Lista CVE - 2025 / Aprile
Visualizzazione 3901 - 4000 di 4033 CVE per Aprile 2025 (Pagina 40 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-4073 | 2025-04-29 | PHPGurukul Student Record System change-password.php sql injection |
| CVE-2025-46347 | 2025-04-29 | YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution |
| CVE-2025-46349 | 2025-04-29 | YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting |
| CVE-2025-46350 | 2025-04-29 | Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting |
| CVE-2025-4095 | 2025-04-29 | Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile |
| CVE-2025-3911 | 2025-04-29 | Exposure in Docker Desktop logs of environment variables configured for running containers |
| CVE-2025-4074 | 2025-04-29 | PHPGurukul Curfew e-Pass Management System pass-bwdates-report.php sql injection |
| CVE-2025-4075 | 2025-04-29 | VMSMan login.php cross site scripting |
| CVE-2025-4076 | 2025-04-29 | LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection |
| CVE-2025-4077 | 2025-04-29 | code-projects School Billing System searchrec stack-based overflow |
| CVE-2025-4079 | 2025-04-29 | PCMan FTP Server RENAME Command buffer overflow |
| CVE-2025-4080 | 2025-04-29 | PHPGurukul Online Nurse Hiring System view-request.php sql injection |
| CVE-2025-0520 | 2025-04-29 | ShowDoc < 2.8.7 Unauthenticated File Upload Remote Code Execution |
| CVE-2025-4078 | 2025-04-29 | Wangshen SecGate 3600 g=log_export_file path traversal |
| CVE-2025-46348 | 2025-04-29 | YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download |
| CVE-2025-46549 | 2025-04-29 | Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting |
| CVE-2025-46550 | 2025-04-29 | Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting |
| CVE-2025-46344 | 2025-04-29 | Auth0 NextJS SDK v4 Missing Session Invalidation |
| CVE-2025-3501 | 2025-04-29 | Org.keycloak.protocol.services: keycloak hostname verification |
| CVE-2025-3910 | 2025-04-29 | Org.keycloak.authentication: two factor authentication bypass |
| CVE-2025-46552 | 2025-04-29 | KHC-INVITATION-AUTOMATION Sensitive User Information Leakage in Invitation Automation |
| CVE-2025-29906 | 2025-04-29 | Finit bundled getty can bypass /bin/login |
| CVE-2025-44192 | 2025-04-30 | SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance. |
| CVE-2025-44193 | 2025-04-30 | SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_complaint. |
| CVE-2025-44194 | 2025-04-30 | SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_household. |
| CVE-2025-45007 | 2025-04-30 | A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the... |
| CVE-2025-45009 | 2025-04-30 | A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata parameter. |
| CVE-2025-45010 | 2025-04-30 | A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and... |
| CVE-2025-45011 | 2025-04-30 | A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST... |
| CVE-2025-45015 | 2025-04-30 | A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the... |
| CVE-2025-45017 | 2025-04-30 | A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter. |
| CVE-2025-45018 | 2025-04-30 | A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate... |
| CVE-2025-45019 | 2025-04-30 | A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request... |
| CVE-2025-45020 | 2025-04-30 | A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate... |
| CVE-2025-45021 | 2025-04-30 | A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request... |
| CVE-2025-46619 | 2025-04-30 | A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Depending on the... |
| CVE-2025-30202 | 2025-04-30 | Data exposure via ZeroMQ on multi-node vLLM deployment |
| CVE-2025-46560 | 2025-04-30 | vLLM phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service |
| CVE-2025-32444 | 2025-04-30 | vLLM Vulnerable to Remote Code Execution via Mooncake Integration |
| CVE-2025-3953 | 2025-04-30 | WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update |
| CVE-2025-3471 | 2025-04-30 | SureForms < 1.4.4 - Contributor+ Settings Update |
| CVE-2025-22882 | 2025-04-30 | ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-22883 | 2025-04-30 | ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-22884 | 2025-04-30 | ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-4124 | 2025-04-30 | ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-4125 | 2025-04-30 | ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-2890 | 2025-04-30 | tagDiv Opt-In Builder <= 1.7 - Authenticated (Subscriber+) SQL Injection via subscriptionCouponId Parameter |
| CVE-2025-4108 | 2025-04-30 | PHPGurukul Student Record System add-subject.php sql injection |
| CVE-2025-4109 | 2025-04-30 | PHPGurukul Pre-School Enrollment System edit-subadmin.php sql injection |
| CVE-2025-4110 | 2025-04-30 | PHPGurukul Pre-School Enrollment System edit-teacher.php sql injection |
| CVE-2025-4111 | 2025-04-30 | PHPGurukul Pre-School Enrollment System visitor-details.php sql injection |
| CVE-2025-24338 | 2025-04-30 | A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of... |
| CVE-2025-24339 | 2025-04-30 | A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle... |
| CVE-2025-24340 | 2025-04-30 | A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users. |
| CVE-2025-4112 | 2025-04-30 | PHPGurukul Student Record System add-course.php sql injection |
| CVE-2025-4113 | 2025-04-30 | PHPGurukul Curfew e-Pass Management System edit-pass-detail.php sql injection |
| CVE-2025-24341 | 2025-04-30 | A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In... |
| CVE-2025-24342 | 2025-04-30 | A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests. |
| CVE-2025-24343 | 2025-04-30 | A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths... |
| CVE-2025-24344 | 2025-04-30 | A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code... |
| CVE-2025-24345 | 2025-04-30 | A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a... |
| CVE-2025-24346 | 2025-04-30 | A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request. |
| CVE-2025-24347 | 2025-04-30 | A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP... |
| CVE-2025-24348 | 2025-04-30 | A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted... |
| CVE-2025-24349 | 2025-04-30 | A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a... |
| CVE-2025-24350 | 2025-04-30 | A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths... |
| CVE-2025-24351 | 2025-04-30 | A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user... |
| CVE-2025-27532 | 2025-04-30 | A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests. |
| CVE-2025-4114 | 2025-04-30 | Netgear JWNR2000v2 check_language_file buffer overflow |
| CVE-2025-4115 | 2025-04-30 | Netgear JWNR2000v2 default_version_is_new buffer overflow |
| CVE-2025-4116 | 2025-04-30 | Netgear JWNR2000v2 get_cur_lang_ver buffer overflow |
| CVE-2025-3394 | 2025-04-30 | Vulnerability in user management of Automation Builder |
| CVE-2025-3395 | 2025-04-30 | Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. |
| CVE-2025-4117 | 2025-04-30 | Netgear JWNR2000v2 sub_41A914 buffer overflow |
| CVE-2025-4118 | 2025-04-30 | Weitong Mall Product History historyList access control |
| CVE-2025-4119 | 2025-04-30 | Weitong Mall Product Statistics queryTotal access control |
| CVE-2025-4120 | 2025-04-30 | Netgear JWNR2000v2 sub_4238E8 buffer overflow |
| CVE-2025-4121 | 2025-04-30 | Netgear JWNR2000v2 cmd_wireless command injection |
| CVE-2025-4122 | 2025-04-30 | Netgear JWNR2000v2 sub_435E04 command injection |
| CVE-2025-32970 | 2025-04-30 | org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability |
| CVE-2025-32971 | 2025-04-30 | XWiki Solr script service doesn't take dropped programming right into account |
| CVE-2025-32972 | 2025-04-30 | The lesscss script service allows cache clearing without programming right |
| CVE-2025-32974 | 2025-04-30 | org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type |
| CVE-2025-32973 | 2025-04-30 | org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right |
| CVE-2025-27409 | 2025-04-30 | Joplin Server Vulnerable to Path Traversal |
| CVE-2025-27134 | 2025-04-30 | Privilege escalation in Joplin server via user patch endpoint |
| CVE-2025-46342 | 2025-04-30 | Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements |
| CVE-2025-32376 | 2025-04-30 | Discourse DM limits aren’t always properly enforced |
| CVE-2025-3859 | 2025-04-30 | Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a... |
| CVE-2025-3599 | 2025-04-30 | Symantec Endpoint Protection Elevation of Privilege |
| CVE-2025-30391 | 2025-04-30 | Microsoft Dynamics Information Disclosure Vulnerability |
| CVE-2025-30389 | 2025-04-30 | Azure Bot Framework SDK Elevation of Privilege Vulnerability |
| CVE-2025-33074 | 2025-04-30 | Azure Functions Remote Code Execution Vulnerability |
| CVE-2025-30390 | 2025-04-30 | Azure ML Compute Elevation of Privilege Vulnerability |
| CVE-2025-30392 | 2025-04-30 | Azure AI bot Elevation of Privilege Vulnerability |
| CVE-2025-21416 | 2025-04-30 | Azure Virtual Desktop Elevation of Privilege Vulnerability |
| CVE-2025-39413 | 2025-04-30 | WordPress Simple Sitemap – Create a Responsive HTML Sitemap plugin <= 3.5.14 - Broken Access Control vulnerability |
| CVE-2025-24091 | 2025-04-30 | An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to... |
| CVE-2025-4135 | 2025-04-30 | Netgear WG302v2 ui_get_input_value command injection |
| CVE-2024-47784 | 2025-04-30 | Unverified Password Change |