 | WordPress Opstore theme <= 1.4.5 - Local File Inclusion vulnerability |
| CVE-2025-39385 | 2025-04-24 | WordPress Sirat theme <= 1.5.1 - Broken Access Control vulnerability |
| CVE-2025-39384 | 2025-04-24 | WordPress Product Lister for eBay plugin <= 2.0.9 - Local File Inclusion vulnerability |
| CVE-2025-39383 | 2025-04-24 | WordPress Xews Lite plugin <= 1.0.9 - Local File Inclusion vulnerability |
| CVE-2025-39382 | 2025-04-24 | WordPress ACF: Google Font Selector plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39381 | 2025-04-24 | WordPress KiotViet Sync plugin <= 1.8.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-39379 | 2025-04-24 | WordPress Capturly plugin <= 2.0.1 - Local File Inclusion vulnerability |
| CVE-2025-39378 | 2025-04-24 | WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Local File Inclusion vulnerability |
| CVE-2025-39377 | 2025-04-24 | WordPress Appsero Helper plugin <= 1.3.4 - SQL Injection vulnerability |
| CVE-2025-39360 | 2025-04-24 | WordPress Grace Mag theme <= 1.1.5 - Local File Inclusion vulnerability |
| CVE-2025-39359 | 2025-04-24 | WordPress CWW Portfolio theme <= 1.3.1 - Local File Inclusion vulnerability |
| CVE-2025-32921 | 2025-04-24 | WordPress Arrival theme <= 1.4.5 - Local File Inclusion vulnerability |
| CVE-2025-46435 | 2025-04-24 | WordPress Time Based Greeting plugin <= 2.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-46439 | 2025-04-24 | WordPress Plugin Central plugin <= 2.5.1 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-46436 | 2025-04-24 | WordPress SCSS-Library <= 0.4.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46443 | 2025-04-24 | WordPress Animate <= 0.5 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-46450 | 2025-04-24 | WordPress occupancyplan plugin <= 1.0.3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46452 | 2025-04-24 | WordPress Google News plugin <= 2.5.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46462 | 2025-04-24 | WordPress WPVN <= 0.7.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46465 | 2025-04-24 | WordPress Print Science Designer plugin <= 1.3.155 - CSRF to Stored XSS vulnerability |
| CVE-2025-46466 | 2025-04-24 | WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability |
| CVE-2025-46470 | 2025-04-24 | WordPress Smart Hashtags [#hashtagger] <= 7.2.3 - Broken Access Control Vulnerability |
| CVE-2025-46472 | 2025-04-24 | WordPress The Pack Elementor addons <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46476 | 2025-04-24 | WordPress Awesome Wp Image Gallery <= 1.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46478 | 2025-04-24 | WordPress Dropdown Content <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46480 | 2025-04-24 | WordPress Nepali Post Date <= 5.1.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46484 | 2025-04-24 | WordPress Image Hover Effects For WPBakery Page Builder <= 2.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46492 | 2025-04-24 | WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability |
| CVE-2025-46495 | 2025-04-24 | WordPress Drop Caps plugin <= 2.1 - CSRF to XSS vulnerability |
| CVE-2025-46497 | 2025-04-24 | WordPress Navegg Analytics plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-46499 | 2025-04-24 | WordPress PayPal Express Checkout plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-46502 | 2025-04-24 | WordPress LSD Custom taxonomy and category meta plugin <= 1.3.2 - CSRF to XSS vulnerability |