Lista CVE - 2025 / Aprile
Visualizzazione 401 - 500 di 4033 CVE per Aprile 2025 (Pagina 5 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-31462 | 2025-04-01 | WordPress CGM Event Calendar <= 0.8.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31525 | 2025-04-01 | WordPress WP Mobile Bottom Menu plugin <= 1.2.9 - Broken Access Control vulnerability |
| CVE-2025-31531 | 2025-04-01 | WordPress History Log by click5 plugin <= 1.0.13 - SQL Injection vulnerability |
| CVE-2025-31534 | 2025-04-01 | WordPress Shopper plugin <= 3.2.5 - SQL Injection vulnerability |
| CVE-2025-31537 | 2025-04-01 | WordPress Bulk NoIndex & NoFollow Toolkit plugin <= 2.16 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31548 | 2025-04-01 | WordPress Ultimate Push Notifications plugin <= 1.1.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31550 | 2025-04-01 | WordPress WP-LESS plugin <= 1.9.3-3 - Sensitive Data Exposure vulnerability |
| CVE-2025-31551 | 2025-04-01 | WordPress Salesmate Add-On for Gravity Forms plugin <= 2.0.3 - SQL Injection vulnerability |
| CVE-2025-31552 | 2025-04-01 | WordPress RSVPMarker plugin <= 11.4.8 - SQL Injection vulnerability |
| CVE-2025-31553 | 2025-04-01 | WordPress Advanced WooCommerce Product Sales Reporting plugin <= 3.1 - SQL Injection vulnerability |
| CVE-2025-31560 | 2025-04-01 | WordPress Salon booking system plugin <= 10.11 - Privilege Escalation vulnerability |
| CVE-2025-31561 | 2025-04-01 | WordPress Ultimate Push Notifications plugin <= 1.1.8 - SQL Injection vulnerability |
| CVE-2025-31563 | 2025-04-01 | WordPress AI Search Bar plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31564 | 2025-04-01 | ChatGPT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin <= 2.1.7 - SQL Injection vulnerability |
| CVE-2025-31568 | 2025-04-01 | WordPress LeadLab by wiredminds plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31571 | 2025-04-01 | WordPress The Logo Slider plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31578 | 2025-04-01 | WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31579 | 2025-04-01 | WordPress WP AutoKeyword plugin <= 1.0 - SQL Injection vulnerability |
| CVE-2025-31580 | 2025-04-01 | WordPress Ni WooCommerce Product Enquiry plugin <= 4.1.8 - Broken Access Control vulnerability |
| CVE-2025-31594 | 2025-04-01 | WordPress Auto scroll for reading plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31612 | 2025-04-01 | WordPress CBX Poll plugin <= 1.2.7 - PHP Object Injection vulnerability |
| CVE-2025-31619 | 2025-04-01 | WordPress Actionwear products sync plugin <= 2.3.3 - SQL Injection vulnerability |
| CVE-2025-31628 | 2025-04-01 | WordPress Sliced Invoices plugin <= 3.9.4 - Broken Access Control vulnerability |
| CVE-2025-31819 | 2025-04-01 | WordPress Nova Blocks by Pixelgrade plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31889 | 2025-04-01 | WordPress Extensions for Elementor plugin <= 2.0.40 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-13941 | 2025-04-01 | ouch-org ouch zip.rs convert_zip_date_time memory corruption |
| CVE-2025-31135 | 2025-04-01 | Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times |
| CVE-2025-30356 | 2025-04-01 | Heap Buffer Overflow via Incomplete Length Check in `Crypto_TC_ApplySecurity` |
| CVE-2024-37917 | 2025-04-02 | Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message. |
| CVE-2024-38392 | 2025-04-02 | Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code. |
| CVE-2025-22923 | 2025-04-02 | An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile. |
| CVE-2025-22924 | 2025-04-02 | OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php. |
| CVE-2025-22925 | 2025-04-02 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the table parameter at /attendance/AttendanceCodes.php. The remote, authenticated attacker requires the admin role to successfully exploit... |
| CVE-2025-27556 | 2025-04-02 | An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to... |
| CVE-2025-29062 | 2025-04-02 | An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice. |
| CVE-2025-29063 | 2025-04-02 | An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly. |
| CVE-2025-29085 | 2025-04-02 | SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component. |
| CVE-2025-29719 | 2025-04-02 | SourceCodester (rems) Employee Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add_employee.php via the First Name and Address text fields. |
| CVE-2025-30080 | 2025-04-02 | Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort). |
| CVE-2025-30090 | 2025-04-02 | mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true. |
| CVE-2025-29981 | 2025-04-02 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability,... |
| CVE-2025-29982 | 2025-04-02 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized... |
| CVE-2025-27694 | 2025-04-02 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of... |
| CVE-2025-27693 | 2025-04-02 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could... |
| CVE-2025-27692 | 2025-04-02 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this... |
| CVE-2025-3066 | 2025-04-02 | Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-3067 | 2025-04-02 | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege... |
| CVE-2025-3068 | 2025-04-02 | Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-3069 | 2025-04-02 | Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-3070 | 2025-04-02 | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-3071 | 2025-04-02 | Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via... |
| CVE-2025-3072 | 2025-04-02 | Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via... |
| CVE-2025-3073 | 2025-04-02 | Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a... |
| CVE-2025-3074 | 2025-04-02 | Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2025-2779 | 2025-04-02 | Insert Headers and Footers Code – HT Script <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2025-25060 | 2025-04-02 | Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by... |
| CVE-2025-27244 | 2025-04-02 | AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker. |
| CVE-2024-36465 | 2025-04-02 | SQL injection in Zabbix API |
| CVE-2024-36469 | 2025-04-02 | User enumeration via timing attack in Zabbix web interface |
| CVE-2024-42325 | 2025-04-02 | Excessive information returned by user.get |
| CVE-2024-45699 | 2025-04-02 | Reflected XSS vulnerability in /zabbix.php?action=export.valuemaps |
| CVE-2024-45700 | 2025-04-02 | DoS vulnerability due to uncontrolled resource exhaustion |
| CVE-2025-0415 | 2025-04-02 | Command Injection in NTP Setting |
| CVE-2025-0676 | 2025-04-02 | Commend Injection Leading to Privilege Escalation |
| CVE-2024-39780 | 2025-04-02 | Use of unsafe yaml load in dynparam |
| CVE-2023-40714 | 2025-04-02 | A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements |
| CVE-2025-2005 | 2025-04-02 | Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload |
| CVE-2025-3099 | 2025-04-02 | Advanced Search by My Solr Server <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-3098 | 2025-04-02 | Video Url <= 1.0.0.3 - Reflected Cross-Site Scripting |
| CVE-2025-2513 | 2025-04-02 | Smart Icons For WordPress <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-12410 | 2025-04-02 | Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection |
| CVE-2024-13637 | 2025-04-02 | Demo Awesome <= 1.0.3 - Missing Authorization to Authenticated (Subscriber+) Plugin Activation |
| CVE-2025-2483 | 2025-04-02 | Gift Certificate Creator <= 1.1.0 - Reflected Cross-Site Scripting via receip_address Parameter |
| CVE-2025-3063 | 2025-04-02 | Shopper Approved Reviews 2.0 - 2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-3097 | 2025-04-02 | wp Time Machine <= 3.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-2786 | 2025-04-02 | Tempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operator |
| CVE-2025-2842 | 2025-04-02 | Tempo-operator: tempo operator token exposition lead to read sensitive data |
| CVE-2025-21987 | 2025-04-02 | drm/amdgpu: init return value in amdgpu_ttm_clear_buffer |
| CVE-2025-1805 | 2025-04-02 | Crypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposes |
| CVE-2025-21988 | 2025-04-02 | fs/netfs/read_collect: add to next->prev_donated |
| CVE-2025-21989 | 2025-04-02 | drm/amd/display: fix missing .is_two_pixels_per_container |
| CVE-2025-21990 | 2025-04-02 | drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags |
| CVE-2025-21991 | 2025-04-02 | x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes |
| CVE-2025-21992 | 2025-04-02 | HID: ignore non-functional sensor in HP 5MP Camera |
| CVE-2025-21993 | 2025-04-02 | iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() |
| CVE-2024-50596 | 2025-04-02 | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can... |
| CVE-2024-50597 | 2025-04-02 | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can... |
| CVE-2024-50594 | 2025-04-02 | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An... |
| CVE-2024-50595 | 2025-04-02 | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An... |
| CVE-2024-50384 | 2025-04-02 | A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker... |
| CVE-2024-50385 | 2025-04-02 | A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker... |
| CVE-2024-45064 | 2025-04-02 | A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker... |
| CVE-2025-21994 | 2025-04-02 | ksmbd: fix incorrect validation for num_aces field of smb_acl |
| CVE-2024-25051 | 2025-04-02 | IBM Jazz Reporting Service insufficient session expiration |
| CVE-2025-31720 | 2025-04-02 | A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to... |
| CVE-2025-31721 | 2025-04-02 | A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted... |
| CVE-2025-31722 | 2025-04-02 | In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context... |
| CVE-2025-31723 | 2025-04-02 | A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order. |
| CVE-2025-31724 | 2025-04-02 | Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended... |
| CVE-2025-31725 | 2025-04-02 | Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the... |