Lista CVE - 2025 / Maggio
Visualizzazione 1101 - 1200 di 3982 CVE per Maggio 2025 (Pagina 12 di 40)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-47674 | 2025-05-07 | WordPress Credova_Financial <= 2.5.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47675 | 2025-05-07 | WordPress Woobox <= 1.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47676 | 2025-05-07 | WordPress User Login History <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47677 | 2025-05-07 | WordPress Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.25 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47679 | 2025-05-07 | WordPress RS WP Book Showcase <= 6.7.40 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47681 | 2025-05-07 | WordPress Web Accessibility with Max Access <= 2.0.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47683 | 2025-05-07 | WordPress WP Maintenance <= 6.1.9.7 - PHP Object Injection Vulnerability |
| CVE-2025-47684 | 2025-05-07 | WordPress Smaily for WP <= 3.1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47685 | 2025-05-07 | WordPress Contribuinte Checkout plugin <= 2.0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-47686 | 2025-05-07 | WordPress DELUCKS SEO <= 2.5.9 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47688 | 2025-05-07 | WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulnerability |
| CVE-2025-47691 | 2025-05-07 | WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability |
| CVE-2025-47692 | 2025-05-07 | WordPress ContentStudio <= 1.3.3 - Broken Access Control Vulnerability |
| CVE-2025-2775 | 2025-05-07 | SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection |
| CVE-2025-2776 | 2025-05-07 | SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection |
| CVE-2025-2777 | 2025-05-07 | SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection |
| CVE-2024-47619 | 2025-05-07 | tranport: TLS host name wildcard matching too lax |
| CVE-2025-46827 | 2025-05-07 | Graylog Allows Session Takeover via Insufficient HTML Sanitization |
| CVE-2025-46551 | 2025-05-07 | JRuby-OpenSSL has hostname verification disabled by default |
| CVE-2025-20210 | 2025-05-07 | Cisco Catalyst Center Unprotected API Endpoint |
| CVE-2025-20157 | 2025-05-07 | Cisco Catalyst vManage Certificate Validation Vulnerability |
| CVE-2025-20182 | 2025-05-07 | Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software and IOS XE Software IKEv2 Denial of Service Vulnerability |
| CVE-2025-20213 | 2025-05-07 | Cisco Catalyst SDWAN Manager Arbitrary File Overwrite Vulnerability |
| CVE-2025-32819 | 2025-05-07 | A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to... |
| CVE-2025-20122 | 2025-05-07 | Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability |
| CVE-2025-20187 | 2025-05-07 | Cisco SD-WAN Manager Software Arbitrary File Creation Vulnerability |
| CVE-2025-20191 | 2025-05-07 | Multiple Cisco Products Denial of Service Vulnerability |
| CVE-2025-20151 | 2025-05-07 | Cisco IOS and IOS XE Software SNMPv3 Configuration Restriction Vulnerability |
| CVE-2025-20154 | 2025-05-07 | Cisco IOS, IOS XE and IOS XR Software TWAMP Denial of Service Vulnerability |
| CVE-2025-20216 | 2025-05-07 | Cisco Catalyst SD-WAN Manager Reflected HTML Injection Vulnerability |
| CVE-2025-20147 | 2025-05-07 | Cisco SD-WAN vManage Stored Cross-Site Scripting Vulnerability |
| CVE-2025-32820 | 2025-05-07 | A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable. |
| CVE-2025-32821 | 2025-05-07 | A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. |
| CVE-2025-20137 | 2025-05-07 | A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated,... |
| CVE-2025-20214 | 2025-05-07 | A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational... |
| CVE-2025-20188 | 2025-05-07 | A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers... |
| CVE-2025-46828 | 2025-05-07 | Unauthenticated SQL Injection on get_socios.php endpoint |
| CVE-2025-20190 | 2025-05-07 | A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an... |
| CVE-2025-20202 | 2025-05-07 | A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is... |
| CVE-2025-20181 | 2025-05-07 | A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker... |
| CVE-2025-20189 | 2025-05-07 | A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated,... |
| CVE-2025-20192 | 2025-05-07 | A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.... |
| CVE-2025-20164 | 2025-05-07 | A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient... |
| CVE-2025-20140 | 2025-05-07 | A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial... |
| CVE-2025-20155 | 2025-05-07 | A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to... |
| CVE-2025-20223 | 2025-05-07 | A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service... |
| CVE-2025-20186 | 2025-05-07 | A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account... |
| CVE-2025-46824 | 2025-05-07 | Discourse Code Review Plugin vulnerable to XSS via auto link commits |
| CVE-2025-20196 | 2025-05-07 | A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application... |
| CVE-2025-20162 | 2025-05-07 | A vulnerability in the DHCP snooping security feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a full interface queue wedge, which could result in... |
| CVE-2025-20221 | 2025-05-07 | A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability... |
| CVE-2025-20197 | 2025-05-07 | A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system... |
| CVE-2025-20198 | 2025-05-07 | A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system... |
| CVE-2025-20199 | 2025-05-07 | A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system... |
| CVE-2025-20200 | 2025-05-07 | A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system... |
| CVE-2025-20201 | 2025-05-07 | A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system... |
| CVE-2025-20193 | 2025-05-07 | A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.r This vulnerability... |
| CVE-2025-20194 | 2025-05-07 | A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability... |
| CVE-2025-20195 | 2025-05-07 | A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of... |
| CVE-2025-30147 | 2025-05-07 | ALTBN128_ADD, ALTBN128_MUL, ALTBN128_PAIRING precompile functions do not check if points are on curve |
| CVE-2025-3476 | 2025-05-07 | Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4. |
| CVE-2025-3272 | 2025-05-07 | Incorrect user authorization vulnerability has been identified in Open Text Operations Bridge Manager. |
| CVE-2025-3925 | 2025-05-07 | BrightSign Players Execution with Unnecessary Privileges |
| CVE-2025-4043 | 2025-05-07 | Milesight UG65-868M-EA Improper Access Control for Volatile Memory Containing Boot Code |
| CVE-2025-31177 | 2025-05-07 | Gnuplot: gnuplot heap-buffer overflow on utf8_copy_one |
| CVE-2025-46821 | 2025-05-07 | Envoy vulnerable to bypass of RBAC uri_template permission |
| CVE-2025-46826 | 2025-05-07 | insa-auth Open-Redirect on provided CAS server login endpoint |
| CVE-2023-7303 | 2025-05-07 | q2apro q2apro-on-site-notifications q2apro-onsitenotifications-page.php process_request cross site scripting |
| CVE-2025-41399 | 2025-05-07 | SCTP Vulnerability |
| CVE-2025-36557 | 2025-05-07 | BIG-IP HTTP vulnerability |
| CVE-2025-36546 | 2025-05-07 | F5OS Appliance Mode vulnerability |
| CVE-2025-43878 | 2025-05-07 | F5OS-A/C CLI vulnerability |
| CVE-2025-46265 | 2025-05-07 | F5OS vulnerability |
| CVE-2025-41433 | 2025-05-07 | BIG-IP SIP ALG profile vulnerability |
| CVE-2025-41414 | 2025-05-07 | BIG-IP HTTP/2 vulnerability |
| CVE-2025-36504 | 2025-05-07 | BIG-IP HTTP/2 vulnerability |
| CVE-2025-36525 | 2025-05-07 | BIG-IP APM PingAccess Virtual Server Vulnerability |
| CVE-2025-35995 | 2025-05-07 | BIG-IP PEM vulnerability |
| CVE-2025-31644 | 2025-05-07 | Appliance mode BIG-IP iControl REST and tmsh vulnerability |
| CVE-2025-41431 | 2025-05-07 | TMM Vulnerability |
| CVE-2025-35939 | 2025-05-07 | Craft CMS stores user-provided content in session files |
| CVE-2025-0936 | 2025-05-07 | On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly |
| CVE-2025-32441 | 2025-05-07 | Rack session gets restored after deletion |
| CVE-2025-46727 | 2025-05-07 | Unbounded-Parameter DoS in Rack::QueryParser |
| CVE-2024-55651 | 2025-05-07 | i-Educar Stored Cross-Site Scripting vulnerability |
| CVE-2023-31585 | 2025-05-08 | Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php. |
| CVE-2023-51295 | 2025-05-08 | PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. |
| CVE-2023-51328 | 2025-05-08 | PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters. |
| CVE-2025-26842 | 2025-05-08 | An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to... |
| CVE-2025-26844 | 2025-05-08 | An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag. |
| CVE-2025-26845 | 2025-05-08 | An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user... |
| CVE-2025-26847 | 2025-05-08 | An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked. |
| CVE-2025-28073 | 2025-05-08 | phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized. |
| CVE-2025-28074 | 2025-05-08 | phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted... |
| CVE-2025-32873 | 2025-05-08 | An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs... |
| CVE-2025-43926 | 2025-05-08 | An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys.... |
| CVE-2025-44021 | 2025-05-08 | OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a... |
| CVE-2025-44023 | 2025-05-08 | An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows an attacker to execute arbitrary via the account_mgr.cgi->cgi_chg_admin_pw components. |
| CVE-2025-45787 | 2025-05-08 | TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules. |
| CVE-2025-45788 | 2025-05-08 | TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules. |