Lista CVE - 2025 / Maggio
Visualizzazione 3501 - 3600 di 3982 CVE per Maggio 2025 (Pagina 36 di 40)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-5133 | 2025-05-24 | Tmall Demo Search Box cross site scripting |
| CVE-2025-5134 | 2025-05-24 | Tmall Demo Buy Item Page cross site scripting |
| CVE-2025-5135 | 2025-05-24 | Tmall Demo Product Details Page admin cross site scripting |
| CVE-2025-5136 | 2025-05-24 | Tmall Demo Payment Identifier pay random values |
| CVE-2025-5137 | 2025-05-25 | DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection |
| CVE-2025-5138 | 2025-05-25 | Bitwarden PDF File cross site scripting |
| CVE-2025-5139 | 2025-05-25 | Qualitor Office 365-type Connection testaConexaoOffice365.php command injection |
| CVE-2025-5140 | 2025-05-25 | Seeyon Zhiyuan OA Web Application System ThirdMenuController.class this.oursNetService.getData server-side request forgery |
| CVE-2025-5145 | 2025-05-25 | Netcore POWER13 Query String cgi-bin command injection |
| CVE-2025-5146 | 2025-05-25 | Netcore NBR200V2 HTTP Header routerd passwd_set command injection |
| CVE-2025-5147 | 2025-05-25 | Netcore NBR1005GPEV2/NBR200V2/B6V2 network_tools tools_ping command injection |
| CVE-2025-5148 | 2025-05-25 | FunAudioLLM InspireMusic Pickle Data model.py load_state_dict deserialization |
| CVE-2025-5149 | 2025-05-25 | WCMS Login getallcon getMemberByUid improper authentication |
| CVE-2025-5150 | 2025-05-25 | docarray Web API torch_dataset.py __getitem__ prototype pollution |
| CVE-2025-5151 | 2025-05-25 | defog-ai introspect analysis_tools.py execute_analysis_code_safely code injection |
| CVE-2025-5152 | 2025-05-25 | Chanjet CRM newActivityedit.php sql injection |
| CVE-2025-5153 | 2025-05-25 | CMS Made Simple Design Manager Module cross site scripting |
| CVE-2025-5154 | 2025-05-25 | PhonePe App SQLite Database databases cleartext storage in a file or on disk |
| CVE-2025-5155 | 2025-05-25 | qianfox FoxCMS Article.php batchCope sql injection |
| CVE-2025-5156 | 2025-05-25 | H3C GR-5400AX aspForm EditWlanMacList buffer overflow |
| CVE-2025-5157 | 2025-05-25 | H3C SecCenter SMP-E1114P02 fileContent path traversal |
| CVE-2025-5158 | 2025-05-25 | H3C SecCenter SMP-E1114P02 downloadSoftware path traversal |
| CVE-2025-5159 | 2025-05-25 | H3C SecCenter SMP-E1114P02 download path traversal |
| CVE-2025-2146 | 2025-05-25 | Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive... |
| CVE-2025-5160 | 2025-05-26 | H3C SecCenter SMP-E1114P02 download path traversal |
| CVE-2025-5161 | 2025-05-26 | H3C SecCenter SMP-E1114P02 download operationDailyOut path traversal |
| CVE-2025-5162 | 2025-05-26 | H3C SecCenter SMP-E1114P02 importFile unrestricted upload |
| CVE-2025-5163 | 2025-05-26 | yangshare 技术杨工 warehouseManager 仓库管理系统 access control |
| CVE-2025-5164 | 2025-05-26 | PerfreeBlog JWT JwtUtil hard-coded key |
| CVE-2025-5165 | 2025-05-26 | Open Asset Import Library Assimp MDCLoader.cpp ValidateSurfaceHeader out-of-bounds |
| CVE-2025-5166 | 2025-05-26 | Open Asset Import Library Assimp MDC File Parser MDCLoader.cpp InternReadFile out-of-bounds |
| CVE-2025-5167 | 2025-05-26 | Open Asset Import Library Assimp LWOLoader.h GetS0 out-of-bounds |
| CVE-2025-5168 | 2025-05-26 | Open Asset Import Library Assimp MDLLoader.cpp ImportUVCoordinate_3DGS_MDL345 out-of-bounds |
| CVE-2025-5169 | 2025-05-26 | Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_3DGS_MDL345 out-of-bounds |
| CVE-2025-5170 | 2025-05-26 | llisoft MTA Maita Training System AdminShitiController.java AdminShitiListRequestVo sql injection |
| CVE-2025-5171 | 2025-05-26 | llisoft MTA Maita Training System OpenController.java this.fileService.download unrestricted upload |
| CVE-2025-5172 | 2025-05-26 | Econtrata valida sql injection |
| CVE-2025-41441 | 2025-05-26 | Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use... |
| CVE-2025-5173 | 2025-05-26 | HumanSignal label-studio-ml-backend PT File neural_nets.py load deserialization |
| CVE-2025-5174 | 2025-05-26 | erdogant pypickle pypickle.py load deserialization |
| CVE-2025-5175 | 2025-05-26 | erdogant pypickle pypickle.py save improper authorization |
| CVE-2025-5176 | 2025-05-26 | Realce Tecnologia Queue Ticket Kiosk Admin Login Page index.php sql injection |
| CVE-2025-1985 | 2025-05-26 | PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by XSS vulnerability |
| CVE-2025-41654 | 2025-05-26 | PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by information disclosure via the SNMP protocol |
| CVE-2025-41655 | 2025-05-26 | PEPPERL+FUCHS: Attacker can cause a DoS via URL |
| CVE-2025-5177 | 2025-05-26 | Realce Tecnologia Queue Ticket Kiosk Admin Login Page index.php cross site scripting |
| CVE-2025-4057 | 2025-05-26 | Activemq-artemis-operator: amq broker operator starting credentials reuse |
| CVE-2025-5178 | 2025-05-26 | Realce Tecnologia Queue Ticket Kiosk Image File ajax.php unrestricted upload |
| CVE-2025-40672 | 2025-05-26 | Privilege Escalation in Panloader.exe |
| CVE-2025-40671 | 2025-05-26 | SQL injection vulnerability in AES Multimedia's Gestnet |
| CVE-2025-5179 | 2025-05-26 | Realce Tecnologia Queue Ticket Kiosk Cadastro de Administrador Page index.php cross site scripting |
| CVE-2025-5180 | 2025-05-26 | Wondershare Filmora Installer NFWCHK.exe uncontrolled search path |
| CVE-2025-35003 | 2025-05-26 | Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities. |
| CVE-2025-4053 | 2025-05-26 | Unauthorized creation of master key in Mifare Classic Be-Tech cards |
| CVE-2025-5181 | 2025-05-26 | Summer Pearl Group Vacation Rental Management Platform updateListing cross site scripting |
| CVE-2025-5182 | 2025-05-26 | Summer Pearl Group Vacation Rental Management Platform Listing authorization |
| CVE-2025-5183 | 2025-05-26 | Summer Pearl Group Vacation Rental Management Platform Header redirect |
| CVE-2025-5184 | 2025-05-26 | Summer Pearl Group Vacation Rental Management Platform HTTP Response Header information disclosure |
| CVE-2025-5185 | 2025-05-26 | Summer Pearl Group Vacation Rental Management Platform cross-site request forgery |
| CVE-2025-40664 | 2025-05-26 | Missing authentication vulnerability in TCMAN GIM v11 |
| CVE-2025-40665 | 2025-05-26 | Time-based blind SQL injection vulnerability in TCMAN GIM v11 |
| CVE-2025-40666 | 2025-05-26 | Time-based blind SQL injection vulnerability in TCMAN GIM v11 |
| CVE-2025-40667 | 2025-05-26 | Missing authorization vulnerability in TCMAN GIM v11 |
| CVE-2025-40650 | 2025-05-26 | Insecure Direct Object Reference (IDOR) in Clickedu |
| CVE-2025-40652 | 2025-05-26 | Cross-Site Scripting (XSS) in CoverManager |
| CVE-2025-40653 | 2025-05-26 | User enumeration in M3M Printer Server Web |
| CVE-2025-40663 | 2025-05-26 | Stored Cross-Site Scripting (XSS) in i2A-Cronos by i2A |
| CVE-2025-5186 | 2025-05-26 | thinkgem JeeSite URI Scheme form ResourceLoader.getResource server-side request forgery |
| CVE-2025-46805 | 2025-05-26 | Screen has a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root |
| CVE-2025-5196 | 2025-05-26 | Wing FTP Server Lua Admin Console unnecessary privileges |
| CVE-2025-46804 | 2025-05-26 | Screen 5.0.0 and older versions allow file existence tests when installed setuid-root |
| CVE-2025-39498 | 2025-05-26 | WordPress Spotlight - Social Media Feeds (Premium) plugin <= 1.7.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-37992 | 2025-05-26 | net_sched: Flush gso_skb list too during ->change() |
| CVE-2025-46803 | 2025-05-26 | Screen creates by default world-writable PTYs |
| CVE-2025-46802 | 2025-05-26 | Temporary chown() of users' TTY to mode 0666 allows PTY hijacking in screen |
| CVE-2025-23395 | 2025-05-26 | Local root exploit via `logfile_reopen()` in screen 5.0.0 with setuid-root bit set |
| CVE-2025-23394 | 2025-05-26 | daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root |
| CVE-2025-23392 | 2025-05-26 | Reflected XSS in SystemsController.java in spacewalk-java |
| CVE-2025-5200 | 2025-05-26 | Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_Quake1 out-of-bounds |
| CVE-2025-5201 | 2025-05-26 | Open Asset Import Library Assimp LWOLoader.cpp CountVertsAndFacesLWO2 out-of-bounds |
| CVE-2025-5202 | 2025-05-26 | Open Asset Import Library Assimp HL1MDLLoader.cpp validate_header out-of-bounds |
| CVE-2025-5203 | 2025-05-26 | Open Asset Import Library Assimp ParsingUtils.h SkipSpaces out-of-bounds |
| CVE-2025-5204 | 2025-05-26 | Open Asset Import Library Assimp MDLMaterialLoader.cpp ParseSkinLump_3DGS_MDL7 out-of-bounds |
| CVE-2025-5205 | 2025-05-26 | 1000 Projects Daily College Class Work Report Book dcwr_entry.php sql injection |
| CVE-2025-5206 | 2025-05-26 | Pixelimity Installation index.php sql injection |
| CVE-2025-5207 | 2025-05-26 | SourceCodester Client Database Management System superadmin_update_profile.php sql injection |
| CVE-2025-5208 | 2025-05-26 | SourceCodester Online Hospital Management System check_availability.php sql injection |
| CVE-2025-5210 | 2025-05-26 | PHPGurukul Employee Record Management System loginerms.php sql injection |
| CVE-2025-5211 | 2025-05-26 | PHPGurukul Employee Record Management System myprofile.php sql injection |
| CVE-2025-5212 | 2025-05-26 | PHPGurukul Employee Record Management System editempexp.php sql injection |
| CVE-2025-4783 | 2025-05-26 | Exclusive Addons for Elementor <= 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget |
| CVE-2025-5213 | 2025-05-26 | projectworlds Responsive E-Learning System delete_file.php sql injection |
| CVE-2025-5214 | 2025-05-26 | Kashipara Responsive Online Learing Platform course_detail_user_new.php sql injection |
| CVE-2024-49196 | 2025-05-27 | An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Type confusion leads to a Denial of Service. |
| CVE-2024-49197 | 2025-05-27 | An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check... |
| CVE-2025-22377 | 2025-05-27 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123,... |
| CVE-2025-26211 | 2025-05-27 | Gibbon before 29.0.00 allows CSRF. |
| CVE-2025-45475 | 2025-05-27 | maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management. |
| CVE-2025-45529 | 2025-05-27 | An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor. |
| CVE-2025-46173 | 2025-05-27 | code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) via the name field in the feedback form. |