High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| AdeptLanguage–Adept |
Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run’s GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in the AdeptLanguage/Adept repository. This issue has been patched in commit a1a41b7. | 2025-04-21 | 9.8 | CVE-2025-32958 |
| aeropage–Aeropage Sync for Airtable |
The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘aeropage_media_downloader’ function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-04-26 | 8.8 | CVE-2025-3914 |
| ALBEDO Telecom–Net.Time – PTP/NTP clock (Serial No. NBC0081P) |
ALBEDO Telecom Net.Time – PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which could permit an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception. | 2025-04-24 | 8 | CVE-2025-2185 |
| Amazon–Amazon Ion Dotnet |
When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that could potentially result in a denial of service. Users should upgrade to Amazon.IonDotnet version 1.3.1 and ensure any forked or derivative code is patched to incorporate the new fixes. | 2025-04-21 | 7.5 | CVE-2025-3857 |
| aonetheme–Service Finder Bookings |
The Service Finder Bookings plugin for WordPress, used by the Service Finder – Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the ‘nsl_registration_store_extra_input’ function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability. | 2025-04-25 | 9.8 | CVE-2025-2470 |
| arkenon–Frontend Login and Registration Blocks |
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user’s identity prior to updating a password. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user’s passwords, including administrators, and leverage that to gain access to their account. | 2025-04-24 | 8.8 | CVE-2025-3607 |
| artbees–Jupiter X Core |
The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the ‘file’ parameter of the ‘raven_download_file’ function. This makes it possible for attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with the file download action, and the ability to upload files is also present. Otherwise, this would be considered exploitable by Contributor-level users and above, because they could create the form needed to successfully exploit this. | 2025-04-26 | 8.1 | CVE-2025-2105 |
| Ashraful Sarkar Naiem–License For Envato |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Ashraful Sarkar Naiem License For Envato allows PHP Local File Inclusion. This issue affects License For Envato: from n/a through 1.0.0. | 2025-04-24 | 7.5 | CVE-2025-39399 |
| cajka–Verification SMS with TargetSMS |
The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the ‘targetvr_ajax_handler’ function. This is due to a lack of validation on the type of function that can be called. This makes it possible for unauthenticated attackers to execute any callable function on the site, such as phpinfo(). | 2025-04-24 | 8.3 | CVE-2025-3776 |
| Capturly–Capturly |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Capturly Capturly allows PHP Local File Inclusion. This issue affects Capturly: from n/a through 2.0.1. | 2025-04-24 | 7.5 | CVE-2025-39379 |
| cedcommerce–Product Lister for eBay |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in cedcommerce Product Lister for eBay allows PHP Local File Inclusion. This issue affects Product Lister for eBay: from n/a through 2.0.9. | 2025-04-24 | 7.5 | CVE-2025-39384 |
| Centreon–Centreon BAM |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection. This page is only accessible to authenticated users with high privileges. This issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10. | 2025-04-22 | 7.2 | CVE-2025-3767 |
| Centreon–Centreon |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload. This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4. | 2025-04-24 | 7.2 | CVE-2025-3872 |
| Code Work Web–CWW Portfolio |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Code Work Web CWW Portfolio allows PHP Local File Inclusion. This issue affects CWW Portfolio: from n/a through 1.3.1. | 2025-04-24 | 7.5 | CVE-2025-39359 |
| Code Work Web–Xews Lite |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Code Work Web Xews Lite allows PHP Local File Inclusion. This issue affects Xews Lite: from n/a through 1.0.9. | 2025-04-24 | 7.5 | CVE-2025-39383 |
| Commvault–Command Center Innovation Release |
A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. This issue affects Command Center Innovation Release: 11.38. | 2025-04-22 | 10 | CVE-2025-34028 |
| Commvault–Web Server |
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: “Webservers can be compromised through bad actors creating and executing webshells.” Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. | 2025-04-25 | 8.8 | CVE-2025-3928 |
| ConnectWise–ScreenConnect |
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys, privileged system level access must be obtained. If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server. The risk does not originate from a vulnerability introduced by ScreenConnect, but from platform level behavior. This had no direct impact to ScreenConnect Client. ScreenConnect 2025.4 patch disables ViewState and removes any dependency on it. | 2025-04-25 | 8.1 | CVE-2025-3935 |
| craftcms–cms |
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892. | 2025-04-25 | 10 | CVE-2025-32432 |
| danielpataki–ACF: Google Font Selector |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in danielpataki ACF: Google Font Selector allows Reflected XSS. This issue affects ACF: Google Font Selector: from n/a through 3.0.1. | 2025-04-24 | 7.1 | CVE-2025-39382 |
| dorinabc–Create custom forms for WordPress with a smart form plugin for smart businesses Form builder for WordPress |
The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-04-26 | 7.3 | CVE-2025-2801 |
| everestthemes–Grace Mag |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in everestthemes Grace Mag allows PHP Local File Inclusion. This issue affects Grace Mag: from n/a through 1.1.5. | 2025-04-24 | 7.5 | CVE-2025-39360 |
| EverPress–BruteGuard Brute Force Login Protection |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in EverPress BruteGuard – Brute Force Login Protection allows Reflected XSS. This issue affects BruteGuard – Brute Force Login Protection: from n/a through 0.1.4. | 2025-04-24 | 7.1 | CVE-2025-39408 |
| eyecix–JobSearch WP Job Board |
The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.8. This is due to improper configurations in the ‘jobsearch_xing_response_data_callback’, ‘set_access_tokes’, and ‘google_callback’ functions. This makes it possible for unauthenticated attackers to log in as the first connected Xing user, or any connected Xing user if the Xing id is known. It is also possible for unauthenticated attackers to log in as the first connected Google user if the user has logged in, without subsequently logging out, in thirty days. The vulnerability was partially patched in version 2.8.4. | 2025-04-25 | 8.1 | CVE-2024-11917 |
| felipe152–Integrao entre Eduzz e Woocommerce |
The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wep_opcoes’ function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the default registration role within the plugin’s registration flow to Administrator, which allows any user to create an Administrator account. | 2025-04-26 | 8.8 | CVE-2025-3906 |
| Franka Robotics–Franka Emika Robot |
Due to improper JSON Web Tokens implementation an unauthenticated remote attacker can guess a valid session ID and therefore impersonate a user to gain full access. | 2025-04-24 | 8.1 | CVE-2021-47663 |
| Franka Robotics–Franka Emika Robot |
Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button. | 2025-04-24 | 7.5 | CVE-2021-47662 |
| GitLab–GitLab |
An issue has been discovered in GitLab EE/CE that could allow an attacker to track users’ browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. | 2025-04-24 | 7.7 | CVE-2025-1908 |
| GL.iNet–GL-A1300 Slate Plus |
A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. Affected is an unknown function of the file plugins.so of the component RPC Handler. The manipulation leads to buffer overflow. It is recommended to upgrade the affected component. | 2025-04-26 | 8 | CVE-2025-2851 |
| gopiplus@hotmail.com–Anything Popup |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in gopiplus@hotmail.com Anything Popup allows Reflected XSS. This issue affects Anything Popup: from n/a through 7.3. | 2025-04-24 | 7.1 | CVE-2025-39397 |
| H3C–GR-3000AX |
A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit_List_SSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to buffer overflow. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. Other functions might be affected as well. | 2025-04-22 | 8 | CVE-2025-3854 |
| HCL Software–HCL Leap |
Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. | 2025-04-24 | 7.1 | CVE-2023-37534 |
| Hitachi–Hitachi Ops Center Common Services |
Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04. | 2025-04-22 | 7.1 | CVE-2024-46899 |
| Holest Engineering–Spreadsheet Price Changer for WooCommerce and WP E-commerce Light |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows PHP Local File Inclusion. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37. | 2025-04-24 | 7.5 | CVE-2025-39378 |
| IBM–Hardware Management Console – Power Systems |
IBM Hardware Management Console – Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source. | 2025-04-22 | 9.3 | CVE-2025-1950 |
| IBM–Hardware Management Console – Power Systems |
IBM Hardware Management Console – Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges. | 2025-04-22 | 8.4 | CVE-2025-1951 |
| jauharixelion–Xelion Webchat |
The Xelion Webchat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the xwc_save_settings() function in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-04-24 | 8.8 | CVE-2025-3058 |
| joedolson–My Tickets Accessible Event Ticketing |
The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users to update roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator. | 2025-04-24 | 8.8 | CVE-2025-3761 |
| Kiotviet–KiotViet Sync |
Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4. | 2025-04-24 | 7.1 | CVE-2025-39381 |
| kiranpatil353–Add custom page template |
The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the ‘acpt_validate_setting’ function. This is due to insufficient sanitization of the ‘template_name’ parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. | 2025-04-26 | 7.2 | CVE-2025-3491 |
| ludwigyou–WPMasterToolKit (WPMTK) All in one plugin |
The WPMasterToolKit (WPMTK) – All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and modify the contents of arbitrary files on the server, which can contain sensitive information. | 2025-04-24 | 7.2 | CVE-2025-3300 |
| markparticle–WebServer |
A vulnerability was found in markparticle WebServer up to 1.0. It has been declared as critical. Affected by this vulnerability is the function Buffer::HasWritten of the file code/buffer/buffer.cpp. The manipulation of the argument writePos_ leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-21 | 7.3 | CVE-2025-3845 |
| markparticle–WebServer |
A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file code/http/httprequest.cpp of the component Registration. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-21 | 7.3 | CVE-2025-3846 |
| markparticle–WebServer |
A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-21 | 7.3 | CVE-2025-3847 |
| miraheze–ManageWiki |
ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injection payload. This issue has been patched in commit f504ed8. A workaround for this vulnerability involves setting `$wgManageWiki[‘namespaces’] = false;`. | 2025-04-21 | 8 | CVE-2025-32956 |
| mra13–WordPress Simple Shopping Cart |
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the ‘file_url’ parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it. | 2025-04-23 | 8.2 | CVE-2025-3529 |
| mra13–WordPress Simple Shopping Cart |
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter ‘product_tmp_two’ for computing a security hash against price tampering while using ‘wspsc_product’ to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item. | 2025-04-23 | 7.5 | CVE-2025-3530 |
| neoslab–Database Toolset |
The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 2025-04-24 | 9.1 | CVE-2025-3065 |
| NIH–BRICS |
NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators. | 2025-04-23 | 7.5 | CVE-2025-27580 |
| NVIDIA–NeMo Framework |
NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. | 2025-04-22 | 7.6 | CVE-2025-23249 |
| NVIDIA–NeMo Framework |
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering. | 2025-04-22 | 7.6 | CVE-2025-23250 |
| NVIDIA–NeMo Framework |
NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. | 2025-04-22 | 7.6 | CVE-2025-23251 |
| Odin_Design–Vikinger |
The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient user_meta restrictions in the ‘vikinger_user_meta_update_ajax’ function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate their privileges to Administrator-level. | 2025-04-25 | 8.8 | CVE-2025-2238 |
| PHPGurukul–COVID19 Testing Management System |
A vulnerability classified as critical was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 7.3 | CVE-2025-3971 |
| PHPGurukul–COVID19 Testing Management System |
A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /bwdates-report-result.php. The manipulation of the argument todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-27 | 7.3 | CVE-2025-3972 |
| PHPGurukul–COVID19 Testing Management System |
A vulnerability, which was classified as critical, was found in PHPGurukul COVID19 Testing Management System 1.0. This affects an unknown part of the file /check_availability.php. The manipulation of the argument mobnumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-27 | 7.3 | CVE-2025-3973 |
| PHPGurukul–COVID19 Testing Management System |
A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit-phlebotomist.php?pid=11. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-27 | 7.3 | CVE-2025-3974 |
| PHPGurukul–COVID19 Testing Management System |
A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /new-user-testing.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-27 | 7.3 | CVE-2025-3976 |
| Red Hat–Red Hat |
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled. | 2025-04-25 | 8.8 | CVE-2025-3641 |
| Red Hat–Red Hat |
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled. | 2025-04-25 | 8.8 | CVE-2025-3642 |
| Red Hat–Red Hat |
A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data-including names, contact information, and hashed passwords-via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability. | 2025-04-25 | 7.5 | CVE-2025-32044 |
| Red Hat–Red Hat |
A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA). | 2025-04-25 | 7.1 | CVE-2025-3625 |
| redis–redis |
Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted and the memory is unavailable. When password authentication is enabled on the Redis server, but no password is provided, the client can still cause the output buffer to grow from “NOAUTH” responses until the system will run out of memory. This issue has been patched in version 7.4.3. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways. Either using network access control tools like firewalls, iptables, security groups, etc, or enabling TLS and requiring users to authenticate using client side certificates. | 2025-04-23 | 7.5 | CVE-2025-21605 |
| Samba–ppp |
The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. | 2025-04-22 | 9.3 | CVE-2024-58250 |
| SAP_SE–SAP NetWeaver (Visual Composer development server) |
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. | 2025-04-24 | 10 | CVE-2025-31324 |
| SeaTheme–BM Content Builder |
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ux_cb_tools_import_item_ajax AJAX action in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-04-25 | 8.8 | CVE-2025-1279 |
| Synology–DiskStation Manager (DSM) |
Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors. | 2025-04-23 | 7.5 | CVE-2025-1021 |
| Tecnick–TCExam |
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 2025-04-22 | 8.8 | CVE-2025-23176 |
| TeconceTheme–Mayosis Core |
The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library/wave-audio/peaks/remote_dl.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-04-25 | 7.5 | CVE-2025-1565 |
| ThemeMove–EduMall – Professional LMS Education Center WordPress Theme |
The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the ‘template’ parameter of the ‘edumall_lazy_load_template’ AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. | 2025-04-26 | 8.1 | CVE-2025-2101 |
| TOTOLINK–N150RT |
A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected is an unknown function of the file /boafrm/formPortFw. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 8.8 | CVE-2025-3988 |
| TOTOLINK–N150RT |
A vulnerability classified as critical was found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this vulnerability is an unknown functionality of the file /boafrm/formStaticDHCP. The manipulation of the argument Hostname leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 8.8 | CVE-2025-3989 |
| TOTOLINK–N150RT |
A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this issue is some unknown functionality of the file /boafrm/formVlan. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 8.8 | CVE-2025-3990 |
| TOTOLINK–N150RT |
A vulnerability, which was classified as critical, was found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boafrm/formWdsEncrypt. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 8.8 | CVE-2025-3991 |
| v1rustyle–Flynax Bridge |
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user’s identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user’s passwords, including administrators, and leverage that to gain access to their account. | 2025-04-24 | 9.8 | CVE-2025-3603 |
| v1rustyle–Flynax Bridge |
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user’s identity prior to updating their details like email. This makes it possible for unauthenticated attackers to change arbitrary user’s email addresses, including administrators, and leverage that to reset the user’s password and gain access to their account. | 2025-04-24 | 9.8 | CVE-2025-3604 |
| Vestel–AC Charger EVC04 |
Vestel AC Charger version 3.75.0 contains a vulnerability that could enable an attacker to access files containing sensitive information, such as credentials which could be used to further compromise the device. | 2025-04-24 | 7.5 | CVE-2025-3606 |
| weDevs–Appsero Helper |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in weDevs Appsero Helper allows SQL Injection. This issue affects Appsero Helper: from n/a through 1.3.4. | 2025-04-24 | 8.5 | CVE-2025-39377 |
| withstars–Books-Management-System |
A vulnerability was found in withstars Books-Management-System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /allreaders.html of the component Background Interface. The manipulation leads to missing authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-04-27 | 7.3 | CVE-2025-3960 |
| withstars–Books-Management-System |
A vulnerability, which was classified as critical, has been found in withstars Books-Management-System 1.0. This issue affects some unknown processing of the file /admin/article/list of the component Background Interface. The manipulation leads to missing authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-04-27 | 7.3 | CVE-2025-3963 |
| wp-configurator–Configurator Theme Core |
The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator. | 2025-04-24 | 8.8 | CVE-2025-3101 |
| wpeverest–User Registration |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpeverest User Registration allows Reflected XSS. This issue affects User Registration: from n/a through n/a. | 2025-04-24 | 7.1 | CVE-2025-39400 |
| WPoperation–Arrival |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WPoperation Arrival allows PHP Local File Inclusion. This issue affects Arrival: from n/a through 1.4.5. | 2025-04-24 | 7.5 | CVE-2025-32921 |
| WPoperation–Opstore |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WPoperation Opstore allows PHP Local File Inclusion. This issue affects Opstore: from n/a through 1.4.5. | 2025-04-24 | 7.5 | CVE-2025-39387 |
| WPQuark–eForm – WordPress Form Builder |
The eForm – WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.18.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-24 | 7.2 | CVE-2025-1294 |
| wpsoul–Greenshift animation and page builder blocks |
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. The arbitrary file upload was sufficiently patched in 11.4.5, but a capability check was added in 11.4.6 to properly prevent unauthorized limited file uploads. | 2025-04-22 | 8.8 | CVE-2025-3616 |
| WPXpro–Xpro Elementor Addons – Pro |
The Xpro Elementor Addons – Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. | 2025-04-26 | 8.8 | CVE-2024-13808 |
| Yoel Geva–Android App |
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 2025-04-21 | 7.5 | CVE-2025-23174 |
| zamartz–Checkout Field Visibility for WooCommerce |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in zamartz Checkout Field Visibility for WooCommerce allows PHP Local File Inclusion. This issue affects Checkout Field Visibility for WooCommerce: from n/a through 1.2.3. | 2025-04-24 | 7.5 | CVE-2025-39391 |
| Zyxel–USG FLEX H series uOS firmware |
An incorrect permission assignment vulnerability in the PostgreSQL commands of the USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Modifying the system configuration is only possible if the administrator has not logged out and the token remains valid. | 2025-04-22 | 7.8 | CVE-2025-1731 |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 201206030–novel-cloud |
A vulnerability has been found in 201206030 novel-cloud 1.4.0 and classified as critical. This vulnerability affects the function RestResp of the file novel-cloud-master/novel-book/novel-book-service/src/main/resources/mapper/BookInfoMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-27 | 6.3 | CVE-2025-3956 |
| aeropage–Aeropage Sync for Airtable |
The Aeropage Sync for Airtable plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘aeropageDeletePost’ function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. | 2025-04-26 | 4.3 | CVE-2025-3915 |
| AMTT–Hotel Broadband Operation System |
A vulnerability has been found in AMTT Hotel Broadband Operation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manager/system/nlog_down.php. The manipulation of the argument ProtocolType leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-27 | 4.7 | CVE-2025-3983 |
| Anps–Anps Theme plugin |
The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-04-26 | 6.5 | CVE-2024-13812 |
| Apereo–CAS |
A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6webapp-mgmtcas-management-webapp-supportsrcmainjavaorgapereocasmgmtserviceswebRegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-27 | 5 | CVE-2025-3984 |
| Apereo–CAS |
A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6corecas-server-core-configuration-metadata-repositorysrcmainjavaorgapereocasmetadatarestCasConfigurationMetadataServerController.java. The manipulation of the argument Name leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-27 | 4.3 | CVE-2025-3986 |
| Axis Communications AB–AXIS Camera Station Pro |
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2025-04-23 | 6.1 | CVE-2025-1056 |
| Axis Communications AB–AXIS Camera Station Pro |
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2025-04-23 | 5.9 | CVE-2025-0926 |
| bdthemes–Element Pack Addons for Elementor Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder |
The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button, Creative Button, Image Stack and more in all versions up to, and including, 5.10.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-26 | 6.4 | CVE-2025-1458 |
| bitpressadmin–Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder |
The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.18.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-04-25 | 4.9 | CVE-2025-2580 |
| bplugins–Lottie Player- Great Lottie Player Solution |
The Lottie Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file. | 2025-04-24 | 6.4 | CVE-2025-2579 |
| buildwps–Prevent Direct Access Protect WordPress Files |
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the ‘pda_lite_custom_permission_check’ function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to access and change the protection status of media. | 2025-04-25 | 5.4 | CVE-2025-3861 |
| buildwps–Prevent Direct Access Protect WordPress Files |
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the ‘generate_unique_string’ due to insufficient randomness of the generated file name. This makes it possible for unauthenticated attackers to extract sensitive data including files protected by the plugin if the attacker can determine the file name. | 2025-04-25 | 5.3 | CVE-2025-3923 |
| checkpoint–Check Point Mobile Access |
For an authenticated end-user the portal may run a script while attempting to display a directory or some file’s properties. | 2025-04-27 | 5.4 | CVE-2024-52888 |
| cilium–cilium |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue. | 2025-04-21 | 4 | CVE-2025-32793 |
| codeandreload–Custom Admin-Bar Favorites |
The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘menuObject’ parameter in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-04-25 | 6.1 | CVE-2025-3868 |
| CodeCanyon–RISE Ultimate Project Manager |
A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/team_members/save_profile_image/ of the component Profile Picture Handler. The manipulation of the argument profile_image_file leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-22 | 4.3 | CVE-2025-3855 |
| codeprojects–News Publishing Site Dashboard |
A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /api.php. The manipulation of the argument cat_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 6.3 | CVE-2025-3968 |
| codeprojects–News Publishing Site Dashboard |
A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-category.php of the component Edit Category Page. The manipulation of the argument category_image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 6.3 | CVE-2025-3969 |
| codeprojects–Patient Record Management System |
A vulnerability, which was classified as critical, was found in codeprojects Patient Record Management System 1.0. This affects an unknown part of the file /edit_rpatient.php.php. The manipulation of the argument id/lastname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 6.3 | CVE-2025-3955 |
| CODESYS–CODESYS Visualization |
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing. | 2025-04-23 | 5.3 | CVE-2025-2595 |
| cuba-platform–cuba |
CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in version 7.2.23. A workaround is provided on the Jmix documentation website. | 2025-04-22 | 6.5 | CVE-2025-32959 |
| cuba-platform–jpawebapi |
The Cuba JPA web API enables loading and saving any entities defined in the application data model by sending simple HTTP requests. Prior to version 1.1.1, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in version 1.1.1. A workaround is provided on the Jmix documentation website. | 2025-04-22 | 6.4 | CVE-2025-32961 |
| cuba-platform–restapi |
The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in version 7.2.7. A workaround is provided on the Jmix documentation website. | 2025-04-22 | 6.4 | CVE-2025-32960 |
| dazhouda–lecms |
A vulnerability was found in dazhouda lecms 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/view/default/user_set.htm. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 4.3 | CVE-2025-3978 |
| dazhouda–lecms |
A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-password-ajax-1 of the component Password Change Handler. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 4.3 | CVE-2025-3979 |
| devitemsllc–ShopLentor WooCommerce Builder for Elementor & Gutenberg +20 Modules All in One Solution (formerly WooLentor) |
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.2 via the woolentor_template_proxy function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application, and can be used to query and modify information from internal services. | 2025-04-25 | 6.5 | CVE-2025-3775 |
| elextensions–ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes |
The ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin for WordPress is vulnerable to SQL Injection via the ‘attribute_value_filter’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-04-24 | 6.5 | CVE-2025-3280 |
| FileZ–Client |
An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user. | 2025-04-25 | 5 | CVE-2025-2068 |
| FileZ–Client |
A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user. | 2025-04-25 | 5 | CVE-2025-2069 |
| FileZ–Client |
An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user. | 2025-04-25 | 5 | CVE-2025-2070 |
| Franka Robotics–Franka Emika Robot |
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames. | 2025-04-24 | 5.3 | CVE-2021-47664 |
| GitLab–GitLab |
An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. | 2025-04-24 | 6.5 | CVE-2025-0639 |
| GitLab–GitLab |
An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1. | 2025-04-24 | 4.3 | CVE-2024-12244 |
| GL.iNet–GL-A1300 Slate Plus |
A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to inefficient regular expression complexity. It is recommended to upgrade the affected component. | 2025-04-26 | 5.7 | CVE-2025-2811 |
| Grafana–Grafana |
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript. | 2025-04-23 | 6.8 | CVE-2025-2703 |
| HCL Software–HCL Leap |
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | 2025-04-24 | 6.3 | CVE-2024-30113 |
| HCL Software–HCL Leap |
Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. | 2025-04-24 | 6.5 | CVE-2024-30147 |
| HCL Software–HCL Leap |
Insufficient default configuration in HCL Leap allows anonymous access to directory information. | 2025-04-24 | 5.3 | CVE-2023-45720 |
| HCL Software–HCL Leap |
Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications. | 2025-04-24 | 4.6 | CVE-2022-44759 |
| HCL Software–HCL Leap |
Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications. | 2025-04-24 | 4.6 | CVE-2022-44760 |
| HCL Software–HCL Leap |
Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server’s filesystem. | 2025-04-24 | 4.1 | CVE-2024-30148 |
| HCL Software–HCL SX |
HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts. | 2025-04-25 | 6.5 | CVE-2024-30152 |
| Heateor Support–Sassy Social Share |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Heateor Support Sassy Social Share allows Phishing. This issue affects Sassy Social Share: from n/a through 3.3.73. | 2025-04-24 | 4.7 | CVE-2025-39404 |
| Hitachi–Hitachi Ops Center Common Services |
Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00. | 2025-04-22 | 5.5 | CVE-2025-2300 |
| IBM–InfoSphere Information Server |
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 2025-04-23 | 6.3 | CVE-2024-22351 |
| IBM–InfoSphere Information Server |
IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system. | 2025-04-23 | 4.3 | CVE-2025-25045 |
| IBM–Maximo Asset Management |
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-04-25 | 5.5 | CVE-2025-2986 |
| IBM–WebSphere Application Server |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | 2025-04-22 | 4.1 | CVE-2025-27907 |
| iteachyou–Dreamer CMS |
A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-27 | 4.3 | CVE-2025-3977 |
| itwanger–paicoding |
A vulnerability was found in itwanger paicoding 1.0.3. It has been classified as critical. This affects an unknown part of the file /article/api/post of the component Article Handler. The manipulation of the argument articleId leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 5.4 | CVE-2025-3967 |
| itwanger–paicoding |
A vulnerability was found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/home?userId=1&homeSelectType=read of the component Browsing History Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 4.3 | CVE-2025-3966 |
| jeremyshapiro–FuseDesk |
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘successredirect’ parameter in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-24 | 6.4 | CVE-2025-3832 |
| jmix-framework–jmix |
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server has the necessary permissions. This can be accomplished either by modifying the FileRef directly in the database or by supplying a harmful value in the fileRef parameter of the `/files` endpoint of the generic REST API. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website. | 2025-04-22 | 6.5 | CVE-2025-32950 |
| jmix-framework–jmix |
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website. | 2025-04-22 | 6.4 | CVE-2025-32951 |
| jmix-framework–jmix |
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website. | 2025-04-22 | 6.5 | CVE-2025-32952 |
| kitae-park–Mang Board WP |
The Mang Board WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the board_header and board_footer parameters in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-04-24 | 4.4 | CVE-2025-3435 |
| lamarant–Buddypress Force Password Change |
The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user’s identity prior to updating their password through the ‘bp_force_password_ajax’ function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with subscriber-level access and above and under certain prerequisites, to change arbitrary user’s passwords, including administrators, and leverage that to gain access to their accounts. | 2025-04-24 | 4.2 | CVE-2025-3793 |
| magepeopleteam–Booking and Rental Manager |
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Booking and Rental Manager: from n/a through 2.3.8. | 2025-04-24 | 5.3 | CVE-2025-39390 |
| Mattermost–Mattermost |
Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific posts, overloading the server and leading to a denial-of-service (DoS) condition. | 2025-04-24 | 6.5 | CVE-2025-35965 |
| MemberPress–Memberpress |
The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2025-04-22 | 5.3 | CVE-2024-11299 |
| mgyura–Breeze Display |
The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cal_size’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-24 | 6.4 | CVE-2025-3749 |
| miraheze–ManageWiki |
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions. | 2025-04-22 | 4.6 | CVE-2025-32964 |
| Mitsubishi Electric Corporation–CC-Link IE TSN Remote I/O module NZ2GN2S1-32D |
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module and CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY allows a remote unauthenticated attacker to cause a Denial of Service condition in the products by sending specially crafted UDP packets. | 2025-04-25 | 5.9 | CVE-2025-3511 |
| N/A–N/A |
A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks. | 2025-04-25 | 4.3 | CVE-2025-3636 |
| NIH–BRICS |
NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints. | 2025-04-23 | 4.3 | CVE-2025-27581 |
| nortikin–Sverchok |
A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/object_nodes/getsetprop_mk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-27 | 4.3 | CVE-2025-3982 |
| oceanwp–Ocean Extra |
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘oceanwp_icon’ shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-22 | 6.4 | CVE-2025-3457 |
| oceanwp–Ocean Extra |
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ocean_gallery_id’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The Classic Editor plugin must be installed and activated to exploit the vulnerability. | 2025-04-22 | 6.4 | CVE-2025-3458 |
| oceanwp–Ocean Extra |
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is also installed and activated. | 2025-04-22 | 6.5 | CVE-2025-3472 |
| OctoPrint–OctoPrint |
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0. | 2025-04-22 | 4.3 | CVE-2025-32788 |
| olarmarius–1 Decembrie 1918 |
The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-decembrie-1918/1-decembrie-1918.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-04-25 | 6.1 | CVE-2025-3870 |
| opplus–springboot-admin |
A vulnerability was found in opplus springboot-admin 1.0 and classified as critical. This issue affects some unknown processing of the file srcmainresourcesmappersysSysLogDao.xml. The manipulation of the argument order leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 6.3 | CVE-2025-3957 |
| panhainan–DS-Java |
A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function uploadUserPic.action of the file src/com/phn/action/FileUpload.java. The manipulation of the argument fileUpload leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-21 | 6.3 | CVE-2025-3842 |
| panhainan–DS-Java |
A vulnerability was found in panhainan DS-Java 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-21 | 4.3 | CVE-2025-3843 |
| pixel_prime–Reales WP – Real Estate WordPress Theme |
The Reales WP – Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘reales_delete_file’, ‘reales_delete_file_plans’, ‘reales_add_to_favourites’, and ‘reales_remove_from_favourites’ functions in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary attachments, and add or remove favorite property listings for any user. | 2025-04-24 | 5.3 | CVE-2024-13307 |
| pnpm–pnpm |
pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name /node_modoules/, there are no version numbers for the libraries they refer to. This issue has been patched in version 10.0.0. | 2025-04-23 | 6.5 | CVE-2024-47829 |
| rafe007–Ajax Comment Form CST |
The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation via the ‘acform_cst_settings’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-04-25 | 6.1 | CVE-2025-3867 |
| Red Hat–Red Hat Enterprise Linux 9 |
A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic. | 2025-04-23 | 5.4 | CVE-2024-10306 |
| Red Hat–Red Hat |
A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades. | 2025-04-25 | 5.3 | CVE-2025-32045 |
| Red Hat–Red Hat |
A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk. | 2025-04-25 | 5.4 | CVE-2025-3643 |
| Red Hat–Red Hat |
A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA). | 2025-04-25 | 4.3 | CVE-2025-3627 |
| Red Hat–Red Hat |
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities. | 2025-04-25 | 4.3 | CVE-2025-3628 |
| Red Hat–Red Hat |
A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven’t finished two-step verification processes. | 2025-04-25 | 4.3 | CVE-2025-3634 |
| Red Hat–Red Hat |
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access. | 2025-04-25 | 4.3 | CVE-2025-3640 |
| Red Hat–Red Hat |
A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify. | 2025-04-25 | 4.3 | CVE-2025-3644 |
| Red Hat–Red Hat |
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users’ names and online statuses. | 2025-04-25 | 4.3 | CVE-2025-3645 |
| Red Hat–Red Hat |
A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve. | 2025-04-25 | 4.3 | CVE-2025-3647 |
| rohanpawale–Add Google +1 (Plus one) social share Button |
The Add Google +1 (Plus one) social share Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the google-plus-one-share-button page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-04-25 | 6.1 | CVE-2025-3866 |
| SAP_SE–SAP Field Logistics |
SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted. | 2025-04-22 | 4.3 | CVE-2025-31327 |
| SAP_SE–SAP S/4 HANA (Learning Solution) |
SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affecting the availability. | 2025-04-22 | 4.6 | CVE-2025-31328 |
| ScriptAndTools–eCommerce-website-in-PHP |
A vulnerability was found in ScriptAndTools eCommerce-website-in-PHP 3.0 and classified as problematic. This issue affects some unknown processing of the file /admin/subscriber-csv.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 5.3 | CVE-2025-3975 |
| Serosoft–Academia Student Information System |
An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter. | 2025-04-26 | 6.4 | CVE-2024-53636 |
| spiderdevs–Advanced Accordion Gutenberg Block |
The Advanced Accordion Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-04-24 | 6.4 | CVE-2025-2543 |
| step-security–harden-runner |
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with the Docker daemon to launch privileged containers or access the host filesystem. This allows the attacker to regain root access or restore the sudoers file, effectively bypassing the restriction. This issue has been patched in version 2.12.0. | 2025-04-21 | 6 | CVE-2025-32955 |
| Tecnick–TCExam |
Multiple XSS (CWE-79) | 2025-04-22 | 6.1 | CVE-2025-23175 |
| terrillthompson–Able Player, accessible HTML5 media player |
The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘preload’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-25 | 6.4 | CVE-2025-3752 |
| TOTOLINK–N150RT |
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 6.3 | CVE-2025-3987 |
| Trellix–FireEye EDR HX |
A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception. This exception will prevent any further tamper protection events from being processed, even after a reboot of HX. | 2025-04-23 | 6.5 | CVE-2025-0618 |
| uicore–UiCore Elements Free Elementor widgets and templates |
The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-23 | 6.4 | CVE-2025-1054 |
| vjinfotech–WP Import Export Lite |
The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-22 | 6.4 | CVE-2025-2839 |
| VW Themes–Sirat |
Missing Authorization vulnerability in VW Themes Sirat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sirat: from n/a through 1.5.1. | 2025-04-24 | 4.3 | CVE-2025-39385 |
| westguard–WS Form LITE Drag & Drop Contact Form Builder for WordPress |
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘get_config’ function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to read the value of the plugin’s settings, including API keys for integrated services. | 2025-04-25 | 5.3 | CVE-2025-3912 |
| wijnbergdevelopments–Tax Switch for WooCommerce |
The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class-name’ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-22 | 6.4 | CVE-2025-3814 |
| withstars–Books-Management-System |
A vulnerability was found in withstars Books-Management-System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /reader_delete.html. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-04-27 | 4.3 | CVE-2025-3959 |
| withstars–Books-Management-System |
A vulnerability, which was classified as problematic, was found in withstars Books-Management-System 1.0. Affected is an unknown function of the file /api/article/del of the component Article Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-04-27 | 4.3 | CVE-2025-3964 |
| wowjoy –Internet Doctor Workstation System |
A vulnerability classified as problematic was found in wowjoy 浙江湖州åŽå“ä¿¡æ¯ç§‘技有é™å…¬å¸ Internet Doctor Workstation System 1.0. This vulnerability affects unknown code of the file /v1/prescription/list. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-27 | 4.3 | CVE-2025-3980 |
| wowjoy –Internet Doctor Workstation System |
A vulnerability, which was classified as problematic, has been found in wowjoy 浙江湖州åŽå“ä¿¡æ¯ç§‘技有é™å…¬å¸ Internet Doctor Workstation System 1.0. This issue affects some unknown processing of the file /v1/prescription/details/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-27 | 4.3 | CVE-2025-3981 |
| wpswings–Upsell Funnel Builder for WooCommerce |
The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0. This is due to the plugin allowing the additional product ID and discount field to be manipulated prior to processing via the ‘add_offer_in_cart’ function. This makes it possible for unauthenticated attackers to arbitrarily update the product associated with any order bump, and arbitrarily update the discount applied to any order bump item, when adding it to the cart. | 2025-04-25 | 5.3 | CVE-2025-3743 |
| xpertsclub–Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) |
The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1 via the xc_woo_printer_preview AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user’s invoices and orders which can contain sensitive information. | 2025-04-24 | 4.3 | CVE-2025-1284 |
| xxyopen–Novel-Plus |
A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-22 | 6.3 | CVE-2025-3856 |
| YXJ2018–SpringBoot-Vue-OnlineExam |
A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-21 | 4.3 | CVE-2025-3849 |
| Zyxel–USG FLEX H series uOS firmware |
An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device. | 2025-04-22 | 6.7 | CVE-2025-1732 |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Andamiro–Pump It Up |
Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service (application crash) via certain deselect actions. | 2025-04-25 | 2.4 | CVE-2024-57375 |
| Apereo–CAS |
A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6webapp-mgmtcas-management-webapp-supportsrcmainjavaorgapereocasmgmtserviceswebManageRegisteredServicesMultiActionController.java. The manipulation of the argument Query leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-27 | 2.7 | CVE-2025-3985 |
| baseweb–JSite |
A vulnerability classified as problematic has been found in baseweb JSite up to 1.0. Affected is an unknown function of the file /sys/office/save. The manipulation of the argument Remarks leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 3.5 | CVE-2025-3970 |
| BusyBox–BusyBox |
In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim. | 2025-04-23 | 2.5 | CVE-2024-58251 |
| checkpoint–Check Point Mobile Access |
Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list. | 2025-04-27 | 3.5 | CVE-2024-52887 |
| GL.iNet–GL-A1300 Slate Plus |
A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component. | 2025-04-26 | 3.5 | CVE-2025-2850 |
| HCL Software–HCL Leap |
Missing “no cache” headers in HCL Leap permits user directory information to be cached. | 2025-04-24 | 3.2 | CVE-2023-37516 |
| HCL Software–HCL Leap |
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. | 2025-04-24 | 3.7 | CVE-2024-30114 |
| HCL Software–HCL Leap |
Missing “no cache” headers in HCL Leap permits sensitive data to be cached. | 2025-04-24 | 3.2 | CVE-2024-30127 |
| IBM–InfoSphere Information Server |
IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques. | 2025-04-23 | 3.7 | CVE-2025-25046 |
| IBM–Maximo Asset Management |
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | 2025-04-21 | 3.8 | CVE-2025-2987 |
| itwanger–paicoding |
A vulnerability has been found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /article/app/post. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-27 | 3.5 | CVE-2025-3965 |
| n/a–ChurchCRM |
A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-26 | 3.7 | CVE-2025-3954 |
| N/A–N/A |
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site’s URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages. | 2025-04-25 | 3.1 | CVE-2025-3637 |
| NVIDIA–NVIDIA App |
NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | 2025-04-22 | 2.5 | CVE-2025-23253 |
| Red Hat–Red Hat | A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks. | 2025-04-25 | 3.5 | CVE-2025-3635 |
| Soffid–IAM |
In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled. | 2025-04-21 | 2.5 | CVE-2025-32408 |
| withstars–Books-Management-System |
A vulnerability was found in withstars Books-Management-System 1.0. It has been classified as problematic. Affected is an unknown function of the file /book_edit_do.html of the component Book Edit Page. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-04-27 | 3.5 | CVE-2025-3958 |
| withstars–Books-Management-System |
A vulnerability classified as problematic has been found in withstars Books-Management-System 1.0. This affects an unknown part of the file /admin/article/add/do. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-04-27 | 3.5 | CVE-2025-3961 |
| withstars–Books-Management-System |
A vulnerability classified as problematic was found in withstars Books-Management-System 1.0. This vulnerability affects unknown code of the file /api/comment/add of the component Comment Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-04-27 | 3.5 | CVE-2025-3962 |
| wix-incubator–jam |
A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config[‘template’] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | 2025-04-21 | 3.3 | CVE-2025-3841 |
| YXJ2018–SpringBoot-Vue-OnlineExam |
A vulnerability, which was classified as problematic, has been found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This issue affects some unknown processing of the component API. The manipulation leads to improper authentication. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | 2025-04-22 | 3.7 | CVE-2025-3850 |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Acronis–Acronis Cyber Protect Cloud Agent |
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904. | 2025-04-24 | not yet calculated | CVE-2025-30408 |
| Acronis–Acronis Cyber Protect Cloud Agent |
Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904. | 2025-04-24 | not yet calculated | CVE-2025-30409 |
| Apache Software Foundation–Apache HttpComponents |
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release | 2025-04-24 | not yet calculated | CVE-2025-27820 |
| Apache Software Foundation–Apache Kvrocks |
Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn’t check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. Users are recommended to upgrade to version 2.12.0, which fixes the issue. | 2025-04-22 | not yet calculated | CVE-2025-26413 |
| Arista–NG Firewall |
Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24407. | 2025-04-23 | not yet calculated | CVE-2025-2767 |
| Bdrive–NetDrive |
Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25041. | 2025-04-23 | not yet calculated | CVE-2025-2768 |
| Bdrive–NetDrive |
Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25295. | 2025-04-23 | not yet calculated | CVE-2025-2769 |
| BEC Technologies–Multiple Routers |
BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from storing credentials in a recoverable format. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25986. | 2025-04-23 | not yet calculated | CVE-2025-2770 |
| BEC Technologies–Multiple Routers |
BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25894. | 2025-04-23 | not yet calculated | CVE-2025-2771 |
| BEC Technologies–Multiple Routers |
BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within /cgi-bin/tools_usermanage.asp. The issue results from transmitting a list of users and their credentials to be handled on the client side. An attacker can leverage this vulnerability to disclose transported credentials, leading to further compromise. Was ZDI-CAN-25895. | 2025-04-23 | not yet calculated | CVE-2025-2772 |
| BEC Technologies–Multiple Routers |
BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the management interface, which listens on TCP port 22 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-25903. | 2025-04-23 | not yet calculated | CVE-2025-2773 |
| Brocade–Fabric OS |
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. | 2025-04-24 | not yet calculated | CVE-2025-1976 |
| CarlinKit–CPC200-CCPA |
CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of a properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-25948. | 2025-04-23 | not yet calculated | CVE-2025-2762 |
| CarlinKit–CPC200-CCPA |
CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of update packages on USB drives. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24356. | 2025-04-23 | not yet calculated | CVE-2025-2763 |
| CarlinKit–CPC200-CCPA |
CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of update packages provided to update.cgi. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24355. | 2025-04-23 | not yet calculated | CVE-2025-2764 |
| CarlinKit–CPC200-CCPA |
CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the wireless hotspot. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-24349. | 2025-04-23 | not yet calculated | CVE-2025-2765 |
| Cato Networks–SDP Client |
An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component. | 2025-04-27 | not yet calculated | CVE-2025-3886 |
| Checkmk GmbH–Checkmk |
Insertion of Sensitive Information into Log File in Checkmk GmbH’s Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators. | 2025-04-22 | not yet calculated | CVE-2025-2092 |
| dataease–dataease |
DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8. | 2025-04-23 | not yet calculated | CVE-2025-32966 |
| Dremio Corporation–Dremio Software |
An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locations such as S3, Azure Blob Storage, and local filesystems. This vulnerability exists due to insufficient access controls on an API endpoint, enabling any authenticated user to specify and delete files outside their intended scope. Exploiting this flaw could lead to data loss, denial of service (DoS), and potential escalation of impact depending on the deleted files. Affected versions: * Any version of Dremio below 24.0.0 * Dremio 24.3.0 – 24.3.16 * Dremio 25.0.0 – 25.0.14 * Dremio 25.1.0 – 25.1.7 * Dremio 25.2.0 – 25.2.4 Fixed in version: * Dremio 24.3.17 and above * Dremio 25.0.15 and above * Dremio 25.1.8 and above * Dremio 25.2.5 and above * Dremio 26.0.0 and above | 2025-04-21 | not yet calculated | CVE-2025-2298 |
| Drupal–Block Class |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1. | 2025-04-23 | not yet calculated | CVE-2025-3902 |
| Drupal–Bootstrap Site Alert |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting (XSS).This issue affects Bootstrap Site Alert: from 0.0.0 before 1.13.0, from 3.0.0 before 3.0.4. | 2025-04-23 | not yet calculated | CVE-2025-3901 |
| Drupal–Colorbox |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).This issue affects Colorbox: from 0.0.0 before 2.1.3. | 2025-04-23 | not yet calculated | CVE-2025-3900 |
| Drupal–Search API Solr |
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9. | 2025-04-23 | not yet calculated | CVE-2025-3907 |
| Drupal–Sportsleague |
Vulnerability in Drupal Sportsleague.This issue affects Sportsleague: *.*. | 2025-04-23 | not yet calculated | CVE-2025-3904 |
| Drupal–UEditor – |
Vulnerability in Drupal UEditor – 百度编辑器.This issue affects UEditor – 百度编辑器: *.*. | 2025-04-23 | not yet calculated | CVE-2025-3903 |
| Formulatrix–Rock Maker Web |
Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise. This issue affects Rock Maker Web: from 3.2.1.1 and later | 2025-04-21 | not yet calculated | CVE-2025-0632 |
| GIMP–GIMP |
GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082. | 2025-04-23 | not yet calculated | CVE-2025-2760 |
| GIMP–GIMP |
GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100. | 2025-04-23 | not yet calculated | CVE-2025-2761 |
| halo-dev–halo |
Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13. | 2025-04-25 | not yet calculated | CVE-2024-56156 |
| Hewlett Packard Enterprise (HPE)–HPE Cray Data Virtualization Service (DVS) |
A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access. | 2025-04-22 | not yet calculated | CVE-2025-37088 |
| Hewlett Packard Enterprise (HPE)–HPE Cray Operating System (COS) |
A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack. | 2025-04-22 | not yet calculated | CVE-2025-27087 |
| Hewlett Packard Enterprise (HPE)–HPE Performance Cluster Manager (HPCM) |
A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server host. | 2025-04-22 | not yet calculated | CVE-2025-37087 |
| Hewlett Packard Enterprise–HPE Performance Cluster Manager (HPCM) |
A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication. | 2025-04-21 | not yet calculated | CVE-2025-27086 |
| i-PRO Co., Ltd.–i-PRO Configuration Tool |
Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool affects the network system for i-PRO Co., Ltd. surveillance cameras and recorders. This vulnerability allows a local authenticated attacker to use the authentication information from the last connected surveillance cameras and recorders. | 2025-04-24 | not yet calculated | CVE-2025-32730 |
| Johnson Controls–iSTAR Configuration Utility (ICU) |
Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue | 2025-04-24 | not yet calculated | CVE-2025-26382 |
| Luxion–KeyShot Viewer |
Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24586. | 2025-04-23 | not yet calculated | CVE-2025-1045 |
| Luxion–KeyShot |
Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23646. | 2025-04-23 | not yet calculated | CVE-2025-1046 |
| Luxion–KeyShot |
Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of pvs files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23694. | 2025-04-23 | not yet calculated | CVE-2025-1047 |
| minio–operator |
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it. This issue has been patched in version 7.1.0. | 2025-04-22 | not yet calculated | CVE-2025-32963 |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento1_1 parameter. | 2025-04-22 | not yet calculated | CVE-2023-43378 |
| n/a–n/a |
An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code. | 2025-04-22 | not yet calculated | CVE-2023-43958 |
| n/a–n/a |
An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php. | 2025-04-22 | not yet calculated | CVE-2023-44752 |
| n/a–n/a |
A stored cross-site scripting (XSS) vulnerability fin Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter on the profile.php page. | 2025-04-22 | not yet calculated | CVE-2023-44753 |
| n/a–n/a |
Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php. | 2025-04-22 | not yet calculated | CVE-2023-44755 |
| n/a–n/a |
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request. | 2025-04-22 | not yet calculated | CVE-2024-33452 |
| n/a–n/a |
Directory Traversal vulnerability in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted file upload | 2025-04-22 | not yet calculated | CVE-2024-40445 |
| n/a–n/a |
An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script | 2025-04-22 | not yet calculated | CVE-2024-40446 |
| n/a–n/a |
A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function. | 2025-04-21 | not yet calculated | CVE-2024-41446 |
| n/a–n/a |
Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field | 2025-04-21 | not yet calculated | CVE-2024-42699 |
| n/a–n/a |
NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a stack overflow via the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2025-04-22 | not yet calculated | CVE-2024-46546 |
| n/a–n/a |
A stored cross-site scripting (XSS) vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter. | 2025-04-22 | not yet calculated | CVE-2024-53568 |
| n/a–n/a |
A stored cross-site scripting (XSS) vulnerability in the New Goal Creation section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the description parameter. | 2025-04-22 | not yet calculated | CVE-2024-53569 |
| n/a–n/a |
The quarantine – restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write malicious DLL to system path and perform privilege escalation by leveraging Windows DLL hijacking vulnerabilities. | 2025-04-21 | not yet calculated | CVE-2024-57394 |
| n/a–n/a |
Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder. | 2025-04-25 | not yet calculated | CVE-2025-25775 |
| n/a–n/a |
Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user’s profile without proper authentication or authorization checks. | 2025-04-24 | not yet calculated | CVE-2025-25777 |
| n/a–n/a |
Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field. | 2025-04-22 | not yet calculated | CVE-2025-26159 |
| n/a–n/a |
TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter. | 2025-04-23 | not yet calculated | CVE-2025-28017 |
| n/a–n/a |
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. | 2025-04-23 | not yet calculated | CVE-2025-28018 |
| n/a–n/a |
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component | 2025-04-23 | not yet calculated | CVE-2025-28019 |
| n/a–n/a |
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. | 2025-04-23 | not yet calculated | CVE-2025-28020 |
| n/a–n/a |
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters | 2025-04-23 | not yet calculated | CVE-2025-28021 |
| n/a–n/a |
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. | 2025-04-23 | not yet calculated | CVE-2025-28022 |
| n/a–n/a |
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi | 2025-04-22 | not yet calculated | CVE-2025-28024 |
| n/a–n/a |
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. | 2025-04-23 | not yet calculated | CVE-2025-28025 |
| n/a–n/a |
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi. | 2025-04-22 | not yet calculated | CVE-2025-28026 |
| n/a–n/a |
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 was found to contain a buffer overflow vulnerability in downloadFile.cgi. | 2025-04-22 | not yet calculated | CVE-2025-28027 |
| n/a–n/a |
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter. | 2025-04-23 | not yet calculated | CVE-2025-28028 |
| n/a–n/a |
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in cstecgi.cgi | 2025-04-22 | not yet calculated | CVE-2025-28029 |
| n/a–n/a |
TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function. | 2025-04-22 | not yet calculated | CVE-2025-28030 |
| n/a–n/a |
TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini. | 2025-04-22 | not yet calculated | CVE-2025-28031 |
| n/a–n/a |
TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter. | 2025-04-22 | not yet calculated | CVE-2025-28032 |
| n/a–n/a |
TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter. | 2025-04-22 | not yet calculated | CVE-2025-28033 |
| n/a–n/a |
TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter. | 2025-04-22 | not yet calculated | CVE-2025-28034 |
| n/a–n/a |
TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | 2025-04-22 | not yet calculated | CVE-2025-28035 |
| n/a–n/a |
TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | 2025-04-22 | not yet calculated | CVE-2025-28036 |
| n/a–n/a |
TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter. | 2025-04-22 | not yet calculated | CVE-2025-28037 |
| n/a–n/a |
TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter. | 2025-04-22 | not yet calculated | CVE-2025-28038 |
| n/a–n/a |
TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter. | 2025-04-22 | not yet calculated | CVE-2025-28039 |
| n/a–n/a |
Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) timeago, (2) user, (3) filter, (4) target, (5) p1, (6) p2, (7) p3, (8) p4, (9) p5, (10) p6, (11) p7, (12) p8, (13) p9, (14) p10, (15) p11, (16) p12, (17) p13, (18) p14, (19) p15, (20) p16, (21) p17, (22) p18, (23) p19, or (24) p20 parameter to /api/management/updateihmsettings; the (25) ID, (26) NAME, (27) CPUTHREADNB, (28) RAMCAP, or (29) DISKCAP parameter to /api/capaplan/savetemplates. | 2025-04-25 | not yet calculated | CVE-2025-28076 |
| n/a–n/a |
opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp, | 2025-04-21 | not yet calculated | CVE-2025-28099 |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost. | 2025-04-21 | not yet calculated | CVE-2025-28102 |
| n/a–n/a |
Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request. | 2025-04-21 | not yet calculated | CVE-2025-28103 |
| n/a–n/a |
Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input. | 2025-04-21 | not yet calculated | CVE-2025-28104 |
| n/a–n/a |
code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the “q” parameter allowing remote attackers to execute arbitrary code. | 2025-04-21 | not yet calculated | CVE-2025-28121 |
| n/a–n/a |
An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request. | 2025-04-25 | not yet calculated | CVE-2025-28128 |
| n/a–n/a |
BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to v3.0_13.1.7.2312290.1_0 was discovered to cend broadcasts to the manufacturer’s cloud server unencrypted, allowing attackers to execute a man-in-the-middle attack. | 2025-04-23 | not yet calculated | CVE-2025-28169 |
| n/a–n/a |
An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows attackers to execute a directory traversal via a crafted POST request. | 2025-04-25 | not yet calculated | CVE-2025-28354 |
| n/a–n/a |
mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller – ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey. | 2025-04-21 | not yet calculated | CVE-2025-28367 |
| n/a–n/a |
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file. | 2025-04-21 | not yet calculated | CVE-2025-29287 |
| n/a–n/a |
An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF (or via direct attack), triggering a fatal assertion check and causing a daemon crash. | 2025-04-22 | not yet calculated | CVE-2025-29339 |
| n/a–n/a |
open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. | 2025-04-21 | not yet calculated | CVE-2025-29446 |
| n/a–n/a |
A Cross-Site Scripting (XSS) vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload into the SearchTerm parameter. | 2025-04-23 | not yet calculated | CVE-2025-29526 |
| n/a–n/a |
ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx. | 2025-04-24 | not yet calculated | CVE-2025-29529 |
| n/a–n/a |
In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allows local users to cause a denial of service because of a null pointer dereference from IOCtl 0x96202000. | 2025-04-22 | not yet calculated | CVE-2025-29547 |
| n/a–n/a |
A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/class_sched.php. Manipulating the class parameter can lead to cross-site scripting (XSS). | 2025-04-24 | not yet calculated | CVE-2025-29568 |
| n/a–n/a |
Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a content spoofing vulnerability in the Theme configuration under the My Preferences module. This vulnerability allows attackers to manipulate application settings. | 2025-04-22 | not yet calculated | CVE-2025-29621 |
| n/a–n/a |
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the “cmd_listen” function located in the “cmd” binary. | 2025-04-21 | not yet calculated | CVE-2025-29659 |
| n/a–n/a |
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques. | 2025-04-21 | not yet calculated | CVE-2025-29660 |
| n/a–n/a |
D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting. | 2025-04-22 | not yet calculated | CVE-2025-29743 |
| n/a–n/a |
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users. | 2025-04-25 | not yet calculated | CVE-2025-32979 |
| n/a–n/a |
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Weak Sudo Configuration. | 2025-04-25 | not yet calculated | CVE-2025-32980 |
| n/a–n/a |
NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File. | 2025-04-25 | not yet calculated | CVE-2025-32981 |
| n/a–n/a |
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module. | 2025-04-25 | not yet calculated | CVE-2025-32982 |
| n/a–n/a |
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace. | 2025-04-25 | not yet calculated | CVE-2025-32983 |
| n/a–n/a |
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter. | 2025-04-25 | not yet calculated | CVE-2025-32984 |
| n/a–n/a |
NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files. | 2025-04-25 | not yet calculated | CVE-2025-32985 |
| n/a–n/a |
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint. | 2025-04-25 | not yet calculated | CVE-2025-32986 |
| OpenText–ArcSight Enterprise Security Manager |
Reference to Expired Domain Vulnerability in OpenTextâ„¢ ArcSight Enterprise Security Manager. | 2025-04-21 | not yet calculated | CVE-2025-2517 |
| OpenText–Content Server |
Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4. | 2025-04-21 | not yet calculated | CVE-2024-12862 |
| OpenText–OpenText Content Management |
User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes. | 2025-04-21 | not yet calculated | CVE-2024-12543 |
| OpenText–OpenText Content Management |
Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system. | 2025-04-21 | not yet calculated | CVE-2024-12863 |
| PostHog–PostHog |
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the SQL parser. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the database account. Was ZDI-CAN-25350. | 2025-04-23 | not yet calculated | CVE-2025-1520 |
| PostHog–PostHog |
PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the slack_incoming_webhook parameter. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25352. | 2025-04-23 | not yet calculated | CVE-2025-1521 |
| PostHog–PostHog |
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the database_schema method. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-25358. | 2025-04-23 | not yet calculated | CVE-2025-1522 |
| Red Hat–Red Hat |
A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk. | 2025-04-25 | not yet calculated | CVE-2025-3638 |
| Saviynt–OVA based Connect |
An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the customer internal network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. Under certain circumstances, an actor can manipulate a specific request parameter and inject code execution payload which could lead to a remote code execution on the infrastructure hosting this component. | 2025-04-21 | not yet calculated | CVE-2025-3837 |
| Saviynt–OVA based Connect |
An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed credentials of the installer. This EOL component was deprecated in September 2023 with end of support extended till January 2024. | 2025-04-21 | not yet calculated | CVE-2025-3838 |
| Saviynt–OVA based Connect |
An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An actor can manipulate the action parameter of the login form to inject malicious scripts which would lead to a XSS attack under certain conditions. | 2025-04-21 | not yet calculated | CVE-2025-3840 |
| SIOS Technology, Inc.–Quick Agent V3 |
Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory (‘Path Traversal’). If exploited, arbitrary code may be executed by a remote unauthenticated attacker with the Windows system privilege where the product is running. | 2025-04-27 | not yet calculated | CVE-2025-26692 |
| SIOS Technology, Inc.–Quick Agent V3 |
Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory (‘Path Traversal’). If exploited, an arbitrary file in the affected product may be obtained by a remote attacker who can log in to the product. | 2025-04-27 | not yet calculated | CVE-2025-27937 |
| SIOS Technology, Inc.–Quick Agent V3 |
Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running. | 2025-04-27 | not yet calculated | CVE-2025-31144 |
| SonicWall–SonicOS |
A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition. | 2025-04-23 | not yet calculated | CVE-2025-32818 |
| Sonos–Era 300 |
Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SMB data. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25535. | 2025-04-23 | not yet calculated | CVE-2025-1048 |
| Sonos–Era 300 |
Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ID3 data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25601. | 2025-04-23 | not yet calculated | CVE-2025-1049 |
| Sonos–Era 300 |
Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HLS playlist data. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25606. | 2025-04-23 | not yet calculated | CVE-2025-1050 |
| The Document Foundation–LibreOffice |
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid This issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before < 25.2.2. | 2025-04-27 | not yet calculated | CVE-2025-2866 |
| traefik–traefik |
Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a /../ in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.24, 3.3.6, and 3.4.0-rc2. A workaround involves adding a `PathRegexp` rule to the matcher to prevent matching a route with a `/../` in the path. | 2025-04-21 | not yet calculated | CVE-2025-32431 |
| Unblu inc.–Unblu Spark |
It technically possible for a user to upload a file to a conversation despite the file upload functionality being disabled. The file upload functionality can be enabled or disabled for specific use cases through configuration. In case the functionality is disabled for at least one use case, the system nevertheless allows files to be uploaded through direct API requests. During the upload file, interception and allowed file type rules are still applied correctly. If file sharing is generally enabled, this issue is not of concern. | 2025-04-22 | not yet calculated | CVE-2025-3518 |
| Unblu inc.–Unblu Spark |
An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID (UUID). In case a participant of this or another conversation gets access to such a file ID, it can be used to replace the file without changing the file name and details or the name of the user who uploaded the file. During the upload, file interception and allowed file type rules are still applied correctly. | 2025-04-22 | not yet calculated | CVE-2025-3519 |
| Unknown–Category Posts Widget |
The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-04-24 | not yet calculated | CVE-2025-1453 |
| Unknown–Front End Users |
The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-04-22 | not yet calculated | CVE-2024-13569 |
| Unknown–Icegram Express |
The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its Template settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-04-25 | not yet calculated | CVE-2025-0671 |
| Unknown–Order Delivery Date |
The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modify the default_user_role to administrator and users_can_register, allowing them to register as an administrator of the site for complete site takeover. | 2025-04-26 | not yet calculated | CVE-2025-2907 |
| Unknown–the-wound |
The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server | 2025-04-24 | not yet calculated | CVE-2025-2558 |
| Unknown–User Registration & Membership |
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account’s user ID. | 2025-04-22 | not yet calculated | CVE-2025-2594 |
| ViaSat–RM4100 |
The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem. | 2025-04-25 | not yet calculated | CVE-2024-6198 |
| ViaSat–RM5110 |
An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable. | 2025-04-25 | not yet calculated | CVE-2024-6199 |
| virtuemart.net–Virtuemart component for Joomla |
A SQL injection in VirtueMart component 1.0.0 – 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend. | 2025-04-21 | not yet calculated | CVE-2025-25228 |
| XRPLF–xrpl.js |
xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is also malicious, though it is less likely to lead to exploitation as it is not compatible with other 2.x versions. Anyone who used one of these versions should stop immediately and rotate any private keys or secrets used with affected systems. Users of xrpl.js should pgrade to version 4.2.5 or 2.14.3 to receive a patch. To secure funds, think carefully about whether any keys may have been compromised by this supply chain attack, and mitigate by sending funds to secure wallets, and/or rotating keys. If any account’s master key is potentially compromised, disable the key. | 2025-04-22 | not yet calculated | CVE-2025-32965 |
| xwiki–xwiki-platform |
XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki. The protection added to this REST API is the same as the one used to validate complete select queries, making it more consistent. However, while the script API always had this protection for complete queries, it’s important to note that it’s a very strict protection and some valid, but complex, queries might suddenly require the author to have programming right. | 2025-04-23 | not yet calculated | CVE-2025-32968 |
| xwiki–xwiki-platform |
XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend, including when “Prevent unregistered users from viewing pages, regardless of the page rights” and “Prevent unregistered users from editing pages, regardless of the page rights” options are enabled. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki. | 2025-04-23 | not yet calculated | CVE-2025-32969 |