Lista CVE - 2025 / Maggio
Visualizzazione 1201 - 1300 di 3982 CVE per Maggio 2025 (Pagina 13 di 40)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-45789 | 2025-05-08 | TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules. |
| CVE-2025-45790 | 2025-05-08 | TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so. |
| CVE-2025-45797 | 2025-05-08 | TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so. |
| CVE-2025-45798 | 2025-05-08 | A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter. |
| CVE-2025-45818 | 2025-05-08 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php. |
| CVE-2025-45819 | 2025-05-08 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php. |
| CVE-2025-45820 | 2025-05-08 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php. |
| CVE-2025-45841 | 2025-05-08 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. |
| CVE-2025-45842 | 2025-05-08 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function. |
| CVE-2025-45843 | 2025-05-08 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function. |
| CVE-2025-45844 | 2025-05-08 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function. |
| CVE-2025-45845 | 2025-05-08 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function. |
| CVE-2025-45846 | 2025-05-08 | ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the torrentsindex parameter in the formBTClinetSetting function. |
| CVE-2025-45847 | 2025-05-08 | ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the targetAPMac parameter in the formWsc function. |
| CVE-2025-47729 | 2025-05-08 | The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption... |
| CVE-2025-47730 | 2025-05-08 | The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive Signal) app with the credentials of logfile for the user... |
| CVE-2024-13793 | 2025-05-08 | Wolmart | Multi-Vendor Marketplace WooCommerce Theme <= 1.8.11 - Unauthenticated Arbitrary Shortcode Execution in wolmart_loadmore |
| CVE-2025-3419 | 2025-05-08 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read |
| CVE-2025-37800 | 2025-05-08 | driver core: fix potential NULL pointer dereference in dev_uevent() |
| CVE-2025-37801 | 2025-05-08 | spi: spi-imx: Add check for spi_imx_setupxfer() |
| CVE-2025-37802 | 2025-05-08 | ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" |
| CVE-2025-37803 | 2025-05-08 | udmabuf: fix a buf size overflow issue during udmabuf creation |
| CVE-2025-37805 | 2025-05-08 | sound/virtio: Fix cancel_sync warnings on uninitialized work_structs |
| CVE-2025-37806 | 2025-05-08 | fs/ntfs3: Keep write operations atomic |
| CVE-2025-37807 | 2025-05-08 | bpf: Fix kmemleak warning for percpu hashmap |
| CVE-2025-37808 | 2025-05-08 | crypto: null - Use spin lock instead of mutex |
| CVE-2025-37809 | 2025-05-08 | usb: typec: class: Fix NULL pointer access |
| CVE-2025-37810 | 2025-05-08 | usb: dwc3: gadget: check that event count does not exceed event buffer length |
| CVE-2025-37811 | 2025-05-08 | usb: chipidea: ci_hdrc_imx: fix usbmisc handling |
| CVE-2025-37812 | 2025-05-08 | usb: cdns3: Fix deadlock when using NCM gadget |
| CVE-2025-37813 | 2025-05-08 | usb: xhci: Fix invalid pointer dereference in Etron workaround |
| CVE-2025-37814 | 2025-05-08 | tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT |
| CVE-2025-37815 | 2025-05-08 | misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration |
| CVE-2025-37816 | 2025-05-08 | mei: vsc: Fix fortify-panic caused by invalid counted_by() use |
| CVE-2025-37817 | 2025-05-08 | mcb: fix a double free bug in chameleon_parse_gdd() |
| CVE-2025-37818 | 2025-05-08 | LoongArch: Return NULL from huge_pte_offset() for invalid PMD |
| CVE-2025-37819 | 2025-05-08 | irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() |
| CVE-2025-37820 | 2025-05-08 | xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() |
| CVE-2025-37821 | 2025-05-08 | sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash |
| CVE-2025-37822 | 2025-05-08 | riscv: uprobes: Add missing fence.i after building the XOL buffer |
| CVE-2025-37823 | 2025-05-08 | net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too |
| CVE-2025-37824 | 2025-05-08 | tipc: fix NULL pointer dereference in tipc_mon_reinit_self() |
| CVE-2025-37825 | 2025-05-08 | nvmet: fix out-of-bounds access in nvmet_enable_port |
| CVE-2025-37826 | 2025-05-08 | scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() |
| CVE-2025-37827 | 2025-05-08 | btrfs: zoned: return EIO on RAID1 block group write pointer mismatch |
| CVE-2025-37828 | 2025-05-08 | scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() |
| CVE-2025-37829 | 2025-05-08 | cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() |
| CVE-2025-37830 | 2025-05-08 | cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() |
| CVE-2025-37831 | 2025-05-08 | cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() |
| CVE-2025-37833 | 2025-05-08 | net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads |
| CVE-2025-37834 | 2025-05-08 | mm/vmscan: don't try to reclaim hwpoison folio |
| CVE-2025-4127 | 2025-05-08 | WP SEO Structured Data Schema <= 2.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Settings |
| CVE-2025-40846 | 2025-05-08 | HaloITSM open redirect via the returnUrl |
| CVE-2025-1252 | 2025-05-08 | Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags. |
| CVE-2025-1253 | 2025-05-08 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags. |
| CVE-2025-1254 | 2025-05-08 | Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers. |
| CVE-2025-41450 | 2025-05-08 | Authentication bypass with privileged access in Danfoss AK-SM 8xxA Series prior to version 4.2 |
| CVE-2025-3758 | 2025-05-08 | Exposure of Device Configuration without Authentication in WF2220 |
| CVE-2025-3759 | 2025-05-08 | Missing Authentication for Changing Device Configuration in WF2220 |
| CVE-2025-4208 | 2025-05-08 | NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function |
| CVE-2025-3862 | 2025-05-08 | Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2025-3468 | 2025-05-08 | NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting |
| CVE-2025-2806 | 2025-05-08 | tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'data' |
| CVE-2025-3506 | 2025-05-08 | Potentially senitive path exposed via unauthenticated http route |
| CVE-2024-6648 | 2025-05-08 | Path Traversal in AP Page Builder |
| CVE-2025-4207 | 2025-05-08 | PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation |
| CVE-2024-13009 | 2025-05-08 | Eclipse Jetty GZIP buffer release |
| CVE-2025-30102 | 2025-05-08 | Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to denial of service. |
| CVE-2025-30101 | 2025-05-08 | Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to denial of... |
| CVE-2025-4098 | 2025-05-08 | Out-of-bounds Read in Horner Automation Cscape |
| CVE-2025-1948 | 2025-05-08 | Eclipse Jetty HTTP clients can increase memory allocation |
| CVE-2024-8100 | 2025-05-08 | On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision. |
| CVE-2025-0505 | 2025-05-08 | On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state |
| CVE-2024-11186 | 2025-05-08 | On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-prem |
| CVE-2024-12378 | 2025-05-08 | On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear. |
| CVE-2025-27695 | 2025-05-08 | Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to... |
| CVE-2024-9448 | 2025-05-08 | On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropp |
| CVE-2025-46336 | 2025-05-08 | Rack session gets restored after deletion |
| CVE-2025-46712 | 2025-05-08 | Erlang/OTP SSH Has Strict KEX Violations |
| CVE-2025-46812 | 2025-05-08 | Trix vulnerable to Cross-site Scripting on copy & paste |
| CVE-2025-46833 | 2025-05-08 | Programs/P73_SimplePythonEncryption.py has weak cryptographic key |
| CVE-2025-1329 | 2025-05-08 | IBM CICS TX code execution |
| CVE-2025-1330 | 2025-05-08 | IBM CICS TX code execution |
| CVE-2025-1331 | 2025-05-08 | IBM CICS TX code execution |
| CVE-2025-33072 | 2025-05-08 | Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability |
| CVE-2025-29972 | 2025-05-08 | Azure Storage Resource Provider Spoofing Vulnerability |
| CVE-2025-29827 | 2025-05-08 | Azure Automation Elevation of Privilege Vulnerability |
| CVE-2025-29813 | 2025-05-08 | Azure DevOps Elevation of Privilege Vulnerability |
| CVE-2025-47733 | 2025-05-08 | Microsoft Power Apps Information Disclosure Vulnerability |
| CVE-2025-47732 | 2025-05-08 | Microsoft Dataverse Remote Code Execution Vulnerability |
| CVE-2025-27578 | 2025-05-08 | Pixmeo OsiriX MD Use After Free |
| CVE-2025-31946 | 2025-05-08 | Pixmeo OsiriX MD Use After Free |
| CVE-2025-27720 | 2025-05-08 | Pixmeo OsiriX MD Cleartext Transmission of Sensitive Information |
| CVE-2025-4440 | 2025-05-08 | H3C GR-1800AX aspForm EnableIpv6 buffer overflow |
| CVE-2025-4441 | 2025-05-08 | D-Link DIR-605L formSetWAN_Wizard534 buffer overflow |
| CVE-2025-4442 | 2025-05-08 | D-Link DIR-605L formSetWAN_Wizard55 buffer overflow |
| CVE-2025-4443 | 2025-05-08 | D-Link DIR-605L sub_454F2C command injection |
| CVE-2025-28200 | 2025-05-09 | Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address. |
| CVE-2025-28201 | 2025-05-09 | An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically proximate attackers to execute arbitrary code or gain root access. |
| CVE-2025-28202 | 2025-05-09 | Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet services without authentication. |