Lista CVE - 2025 / Maggio
Visualizzazione 1 - 100 di 3984 CVE per Maggio 2025 (Pagina 1 di 40)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-48905 | 2025-05-01 | Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. |
| CVE-2024-48906 | 2025-05-01 | Sematell ReplyOne 7.4.3.0 allows XSS via a ReplyDesk e-mail attachment... |
| CVE-2024-48907 | 2025-05-01 | Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API. |
| CVE-2025-32881 | 2025-05-01 | An issue was discovered on goTenna v1 devices with app... |
| CVE-2025-32882 | 2025-05-01 | An issue was discovered on goTenna v1 devices with app... |
| CVE-2025-32884 | 2025-05-01 | An issue was discovered on goTenna Mesh devices with app... |
| CVE-2025-32885 | 2025-05-01 | An issue was discovered on goTenna v1 devices with app... |
| CVE-2025-32886 | 2025-05-01 | An issue was discovered on goTenna v1 devices with app... |
| CVE-2025-32887 | 2025-05-01 | An issue was discovered on goTenna v1 devices with app... |
| CVE-2025-32888 | 2025-05-01 | An issue was discovered on goTenna Mesh devices with app... |
| CVE-2025-32889 | 2025-05-01 | An issue was discovered on goTenna v1 devices with app... |
| CVE-2025-32890 | 2025-05-01 | An issue was discovered on goTenna Mesh devices with app... |
| CVE-2025-44835 | 2025-05-01 | D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection... |
| CVE-2025-44836 | 2025-05-01 | TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command... |
| CVE-2025-44837 | 2025-05-01 | TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command... |
| CVE-2025-44838 | 2025-05-01 | TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command... |
| CVE-2025-44839 | 2025-05-01 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection... |
| CVE-2025-44840 | 2025-05-01 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection... |
| CVE-2025-44841 | 2025-05-01 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection... |
| CVE-2025-44842 | 2025-05-01 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection... |
| CVE-2025-44843 | 2025-05-01 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection... |
| CVE-2025-44844 | 2025-05-01 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection... |
| CVE-2025-44845 | 2025-05-01 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection... |
| CVE-2025-44846 | 2025-05-01 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection... |
| CVE-2025-44847 | 2025-05-01 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection... |
| CVE-2025-44848 | 2025-05-01 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection... |
| CVE-2025-44854 | 2025-05-01 | TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection... |
| CVE-2025-44860 | 2025-05-01 | TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection... |
| CVE-2025-44861 | 2025-05-01 | TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection... |
| CVE-2025-44862 | 2025-05-01 | TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection... |
| CVE-2025-44863 | 2025-05-01 | TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection... |
| CVE-2025-44864 | 2025-05-01 | Tenda W20E V15.11.0.6 was found to contain a command injection... |
| CVE-2025-44865 | 2025-05-01 | Tenda W20E V15.11.0.6 was found to contain a command injection... |
| CVE-2025-44866 | 2025-05-01 | Tenda W20E V15.11.0.6 was found to contain a command injection... |
| CVE-2025-44867 | 2025-05-01 | Tenda W20E V15.11.0.6 was found to contain a command injection... |
| CVE-2025-46625 | 2025-05-01 | Lack of input validation/sanitization in the 'setLanCfg' API endpoint in... |
| CVE-2025-46626 | 2025-05-01 | Reuse of a static AES key and initialization vector for... |
| CVE-2025-46627 | 2025-05-01 | Use of weak credentials in the Tenda RX2 Pro 16.03.30.14... |
| CVE-2025-46628 | 2025-05-01 | Lack of input validation/sanitization in the 'ate' management service in... |
| CVE-2025-46629 | 2025-05-01 | Lack of access controls in the 'ate' management binary of... |
| CVE-2025-46630 | 2025-05-01 | Improper access controls in the web management portal of the... |
| CVE-2025-46631 | 2025-05-01 | Improper access controls in the web management portal of the... |
| CVE-2025-46632 | 2025-05-01 | Initialization vector (IV) reuse in the web management portal of... |
| CVE-2025-46633 | 2025-05-01 | Cleartext transmission of sensitive information in the web management portal... |
| CVE-2025-46634 | 2025-05-01 | Cleartext transmission of sensitive information in the web management portal... |
| CVE-2025-46635 | 2025-05-01 | An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices.... |
| CVE-2025-47153 | 2025-05-01 | Certain build processes for libuv and Node.js for 32-bit systems,... |
| CVE-2025-47154 | 2025-05-01 | LibJS in Ladybird before f5a6704 mishandles the freeing of the... |
| CVE-2025-4145 | 2025-05-01 | Netgear EX6200 sub_3D0BC buffer overflow |
| CVE-2025-4143 | 2025-05-01 | Missing validation of redirect_uri on authorize endpoint |
| CVE-2025-4144 | 2025-05-01 | PKCE bypass via downgrade attack |
| CVE-2025-4146 | 2025-05-01 | Netgear EX6200 sub_41940 buffer overflow |
| CVE-2025-4147 | 2025-05-01 | Netgear EX6200 sub_47F7C buffer overflow |
| CVE-2025-2816 | 2025-05-01 | Page View Count 2.8.0 - 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2025-4148 | 2025-05-01 | Netgear EX6200 sub_503FC buffer overflow |
| CVE-2025-1305 | 2025-05-01 | NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation |
| CVE-2025-1304 | 2025-05-01 | NewsBlogger <= 0.2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-2168 | 2025-05-01 | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.4.1 - Cross-Site Request Forgery to Limited User Meta Update |
| CVE-2025-4149 | 2025-05-01 | Netgear EX6200 sub_54014 buffer overflow |
| CVE-2025-4099 | 2025-05-01 | List Children <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-13845 | 2025-05-01 | Gravity Forms WebHooks <= 1.6.0 - Authenticated (Admin+) Server-Side Request Forgery via Webhook |
| CVE-2025-3952 | 2025-05-01 | Projectopia – WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion |
| CVE-2025-4150 | 2025-05-01 | Netgear EX6200 sub_54340 buffer overflow |
| CVE-2025-4151 | 2025-05-01 | PHPGurukul Curfew e-Pass Management System pass-bwdates-reports-details.php sql injection |
| CVE-2024-13381 | 2025-05-01 | Calculated Fields Form < 5.2.62 - Admin+ Stored XSS |
| CVE-2025-3502 | 2025-05-01 | WP Maps < 4.7.2 - Admin+ Stored XSS |
| CVE-2025-3503 | 2025-05-01 | WP Maps < 4.7.2 - Admin+ Stored XSS |
| CVE-2025-3504 | 2025-05-01 | WP Maps < 4.7.2 - Admin+ Stored XSS |
| CVE-2025-4152 | 2025-05-01 | PHPGurukul Online Birth Certificate System bwdates-reports-details.php sql injection |
| CVE-2025-4153 | 2025-05-01 | PHPGurukul Park Ticketing Management System profile.php sql injection |
| CVE-2025-4100 | 2025-05-01 | Nautic Pages <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-3521 | 2025-05-01 | Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-4154 | 2025-05-01 | PHPGurukul Pre-School Enrollment System enrollment-details.php sql injection |
| CVE-2025-4155 | 2025-05-01 | PHPGurukul Boat Booking System edit-boat.php sql injection |
| CVE-2025-4156 | 2025-05-01 | PHPGurukul Boat Booking System change-image.php sql injection |
| CVE-2025-4157 | 2025-05-01 | PHPGurukul Boat Booking System booking-details.php sql injection |
| CVE-2025-4158 | 2025-05-01 | PCMan FTP Server PROMPT Command buffer overflow |
| CVE-2025-4159 | 2025-05-01 | PCMan FTP Server GLOB Command buffer overflow |
| CVE-2025-4160 | 2025-05-01 | PCMan FTP Server LS Command buffer overflow |
| CVE-2025-4161 | 2025-05-01 | PCMan FTP Server VERBOSE Command buffer overflow |
| CVE-2025-27007 | 2025-05-01 | WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability |
| CVE-2025-4162 | 2025-05-01 | PCMan FTP Server ASCII Command buffer overflow |
| CVE-2025-1529 | 2025-05-01 | AM LottiePlayer <= 3.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Lottie File |
| CVE-2025-3889 | 2025-05-01 | WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference via 'quantity' |
| CVE-2025-3874 | 2025-05-01 | WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference |
| CVE-2025-3890 | 2025-05-01 | WordPress Simple PayPal Shopping Cart <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-4163 | 2025-05-01 | PHPGurukul Land Record System aboutus.php sql injection |
| CVE-2025-4164 | 2025-05-01 | PHPGurukul Employee Record Management System changepassword.php sql injection |
| CVE-2025-23140 | 2025-05-01 | misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error |
| CVE-2025-23141 | 2025-05-01 | KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses |
| CVE-2025-23142 | 2025-05-01 | sctp: detect and prevent references to a freed transport in sendmsg |
| CVE-2025-23143 | 2025-05-01 | net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. |
| CVE-2025-23144 | 2025-05-01 | backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() |
| CVE-2025-23145 | 2025-05-01 | mptcp: fix NULL pointer in can_accept_new_subflow |
| CVE-2025-23146 | 2025-05-01 | mfd: ene-kb3930: Fix a potential NULL pointer dereference |
| CVE-2025-23147 | 2025-05-01 | i3c: Add NULL pointer check in i3c_master_queue_ibi() |
| CVE-2025-23148 | 2025-05-01 | soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() |
| CVE-2025-23149 | 2025-05-01 | tpm: do not start chip while suspended |
| CVE-2025-23150 | 2025-05-01 | ext4: fix off-by-one error in do_split |
| CVE-2025-23151 | 2025-05-01 | bus: mhi: host: Fix race between unprepare and queue_buf |