Vulnerability Summary for the Week of March 10, 2025
Released
Mar 17, 2025
Document ID
SB25-076
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1E--1E Client | Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links. | 2025-03-12 | 7.8 | CVE-2025-1683 |
| 274056675--springboot-openai-chatgpt | A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-14 | 7.3 | CVE-2025-2320 |
| 274056675--springboot-openai-chatgpt | A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-15 | 7.3 | CVE-2025-2322 |
| a2rocklobster--FTP Sync | Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync allows Stored XSS. This issue affects FTP Sync: from n/a through 1.1.6. | 2025-03-11 | 7.1 | CVE-2025-28892 |
| Adobe--Acrobat Reader | Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27158 |
| Adobe--Acrobat Reader | Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27159 |
| Adobe--Acrobat Reader | Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27160 |
| Adobe--Acrobat Reader | Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27161 |
| Adobe--Acrobat Reader | Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27162 |
| Adobe--Acrobat Reader | Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27174 |
| Adobe--Illustrator | Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. | 2025-03-11 | 7.8 | CVE-2025-27167 |
| Adobe--Illustrator | Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27168 |
| Adobe--Illustrator | Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27169 |
| Adobe--InDesign Desktop | InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-24452 |
| Adobe--InDesign Desktop | InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-24453 |
| Adobe--InDesign Desktop | InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27166 |
| Adobe--InDesign Desktop | InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27171 |
| Adobe--InDesign Desktop | InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27175 |
| Adobe--InDesign Desktop | InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27177 |
| Adobe--InDesign Desktop | InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27178 |
| Adobe--Substance3D - Designer | Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-21169 |
| Adobe--Substance3D - Designer | Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27172 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.15.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27173 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.15.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-27181 |
| Adobe--Substance3D - Painter | Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-24450 |
| Adobe--Substance3D - Painter | Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-24451 |
| Adobe--Substance3D - Sampler | Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-24439 |
| Adobe--Substance3D - Sampler | Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-24440 |
| Adobe--Substance3D - Sampler | Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-24441 |
| Adobe--Substance3D - Sampler | Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-24442 |
| Adobe--Substance3D - Sampler | Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-24443 |
| Adobe--Substance3D - Sampler | Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-24444 |
| Adobe--Substance3D - Sampler | Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 7.8 | CVE-2025-24445 |
| Aldo Latino--PrivateContent | Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5. | 2025-03-15 | 8.3 | CVE-2025-26969 |
| Aldo Latino--PrivateContent | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.4. | 2025-03-15 | 8.5 | CVE-2025-26976 |
| AmentoTech--Workreap | The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to the plugin not properly validating a user's identity prior to (1) performing a social auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account. NOTE: This vulnerability was partially fixed in version 3.2.5. | 2025-03-12 | 9.8 | CVE-2024-13446 |
| AMI--AptioV | APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution. | 2025-03-11 | 7.5 | CVE-2024-54084 |
| Anps--Industrial | The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-03-14 | 8.8 | CVE-2024-13376 |
| apple -- ipados | The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory. | 2025-03-10 | 7.5 | CVE-2024-44227 |
| apple -- macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory. | 2025-03-10 | 7.5 | CVE-2024-54546 |
| apple -- safari | An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.). | 2025-03-11 | 8.8 | CVE-2025-24201 |
| Apple--macOS | A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges. | 2025-03-10 | 7.8 | CVE-2022-43454 |
| Apple--macOS | A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library. | 2025-03-10 | 7.5 | CVE-2024-54558 |
| arielbrailovsky--ArielBrailovsky-ViralAd | The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'text' and 'id' parameters of the limpia() function in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This only appears to be exploitable on very old versions of WordPress. | 2025-03-13 | 7.5 | CVE-2025-2106 |
| arielbrailovsky--ArielBrailovsky-ViralAd | The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the printResultAndDie() function in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This only appears to be exploitable on very old versions of WordPress. | 2025-03-13 | 7.5 | CVE-2025-2107 |
| Autodesk--AutoCAD | A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-03-13 | 7.8 | CVE-2025-1427 |
| Autodesk--AutoCAD | A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-03-13 | 7.8 | CVE-2025-1428 |
| Autodesk--AutoCAD | A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-03-13 | 7.8 | CVE-2025-1429 |
| Autodesk--AutoCAD | A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | 2025-03-13 | 7.8 | CVE-2025-1430 |
| Autodesk--AutoCAD | A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-03-13 | 7.8 | CVE-2025-1431 |
| Autodesk--AutoCAD | A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-03-13 | 7.8 | CVE-2025-1432 |
| Autodesk--AutoCAD | A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-03-13 | 7.8 | CVE-2025-1433 |
| Autodesk--AutoCAD | A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-03-13 | 7.8 | CVE-2025-1649 |
| Autodesk--AutoCAD | A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-03-13 | 7.8 | CVE-2025-1650 |
| Autodesk--AutoCAD | A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-03-13 | 7.8 | CVE-2025-1651 |
| Autodesk--AutoCAD | A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-03-13 | 7.8 | CVE-2025-1652 |
| BCS Website Solutions--Insert Code | Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code allows Stored XSS. This issue affects Insert Code: from n/a through 2.4. | 2025-03-11 | 7.1 | CVE-2025-28932 |
| bhzad--WP jQuery Persian Datepicker | Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker allows Stored XSS. This issue affects WP jQuery Persian Datepicker: from n/a through 0.1.0. | 2025-03-11 | 7.1 | CVE-2025-28861 |
| boopathi0001--WP Test Email | The WP Test Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-15 | 7.2 | CVE-2025-2325 |
| Chaser324--Featured Posts Grid | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaser324 Featured Posts Grid allows Stored XSS. This issue affects Featured Posts Grid: from n/a through 1.7. | 2025-03-11 | 7.1 | CVE-2025-28905 |
| Cisco--Cisco IOS XR Software | A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. | 2025-03-12 | 8.6 | CVE-2025-20115 |
| Cisco--Cisco IOS XR Software | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands. | 2025-03-12 | 8.8 | CVE-2025-20138 |
| Cisco--Cisco IOS XR Software | A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed IPv4 packets that are received on line cards where the interface has either an IPv4 ACL or QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to cause network processor errors, resulting in a reset or shutdown of the network process. Traffic over that line card would be lost while the line card reloads. Note: This vulnerability has predominantly been observed in Layer 2 VPN (L2VPN) environments where an IPv4 ACL or QoS policy has been applied to the bridge virtual interface. Layer 3 configurations where the interface has either an IPv4 ACL or QoS policy applied are also affected, though the vulnerability has not been observed. | 2025-03-12 | 8.6 | CVE-2025-20142 |
| Cisco--Cisco IOS XR Software | A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed IPv4 multicast packets that are received on line cards where the interface has either an IPv4 access control list (ACL) or a QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 multicast packets through an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset. Traffic over that line card would be lost while the line card reloads. | 2025-03-12 | 8.6 | CVE-2025-20146 |
| Cisco--Cisco IOS XR Software | A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms. This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition. | 2025-03-12 | 7.4 | CVE-2025-20141 |
| Cisco--Cisco IOS XR Software | A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets. This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2025-03-12 | 7.5 | CVE-2025-20209 |
| cmsmasters--Eco Nature - Environment & Ecology WordPress Theme | The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 'hide' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. | 2025-03-14 | 8.1 | CVE-2025-0952 |
| cookforweb--All In Menu | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cookforweb All In Menu allows Blind SQL Injection. This issue affects All In Menu: from n/a through 1.1.5. | 2025-03-15 | 8.5 | CVE-2025-27281 |
| croixhaug--Appointment Booking Calendar Simply Schedule Appointments Booking Plugin | The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-03-13 | 7.3 | CVE-2025-1119 |
| Datalust--Seq | An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or (2) when username/password or Active Directory authentication is in use and a user visits a compromised/malicious site under the same effective top-level domain as the Seq server. Exploitation of the vulnerability allows the attacker to conduct impersonation attacks and perform actions in Seq on behalf of the targeted user. | 2025-03-11 | 8.8 | CVE-2025-27912 |
| DayCloud--StudentManage | A vulnerability classified as critical was found in DayCloud StudentManage 1.0. This vulnerability affects unknown code of the file /admin/adminScoreUrl of the component Login Endpoint. The manipulation of the argument query leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-16 | 7.3 | CVE-2025-2351 |
| Delta Electronics--CNCSoft-G2 | Delta Electronics CNCSoft-G2 Version 2.1.0.16 and prior lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | 2025-03-13 | 7.8 | CVE-2024-12858 |
| DevriX--Hashtags | Cross-Site Request Forgery (CSRF) vulnerability in DevriX Hashtags allows Stored XSS. This issue affects Hashtags: from n/a through 0.3.2. | 2025-03-11 | 7.1 | CVE-2025-28931 |
| dvs11--Random Posts, Mp3 Player + ShareButton | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dvs11 Random Posts, Mp3 Player + ShareButton allows Reflected XSS. This issue affects Random Posts, Mp3 Player + ShareButton: from n/a through 1.4.1. | 2025-03-15 | 7.1 | CVE-2025-23744 |
| EPC--Massive Dynamic | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EPC Massive Dynamic. This issue affects Massive Dynamic: from n/a through 8.2. | 2025-03-10 | 9 | CVE-2025-26916 |
| Fortinet--FortiADC | An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests. | 2025-03-11 | 8.8 | CVE-2023-37933 |
| Fortinet--FortiClientMac | An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. | 2025-03-14 | 8.2 | CVE-2023-45588 |
| Fortinet--FortiIsolator | Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via specifically crafted CLI commands. | 2025-03-11 | 8.8 | CVE-2024-55590 |
| Fortinet--FortiManager | A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets | 2025-03-14 | 8.8 | CVE-2024-46662 |
| Fortinet--FortiNDR | A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests. | 2025-03-11 | 7.5 | CVE-2023-48790 |
| Fortinet--FortiPAM | A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands. | 2025-03-11 | 7.2 | CVE-2024-45324 |
| Fortinet--FortiProxy | An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server. | 2025-03-14 | 7.5 | CVE-2024-26006 |
| Fortinet--FortiSandbox | An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. | 2025-03-11 | 8.8 | CVE-2024-52961 |
| Fortinet--FortiSandbox | An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu. | 2025-03-11 | 7.8 | CVE-2024-45328 |
| Fortinet--FortiSandbox | Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests. | 2025-03-11 | 7.2 | CVE-2024-54018 |
| Fortinet--FortiSIEM | An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 allows attacker to execute unauthorized code or commands via api request. | 2025-03-11 | 8.1 | CVE-2023-40723 |
| FreeType--FreeType | An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. | 2025-03-11 | 8.1 | CVE-2025-27363 |
| frucomerci--List of Posts from each Category plugin for WordPress | Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress allows Stored XSS. This issue affects List of Posts from each Category plugin for WordPress: from n/a through 2.0. | 2025-03-11 | 7.1 | CVE-2025-28894 |
| Gallagher--Command Centre Server | Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre prior to 9.20.1043. | 2025-03-10 | 8.7 | CVE-2024-41724 |
| Gallagher--Milestone Integration Plugin | Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior. | 2025-03-10 | 7.2 | CVE-2024-43107 |
| GE Vernova--EnerVista UR Setup | Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify. | 2025-03-10 | 8 | CVE-2025-27254 |
| GE Vernova--EnerVista UR Setup | Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code. | 2025-03-10 | 8 | CVE-2025-27255 |
| GE Vernova--EnerVista UR Setup | Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network. | 2025-03-10 | 8.3 | CVE-2025-27256 |
| go-vela--server | Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit, and any user with access to the CI instance and the linked source control manager can perform the exploit. Versions 0.25.3 and 0.26.3 fix the issue. No known workarounds are available. | 2025-03-10 | 8.5 | CVE-2025-27616 |
| Google--Android | In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-03-10 | 8.4 | CVE-2024-56191 |
| Google--Android | In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-03-10 | 7.8 | CVE-2024-56192 |
| Google--Chrome | Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-03-10 | 8.8 | CVE-2025-1920 |
| Google--Chrome | Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-03-10 | 8.8 | CVE-2025-2135 |
| Google--Chrome | Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2025-03-10 | 8.8 | CVE-2025-2136 |
| Google--Chrome | Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | 2025-03-10 | 8.8 | CVE-2025-2137 |
| hiddenpearls--LoginPress | wp-login Custom Login Page Customizer | The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custom_plugin_set_option' function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. The 'WPBRIGADE_SDK__DEV_MODE' constant must be set to 'true' to exploit the vulnerability. | 2025-03-14 | 7.5 | CVE-2025-1764 |
| Hieu Nguyen--WATI Chat and Notification | Cross-Site Request Forgery (CSRF) vulnerability in Hieu Nguyen WATI Chat and Notification allows Stored XSS. This issue affects WATI Chat and Notification: from n/a through 1.1.2. | 2025-03-11 | 7.1 | CVE-2025-28925 |
| IBM--Qiskit SDK | A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload. | 2025-03-14 | 9.8 | CVE-2025-2000 |
| instawp--InstaWP Connect 1-click WP Staging & Migration | The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or incorrect nonce validation in the '/migrate/templates/main.php' file. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2025-03-14 | 8.8 | CVE-2024-13913 |
| Iqonic Design--WPBookit | Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1. | 2025-03-10 | 7.1 | CVE-2025-26910 |
| IROAD--Dash Cam X5 | A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-16 | 9.8 | CVE-2025-2345 |
| IROAD--Dash Cam X5 | A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-16 | 7.5 | CVE-2025-2343 |
| IronTemplates--SoundRise Music | The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-03-14 | 8.8 | CVE-2025-2103 |
| issuetrak--audit | A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive information, including user details, network and hardware information, installed programs, running processes, drives, and printers. Due to improper access controls, an attacker can retrieve audit data belonging to other users, potentially leading to unauthorized data exposure, privacy violations, and security risks. | 2025-03-13 | 7.7 | CVE-2025-2271 |
| Ivanti--Secure Access Client | Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | 2025-03-11 | 7.8 | CVE-2025-22454 |
| jazzigor--price-calc | Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc allows Stored XSS. This issue affects price-calc: from n/a through 0.6.3. | 2025-03-11 | 7.1 | CVE-2025-28891 |
| jdsofttech--School Management System WPSchoolPress | The School Management System - WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to update arbitrary user details including email which makes it possible to request a password reset and access arbitrary user accounts, including administrators. | 2025-03-15 | 8.8 | CVE-2025-1667 |
| johndarrel--WP Ghost (Hide My WP Ghost) Security & Firewall | The WP Ghost (Hide My WP Ghost) - Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read the contents of specific file types on the server, which can contain sensitive information. | 2025-03-14 | 7.5 | CVE-2025-2056 |
| Koha--Koha | GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter. | 2025-03-12 | 10 | CVE-2025-22954 |
| Koha--Koha | Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter. | 2025-03-16 | 7.7 | CVE-2025-30076 |
| Laravel Holdings Inc.--Laravel Framework | The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page. | 2025-03-10 | 8 | CVE-2024-13918 |
| Laravel Holdings Inc.--Laravel Framework | The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page. | 2025-03-10 | 8 | CVE-2024-13919 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire. | 2025-03-12 | 8.1 | CVE-2024-58087 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Don't reference skb after sending to VIOS Previously, after successfully flushing the xmit buffer to VIOS, the tx_bytes stat was incremented by the length of the skb. It is invalid to access the skb memory after sending the buffer to the VIOS because, at any point after sending, the VIOS can trigger an interrupt to free this memory. A race between reading skb->len and freeing the skb is possible (especially during LPM) and will result in use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic] Read of size 4 at addr c00000024eb48a70 by task hxecom/14495 <...> Call Trace: [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable) [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0 [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8 [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0 [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic] [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358 <...> Freed by task 0: kasan_save_stack+0x34/0x68 kasan_save_track+0x2c/0x50 kasan_save_free_info+0x64/0x108 __kasan_mempool_poison_object+0x148/0x2d4 napi_skb_cache_put+0x5c/0x194 net_tx_action+0x154/0x5b8 handle_softirqs+0x20c/0x60c do_softirq_own_stack+0x6c/0x88 <...> The buggy address belongs to the object at c00000024eb48a00 which belongs to the cache skbuff_head_cache of size 224 ================================================================== | 2025-03-12 | 7.8 | CVE-2025-21855 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: s390/ism: add release function for struct device According to device_release() in /drivers/base/core.c, a device without a release function is a broken device and must be fixed. The current code directly frees the device after calling device_add() without waiting for other kernel parts to release their references. Thus, a reference could still be held to a struct device, e.g., by sysfs, leading to potential use-after-free issues if a proper release function is not set. | 2025-03-12 | 7.8 | CVE-2025-21856 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in geneve_find_dev(). syzkaller reported a use-after-free in geneve_find_dev() [0] without repro. geneve_configure() links struct geneve_dev.next to net_generic(net, geneve_net_id)->geneve_list. The net here could differ from dev_net(dev) if IFLA_NET_NS_PID, IFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set. When dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally calls unregister_netdevice_queue() for each dev in the netns, and later the dev is freed. However, its geneve_dev.next is still linked to the backend UDP socket netns. Then, use-after-free will occur when another geneve dev is created in the netns. Let's call geneve_dellink() instead in geneve_destroy_tunnels(). [0]: BUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline] BUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343 Read of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441 CPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d Hardware name: linux,dummy-virt (DT) Call trace: show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C) __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x16c/0x6f0 mm/kasan/report.c:489 kasan_report+0xc0/0x120 mm/kasan/report.c:602 __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379 geneve_find_dev drivers/net/geneve.c:1295 [inline] geneve_configure+0x234/0x858 drivers/net/geneve.c:1343 geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634 rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795 __rtnl_newlink net/core/rtnetlink.c:3906 [inline] rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021 rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911 netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543 rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline] netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348 netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892 sock_sendmsg_nosec net/socket.c:713 [inline] __sock_sendmsg net/socket.c:728 [inline] ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568 ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622 __sys_sendmsg net/socket.c:2654 [inline] __do_sys_sendmsg net/socket.c:2659 [inline] __se_sys_sendmsg net/socket.c:2657 [inline] __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151 el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600 Allocated by task 13247: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x30/0x68 mm/kasan/common.c:68 kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4298 [inline] __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304 __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645 alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470 rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604 rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780 __rtnl_newlink net/core/rtnetlink.c:3906 [inline] rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021 rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911 netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543 rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938 netlink_unicast_kernel net/netlink/af_n ---truncated--- | 2025-03-12 | 7.8 | CVE-2025-21858 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations. | 2025-03-12 | 7.8 | CVE-2025-21863 |
| LoveCards--LoveCardsV2 | A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This issue affects some unknown processing of the file /api/upload/image. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-12 | 7.3 | CVE-2025-2219 |
| magepeopleteam--Booking and Rental Manager | Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager allows Object Injection. This issue affects Booking and Rental Manager: from n/a through 2.2.6. | 2025-03-15 | 8.8 | CVE-2025-26921 |
| Martin--WP Compare Tables | Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables allows Stored XSS. This issue affects WP Compare Tables: from n/a through 1.0.5. | 2025-03-11 | 7.1 | CVE-2025-28883 |
| maxfoundry--MaxA/B | Cross-Site Request Forgery (CSRF) vulnerability in maxfoundry MaxA/B allows Stored XSS. This issue affects MaxA/B: from n/a through 2.2.2. | 2025-03-11 | 7.1 | CVE-2025-28933 |
| microsoft -- windows_10_1507 | Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7 | CVE-2025-24983 |
| microsoft -- windows_10_1507 | Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. | 2025-03-11 | 7.8 | CVE-2025-24985 |
| microsoft -- windows_10_1507 | Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. | 2025-03-11 | 7.8 | CVE-2025-24993 |
| microsoft -- windows_10_1507 | Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. | 2025-03-11 | 7 | CVE-2025-26633 |
| Microsoft--ASP.NET Core 8.0 | Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. | 2025-03-11 | 7 | CVE-2025-24070 |
| Microsoft--Azure ARC | Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7 | CVE-2025-26627 |
| Microsoft--Azure CLI | Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. | 2025-03-11 | 8.4 | CVE-2025-24049 |
| Microsoft--Microsoft 365 Apps for Enterprise | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 2025-03-11 | 7.8 | CVE-2025-24077 |
| Microsoft--Microsoft 365 Apps for Enterprise | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-03-11 | 7.8 | CVE-2025-26629 |
| Microsoft--Microsoft Dataverse | Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | 2025-03-13 | 7.2 | CVE-2025-24053 |
| Microsoft--Microsoft Office 2019 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-03-11 | 7.8 | CVE-2025-24057 |
| Microsoft--Microsoft Office 2019 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 2025-03-11 | 7 | CVE-2025-24078 |
| Microsoft--Microsoft Office 2019 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 2025-03-11 | 7.8 | CVE-2025-24079 |
| Microsoft--Microsoft Office 2019 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-03-11 | 7.8 | CVE-2025-24080 |
| Microsoft--Microsoft Office 2019 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-03-11 | 7.8 | CVE-2025-24083 |
| Microsoft--Microsoft Office 2019 | Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally. | 2025-03-11 | 7.8 | CVE-2025-26630 |
| Microsoft--Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.3 | CVE-2025-25003 |
| Microsoft--Microsoft Visual Studio 2022 version 17.13 | Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.3 | CVE-2025-24998 |
| Microsoft--Office Online Server | Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-03-11 | 7.8 | CVE-2025-24075 |
| Microsoft--Office Online Server | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-03-11 | 7.8 | CVE-2025-24081 |
| Microsoft--Office Online Server | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-03-11 | 7.8 | CVE-2025-24082 |
| Microsoft--Visual Studio Code | Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.3 | CVE-2025-26631 |
| Microsoft--WinDbg | Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network. | 2025-03-11 | 7.5 | CVE-2025-24043 |
| Microsoft--Windows 10 Version 1809 | Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | 2025-03-11 | 8.1 | CVE-2025-24035 |
| Microsoft--Windows 10 Version 1809 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | 2025-03-11 | 8.8 | CVE-2025-24051 |
| Microsoft--Windows 10 Version 1809 | Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network. | 2025-03-11 | 8.8 | CVE-2025-24056 |
| Microsoft--Windows 10 Version 1809 | Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally. | 2025-03-11 | 7.8 | CVE-2025-21180 |
| Microsoft--Windows 10 Version 1809 | Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.8 | CVE-2025-24044 |
| Microsoft--Windows 10 Version 1809 | Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.8 | CVE-2025-24046 |
| Microsoft--Windows 10 Version 1809 | Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.8 | CVE-2025-24048 |
| Microsoft--Windows 10 Version 1809 | Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.8 | CVE-2025-24050 |
| Microsoft--Windows 10 Version 1809 | Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.8 | CVE-2025-24059 |
| Microsoft--Windows 10 Version 1809 | Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally. | 2025-03-11 | 7.8 | CVE-2025-24061 |
| Microsoft--Windows 10 Version 1809 | Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.8 | CVE-2025-24066 |
| Microsoft--Windows 10 Version 1809 | Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.8 | CVE-2025-24067 |
| Microsoft--Windows 10 Version 1809 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | 2025-03-11 | 7.5 | CVE-2025-24071 |
| Microsoft--Windows 10 Version 1809 | Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.8 | CVE-2025-24072 |
| Microsoft--Windows 10 Version 1809 | Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.8 | CVE-2025-24995 |
| Microsoft--Windows 10 Version 1809 | Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network. | 2025-03-11 | 7.5 | CVE-2025-26634 |
| Microsoft--Windows 11 version 22H2 | Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.3 | CVE-2025-24076 |
| Microsoft--Windows 11 version 22H2 | Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.3 | CVE-2025-24994 |
| Microsoft--Windows App Client for Windows Desktop | Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | 2025-03-11 | 8.8 | CVE-2025-26645 |
| Microsoft--Windows Server 2019 | Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | 2025-03-11 | 8.1 | CVE-2025-24045 |
| Microsoft--Windows Server 2019 | Use after free in DNS Server allows an unauthorized attacker to execute code over a network. | 2025-03-11 | 8.1 | CVE-2025-24064 |
| Microsoft--Windows Server 2019 | Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 7.1 | CVE-2025-25008 |
| Microsoft--Windows Server 2022 | Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally. | 2025-03-11 | 8.4 | CVE-2025-24084 |
| misskey-dev--misskey | Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the `id` and `url` fields of ActivityPub objects. An attacker can forge an object where they claim authority in the `url` field even if the specific ActivityPub object type require authority in the `id` field. Version 2025.2.1 addresses the issue. | 2025-03-10 | 9.3 | CVE-2025-25306 |
| Mozilla--Thunderbird | Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. | 2025-03-10 | 7 | CVE-2025-26696 |
| n/a--JobCareer | Job Board Responsive WordPress Theme | The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, generate backups, restore backups, update theme options, and reset theme options to default settings. | 2025-03-14 | 8.8 | CVE-2024-12810 |
| n/a--libzvbi | A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The identifier of the patch is ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. | 2025-03-11 | 7.3 | CVE-2025-2176 |
| n/a--libzvbi | A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. | 2025-03-11 | 7.3 | CVE-2025-2177 |
| n/a--n/a | VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of VisicutModel.java. | 2025-03-10 | 9.8 | CVE-2025-25940 |
| n/a--n/a | An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement. | 2025-03-10 | 9.8 | CVE-2025-25977 |
| n/a--n/a | Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers. | 2025-03-10 | 8.8 | CVE-2025-25614 |
| n/a--n/a | An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint | 2025-03-12 | 8.8 | CVE-2025-25711 |
| n/a--n/a | tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request. | 2025-03-10 | 8.8 | CVE-2025-25907 |
| n/a--n/a | A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted GET request. | 2025-03-11 | 8 | CVE-2025-25928 |
| n/a--n/a | tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request. | 2025-03-10 | 8 | CVE-2025-27910 |
| n/a--n/a | An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints | 2025-03-12 | 7.5 | CVE-2025-25709 |
| n/a--WP JobHunt | The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the account_settings_save_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | 2025-03-14 | 9.8 | CVE-2024-11284 |
| n/a--WP JobHunt | The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. | 2025-03-14 | 9.8 | CVE-2024-11285 |
| n/a--WP JobHunt | The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, including administrators. | 2025-03-14 | 9.8 | CVE-2024-11286 |
| n/a--WP JobHunt | The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts. | 2025-03-14 | 7.5 | CVE-2024-11283 |
| Naren--Members page only for logged in users | Cross-Site Request Forgery (CSRF) vulnerability in Naren Members page only for logged in users allows Stored XSS. This issue affects Members page only for logged in users: from n/a through 1.4.2. | 2025-03-11 | 7.1 | CVE-2025-28901 |
| Nintex--Automation | Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input. | 2025-03-10 | 8.5 | CVE-2025-27925 |
| Nitin Prakash--WC Place Order Without Payment | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7. | 2025-03-10 | 7.5 | CVE-2025-26933 |
| NotFound--Debug-Bar-Extender | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Debug-Bar-Extender allows Reflected XSS. This issue affects Debug-Bar-Extender: from n/a through 0.5. | 2025-03-15 | 7.1 | CVE-2025-26555 |
| NotFound--Fresh Framework | Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0. | 2025-03-10 | 10 | CVE-2025-26936 |
| NotFound--Fresh Framework | Missing Authorization vulnerability in NotFound Fresh Framework allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Fresh Framework: from n/a through 1.70.0. | 2025-03-15 | 8.6 | CVE-2025-26961 |
| NotFound--FS Poster | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8. | 2025-03-15 | 8.5 | CVE-2025-26978 |
| NotFound--PrivateContent | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5. | 2025-03-15 | 7.1 | CVE-2025-26972 |
| NotFound--Random Image Selector | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Random Image Selector allows Reflected XSS. This issue affects Random Image Selector: from n/a through 2.4. | 2025-03-15 | 7.1 | CVE-2025-26548 |
| NotFound--WP Discord Post | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Discord Post allows Reflected XSS. This issue affects WP Discord Post: from n/a through 2.1.0. | 2025-03-15 | 7.1 | CVE-2025-26554 |
| NVIDIA--NeMo Framework | NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering. | 2025-03-11 | 7.1 | CVE-2025-23360 |
| NVIDIA--Riva | NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure. | 2025-03-11 | 7.3 | CVE-2025-23242 |
| Parallels--Parallels Desktop | Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine. | 2025-03-16 | 7.8 | CVE-2025-30074 |
| Passbolt--API | Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header. | 2025-03-10 | 7.5 | CVE-2025-27913 |
| Percona--Monitoring and Management | An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3 3.0.0-1.ova and later. | 2025-03-11 | 10 | CVE-2025-26701 |
| perl--Crypt::Random | Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. Crypt::Random::rand 1.05 through 1.55 uses the rand() function. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider. In particular, Windows versions of perl will encounter this issue by default. | 2025-03-11 | 8.8 | CVE-2025-1828 |
| philippe--No Disposable Email | Cross-Site Request Forgery (CSRF) vulnerability in philippe No Disposable Email allows Stored XSS. This issue affects No Disposable Email: from n/a through 2.5.1. | 2025-03-11 | 7.1 | CVE-2025-28923 |
| Philips--Intellispace Cardiovascular (ISCV) | A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations. | 2025-03-13 | 7.7 | CVE-2025-2229 |
| Philips--Intellispace Cardiovascular (ISCV) | A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass. | 2025-03-13 | 7.7 | CVE-2025-2230 |
| Potenzaglobalsolutions--CiyaShop - Multipurpose WooCommerce Theme | The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'add_ciyashop_wishlist' and 'ciyashop_get_compare' functions. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | 2025-03-14 | 9.8 | CVE-2024-13824 |
| PPDPurveyor--Google News Editors Picks Feed Generator | Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator allows Stored XSS. This issue affects Google News Editors Picks Feed Generator: from n/a through 2.1. | 2025-03-11 | 7.1 | CVE-2025-28860 |
| PublishPress--PublishPress Authors | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Authors allows SQL Injection. This issue affects PublishPress Authors: from n/a through 4.7.3. | 2025-03-15 | 7.6 | CVE-2025-26886 |
| PureThemes--Realteo | The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role. | 2025-03-14 | 9.8 | CVE-2025-2232 |
| rack--rack | Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly. The vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. By exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file. Versions 2.2.13, 3.0.14, and 3.1.12 contain a patch for the issue. Other mitigations include removing usage of `Rack::Static`, or ensuring that `root:` points at a directory path which only contains files which should be accessed publicly. It is likely that a CDN or similar static file server would also mitigate the issue. | 2025-03-10 | 7.5 | CVE-2025-27610 |
| rankchecker--Rankchecker.io Integration | Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration allows Stored XSS. This issue affects Rankchecker.io Integration: from n/a through 1.0.9. | 2025-03-11 | 7.1 | CVE-2025-28857 |
| realmag777--HUSKY Products Filter Professional for WooCommerce | The HUSKY - Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2025-03-11 | 9.8 | CVE-2025-1661 |
| realmag777--WPCS WordPress Currency Switcher Professional | The The WPCS - WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-03-11 | 7.3 | CVE-2025-2169 |
| Red Hat--Red Hat build of Apache Camel 4 for Quarkus 3 | A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue. | 2025-03-12 | 7.5 | CVE-2025-2240 |
| Red Hat--Red Hat Enterprise Linux 6 | A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. | 2025-03-14 | 7.5 | CVE-2024-8176 |
| rmosolgo--graphql-ruby | graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue. | 2025-03-12 | 9 | CVE-2025-27407 |
| ruby--json | JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are available. | 2025-03-12 | 7.5 | CVE-2025-27788 |
| Santesoft--Sante PACS Server | During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker. | 2025-03-13 | 9.8 | CVE-2025-2263 |
| Santesoft--Sante PACS Server | A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed. | 2025-03-13 | 7.5 | CVE-2025-2264 |
| Santesoft--Sante PACS Server | The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte | 2025-03-13 | 7.8 | CVE-2025-2265 |
| Santesoft--Sante PACS Server | A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe". | 2025-03-13 | 7.5 | CVE-2025-2284 |
| SAP_SE--SAP Commerce (Swagger UI) | Due to insufficient input validation, SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting (XSS) attack. This could lead to a high impact on the confidentiality, integrity, and availability of data in SAP Commerce. | 2025-03-11 | 8.8 | CVE-2025-27434 |
| SAP_SE--SAP NetWeaver (ABAP Class Builder) | Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. It could also have a high impact on the integrity and availability of the application. | 2025-03-11 | 8.8 | CVE-2025-26661 |
| Schneider Electric--WebHMI Deployed with EcoStruxure Power Automation System | CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system's default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interface. | 2025-03-12 | 9.8 | CVE-2025-1960 |
| scottopolis--AppPresser Mobile App Framework | The AppPresser - Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 4.4.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when logging is enabled that will execute whenever a user accesses an injected page. | 2025-03-13 | 7.2 | CVE-2025-1561 |
| ShineTheme--Travel Booking WordPress Theme | The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. | 2025-03-15 | 9.8 | CVE-2025-1771 |
| SICK AG--SICK DL100-2xxxxxxx | The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems. | 2025-03-14 | 9.3 | CVE-2025-27593 |
| SICK AG--SICK DL100-2xxxxxxx | The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device. | 2025-03-14 | 9.8 | CVE-2025-27595 |
| SICK AG--SICK DL100-2xxxxxxx | The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack. | 2025-03-14 | 7.5 | CVE-2025-27594 |
| Siemens--SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. This could allow an authenticated lowly-privileged remote attacker to escalate their privileges. | 2025-03-11 | 8.8 | CVE-2025-27396 |
| Siemens--SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device. | 2025-03-11 | 7.2 | CVE-2025-27392 |
| Siemens--SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device. | 2025-03-11 | 7.2 | CVE-2025-27393 |
| Siemens--SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device. | 2025-03-11 | 7.2 | CVE-2025-27394 |
| Siemens--SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files. | 2025-03-11 | 7.2 | CVE-2025-27395 |
| Siemens--SIMATIC Field PG M5 | A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller. | 2025-03-11 | 8.2 | CVE-2024-56181 |
| Siemens--SIMATIC Field PG M5 | A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller. | 2025-03-11 | 8.2 | CVE-2024-56182 |
| Siemens--Simcenter Femap V2401 | A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25443) | 2025-03-13 | 7.8 | CVE-2025-25175 |
| Siemens--SINAMICS S200 | A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02). The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted firmware. The intrinsic security features designed to protect against data manipulation and unauthorized access are compromised when the bootloader is not secured. | 2025-03-11 | 9.8 | CVE-2024-56336 |
| Siemens--SiPass integrated AC5102 (ACC-G2) | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. | 2025-03-11 | 9.1 | CVE-2025-27494 |
| Siemens--SiPass integrated AC5102 (ACC-G2) | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. | 2025-03-11 | 8.2 | CVE-2025-27493 |
| Siemens--Teamcenter Visualization V14.3 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. | 2025-03-11 | 7.8 | CVE-2025-23396 |
| Siemens--Teamcenter Visualization V14.3 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2025-03-11 | 7.8 | CVE-2025-23397 |
| Siemens--Teamcenter Visualization V14.3 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2025-03-11 | 7.8 | CVE-2025-23398 |
| Siemens--Teamcenter Visualization V14.3 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2025-03-11 | 7.8 | CVE-2025-23399 |
| Siemens--Teamcenter Visualization V14.3 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2025-03-11 | 7.8 | CVE-2025-23400 |
| Siemens--Teamcenter Visualization V14.3 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2025-03-11 | 7.8 | CVE-2025-23401 |
| Siemens--Teamcenter Visualization V14.3 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. | 2025-03-11 | 7.8 | CVE-2025-23402 |
| Siemens--Teamcenter Visualization V14.3 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2025-03-11 | 7.8 | CVE-2025-27438 |
| silverplugins217--Multiple Shipping And Billing Address For Woocommerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows SQL Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.3. | 2025-03-15 | 9.3 | CVE-2025-26875 |
| simplesamlphp--saml2 | The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue. | 2025-03-11 | 8.6 | CVE-2025-27773 |
| Solid Plugins--AnalyticsWP | The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handle_get_stats() function. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-03-14 | 7.5 | CVE-2024-13321 |
| Spring Devs--Pre Order Addon for WooCommerce Advance Order/Backorder Plugin | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spring Devs Pre Order Addon for WooCommerce - Advance Order/Backorder Plugin allows Reflected XSS. This issue affects Pre Order Addon for WooCommerce - Advance Order/Backorder Plugin: from n/a through 2.2. | 2025-03-15 | 7.1 | CVE-2025-26553 |
| Steveorevo--Domain Theme | Cross-Site Request Forgery (CSRF) vulnerability in Steveorevo Domain Theme allows Stored XSS. This issue affects Domain Theme: from n/a through 1.3. | 2025-03-11 | 7.1 | CVE-2025-28897 |
| stylemix--Directory Listings WordPress plugin uListing | The Directory Listings WordPress plugin - uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.7. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator. | 2025-03-15 | 8.8 | CVE-2025-1653 |
| stylemix--Directory Listings WordPress plugin uListing | The Directory Listings WordPress plugin - uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update post meta data and inject PHP Objects that may be unserialized. | 2025-03-15 | 8.8 | CVE-2025-1657 |
| sumanbiswas013--Custom top bar | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sumanbiswas013 Custom top bar allows Stored XSS. This issue affects Custom top bar: from n/a through 2.0.2. | 2025-03-11 | 7.1 | CVE-2025-28895 |
| Tapandsign Technologies--Tap&Sign App | Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025. | 2025-03-10 | 7.3 | CVE-2024-12604 |
| techlabpro1--Review Schema Review & Structure Data Schema Plugin | The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. | 2025-03-11 | 8.8 | CVE-2025-1707 |
| TECNO--com.transsnet.store | The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks. | 2025-03-11 | 8.1 | CVE-2025-2190 |
| Terence D.--Go To Top | Cross-Site Request Forgery (CSRF) vulnerability in Terence D. Go To Top allows Stored XSS. This issue affects Go To Top: from n/a through 0.0.8. | 2025-03-11 | 7.1 | CVE-2025-28922 |
| Theme Egg--ThemeEgg ToolKit | Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit allows Upload a Web Shell to a Web Server. This issue affects ThemeEgg ToolKit: from n/a through 1.2.9. | 2025-03-11 | 9.1 | CVE-2025-28915 |
| tj-actions--changed-files | tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.) | 2025-03-15 | 8.6 | CVE-2025-30066 |
| tripetto--WordPress form builder plugin for contact forms, surveys and quizzes Tripetto | The WordPress form builder plugin for contact forms, surveys and quizzes - Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file. | 2025-03-15 | 7.2 | CVE-2024-13497 |
| umati--umatiGateway | umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit 5d81a3412bc0051754a3095d89a06d6d743f2b16 uses `127.0.0.1:8080:8080` to limit access to the local network. For those who are unable to use this proposed patch, a firewall on Port 8080 may block remote access, but the workaround may not be perfect because Docker may also bypass a firewall by its iptable based rules for port forwarding. | 2025-03-10 | 8.2 | CVE-2025-27615 |
| Unknown--Countdown Timer | The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-03-11 | 7.1 | CVE-2024-13864 |
| Unknown--Gtbabel | The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as the request made to analysed the URL contains such cookies. | 2025-03-10 | 8.8 | CVE-2024-11638 |
| Unknown--Limit Bio | The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-03-13 | 7.1 | CVE-2024-13884 |
| Unknown--Limit Bio | The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2025-03-13 | 7.1 | CVE-2025-1436 |
| Unknown--S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) | The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-03-11 | 7.1 | CVE-2024-13862 |
| Unknown--Schedule | The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-03-13 | 7.1 | CVE-2024-13891 |
| Unknown--WoWPth | The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-03-13 | 7.1 | CVE-2025-1486 |
| Unknown--WoWPth | The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-03-13 | 7.1 | CVE-2025-1487 |
| Unknown--WP Click Info | The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-03-13 | 7.1 | CVE-2025-1401 |
| Unknown--WP e-Customers Beta | The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-03-13 | 7.1 | CVE-2024-13885 |
| Unknown--WP Login Control | The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-03-11 | 7.1 | CVE-2024-13836 |
| Unknown--XV Random Quotes | The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-03-11 | 7.1 | CVE-2024-13574 |
| uxper--Civi - Job Board & Freelance Marketplace WordPress Theme | The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim. | 2025-03-14 | 9.8 | CVE-2024-13771 |
| uxper--Civi - Job Board & Freelance Marketplace WordPress Theme | The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys. | 2025-03-14 | 7.3 | CVE-2024-13773 |
| webgarb--TabGarb Pro | Cross-Site Request Forgery (CSRF) vulnerability in webgarb TabGarb Pro allows Stored XSS. This issue affects TabGarb Pro: from n/a through 2.6. | 2025-03-11 | 7.1 | CVE-2025-28900 |
| whyun--WPCOM Member | The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the 'user_phone' parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-03-14 | 7.5 | CVE-2025-2221 |
| X.org--X server | In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock. | 2025-03-16 | 7.7 | CVE-2022-49737 |
| xmlsoft--libxslt | xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. | 2025-03-14 | 7.8 | CVE-2024-55549 |
| xmlsoft--libxslt | numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. | 2025-03-14 | 7.8 | CVE-2025-24855 |
| yaniiliev--All-in-One WP Migration and Backup | The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replace_serialized_values' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must export and restore a backup in order to trigger the exploit. | 2025-03-13 | 7.5 | CVE-2024-10942 |
| Zoom Communications, Inc--Zoom Workplace Apps for iOS | Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access. | 2025-03-11 | 7.1 | CVE-2025-0150 |
| Zoom Communications, Inc--Zoom Workplace Apps | Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access. | 2025-03-11 | 8.5 | CVE-2025-0151 |
| Zoom Communications, Inc--Zoom Workplace Apps | Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access. | 2025-03-11 | 8.5 | CVE-2025-27439 |
| Zoom Communications, Inc--Zoom Workplace Apps | Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access. | 2025-03-11 | 8.5 | CVE-2025-27440 |
| Zyxel--AX7501-B1 firmware | A post-authentication command injection vulnerability in the "zyUtilMailSend" function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. | 2025-03-11 | 7.2 | CVE-2024-12010 |
| Zyxel--EX5601-T1 firmware | A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. | 2025-03-11 | 7.2 | CVE-2024-12009 |
| Zyxel--VMG8825-T50K firmware | A post-authentication command injection vulnerability in the "DNSServer" parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. | 2025-03-11 | 7.2 | CVE-2024-11253 |
| zzmaster--WP AntiDDOS | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zzmaster WP AntiDDOS allows Reflected XSS. This issue affects WP AntiDDOS: from n/a through 2.0. | 2025-03-15 | 7.1 | CVE-2025-26556 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 274056675--springboot-openai-chatgpt | A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this issue is some unknown functionality of the file /api/mjkj-chat/cgform-api/addData/. The manipulation of the argument chatUserID leads to business logic errors. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-15 | 6.3 | CVE-2025-2321 |
| 274056675--springboot-openai-chatgpt | A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-15 | 5.4 | CVE-2025-2334 |
| 274056675--springboot-openai-chatgpt | A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to enforcement of behavioral workflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-15 | 4.3 | CVE-2025-2323 |
| A. Chappard--Display Template Name | Cross-Site Request Forgery (CSRF) vulnerability in A. Chappard Display Template Name allows Cross Site Request Forgery. This issue affects Display Template Name: from n/a through 1.7.1. | 2025-03-11 | 4.3 | CVE-2025-28927 |
| A. Jones--Featured Image Thumbnail Grid | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A. Jones Featured Image Thumbnail Grid allows Stored XSS. This issue affects Featured Image Thumbnail Grid: from n/a through 6.6.1. | 2025-03-11 | 6.5 | CVE-2025-28918 |
| Adobe--Acrobat Reader | Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 5.5 | CVE-2025-24431 |
| Adobe--Acrobat Reader | Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 5.5 | CVE-2025-27163 |
| Adobe--Acrobat Reader | Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 5.5 | CVE-2025-27164 |
| Adobe--Illustrator | Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 5.5 | CVE-2025-24448 |
| Adobe--Illustrator | Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 5.5 | CVE-2025-24449 |
| Adobe--Illustrator | Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 5.5 | CVE-2025-27170 |
| Adobe--InDesign Desktop | InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 5.5 | CVE-2025-27176 |
| Adobe--InDesign Desktop | InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 5.5 | CVE-2025-27179 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.15.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 5.5 | CVE-2025-21170 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.15.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-03-11 | 5.5 | CVE-2025-27180 |
| Aftab Ali Muni--WP Add Active Class To Menu Item | Cross-Site Request Forgery (CSRF) vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item allows Cross Site Request Forgery. This issue affects WP Add Active Class To Menu Item: from n/a through 1.0. | 2025-03-11 | 4.3 | CVE-2025-28913 |
| Ajay Sharma--wordpress login form to anywhere | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Sharma wordpress login form to anywhere allows Stored XSS. This issue affects wordpress login form to anywhere: from n/a through 0.2. | 2025-03-11 | 5.9 | CVE-2025-28914 |
| Akshar Soft Solutions--AS English Admin | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin allows Phishing. This issue affects AS English Admin: from n/a through 1.0.0. | 2025-03-11 | 4.7 | CVE-2025-28896 |
| amocrm--amoCRM WebForm | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in amocrm amoCRM WebForm allows DOM-Based XSS. This issue affects amoCRM WebForm: from n/a through 1.1. | 2025-03-11 | 6.5 | CVE-2025-28870 |
| Apache Software Foundation--Apache Camel | Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, or the camel-exec component. If you have Camel applications that are directly connected to the internet via HTTP, then an attacker could include parameters in the HTTP requests that are sent to the Camel application that get translated into headers. The headers could be both provided as request parameters for an HTTP methods invocation or as part of the payload of the HTTP methods invocation. All the known Camel HTTP component such as camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http would be vulnerable out of the box. This CVE is related to the CVE-2025-27636: while they have the same root cause and are fixed with the same fix, CVE-2025-27636 was assumed to only be exploitable if an attacker could add malicious HTTP headers, while we have now determined that it is also exploitable via HTTP parameters. Like in CVE-2025-27636, exploitation is only possible if the Camel route uses particular vulnerable components. | 2025-03-12 | 4.2 | CVE-2025-29891 |
| Apache Software Foundation--Apache Tomcat | Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.98, which fixes the issue. | 2025-03-10 | 5.5 | CVE-2025-24813 |
| apple -- ipados | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information. | 2025-03-10 | 5.5 | CVE-2024-54469 |
| apple -- ipados | A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission. | 2025-03-10 | 5.5 | CVE-2024-54560 |
| apple -- macos | This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. An app may be able to access removable volumes without user consent. | 2025-03-10 | 5.5 | CVE-2024-54463 |
| apple -- macos | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. | 2025-03-10 | 5.5 | CVE-2024-54473 |
| apple -- safari | A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. | 2025-03-10 | 6.5 | CVE-2024-54467 |
| apple -- safari | The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash. | 2025-03-10 | 5.5 | CVE-2024-44192 |
| Apple--macOS | This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data. | 2025-03-10 | 5.5 | CVE-2022-48610 |
| AREAL SAS--Topkapi Vision Webserv2 | The Spreadsheet view is vulnerable to a XSS attack, where a remote unauthorised attacker can read a limited amount of values or DoS the affected spreadsheet. Disclosure of secrets or other system settings is not affected as well as other spreadsheets still work as expected. | 2025-03-11 | 6.1 | CVE-2025-1434 |
| arkapravamajumder--Back To Top | Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0. | 2025-03-11 | 4.3 | CVE-2025-28940 |
| assimp -- assimp | A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-10 | 6.3 | CVE-2025-2152 |
| aumsrini--Bee Layer Slider | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aumsrini Bee Layer Slider allows Stored XSS. This issue affects Bee Layer Slider: from n/a through 1.1. | 2025-03-11 | 6.5 | CVE-2025-28879 |
| babel--babel | Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the `.replace` method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to `.replace`). Generated code is vulnerable if all the following conditions are true: Using Babel to compile regular expression named capturing groups, using the `.replace` method on a regular expression that contains named capturing groups, and the code using untrusted strings as the second argument of `.replace`. This problem has been fixed in `@babel/helpers` and `@babel/runtime` 7.26.10 and 8.0.0-alpha.17. It's likely that individual users do not directly depend on `@babel/helpers`, and instead depend on `@babel/core` (which itself depends on `@babel/helpers`). Upgrading to `@babel/core` 7.26.10 is not required, but it guarantees use of a new enough `@babel/helpers` version. Note that just updating Babel dependencies is not enough; one will also need to re-compile the code. No known workarounds are available. | 2025-03-11 | 6.2 | CVE-2025-27789 |
| beeteam368--VidoRev Extensions | The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5. This makes it possible for unauthenticated attackers to import arbitrary youtube videos. | 2025-03-14 | 5.3 | CVE-2025-0955 |
| Beijing Zhide Intelligent Internet Technology--Modern Farm Digital Integrated Management System | A vulnerability was found in Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-10 | 5.3 | CVE-2025-2147 |
| Benjamin Pick--Contact Form 7 Select Box Editor Button | Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button allows Cross Site Request Forgery. This issue affects Contact Form 7 Select Box Editor Button: from n/a through 0.6. | 2025-03-11 | 4.3 | CVE-2025-28902 |
| Bjoern--WP Performance Pack | Missing Authorization vulnerability in Bjoern WP Performance Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Performance Pack: from n/a through 2.5.3. | 2025-03-11 | 4.3 | CVE-2025-28938 |
| brechtvds--WP Recipe Maker | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Roundup Recipe Name field in all versions up to, and including, 9.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-13 | 6.4 | CVE-2025-1503 |
| Carlos Minatti--Delete Original Image | Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image allows Cross Site Request Forgery. This issue affects Delete Original Image: from n/a through 0.4. | 2025-03-11 | 4.3 | CVE-2025-28863 |
| changeweb -- unifiedtransform | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. | 2025-03-10 | 4.3 | CVE-2025-25616 |
| Cisco--Cisco IOS XR Software | A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to insufficient verification of modules in the software load process. An attacker could exploit this vulnerability by manipulating the loaded binaries to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system. Note: This vulnerability affects Cisco IOS XR Software, not the Secure Boot feature. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2025-03-12 | 6.7 | CVE-2025-20143 |
| Cisco--Cisco IOS XR Software | A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system. Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. | 2025-03-12 | 6.7 | CVE-2025-20177 |
| Cisco--Cisco IOS XR Software | A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device. For more information about this vulnerability, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2025-03-12 | 5.8 | CVE-2025-20145 |
| Cisco--Cisco IOS XR Software | A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device. For more information, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. | 2025-03-12 | 4 | CVE-2025-20144 |
| clearcodehq--CC-IMG-Shortcode | The CC-IMG-Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'img' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-13 | 6.4 | CVE-2025-1559 |
| codename065--Download Manager | The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service. | 2025-03-13 | 5.4 | CVE-2025-1785 |
| CodeVibrant--Maintenance Notice | Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice allows Cross Site Request Forgery. This issue affects Maintenance Notice: from n/a through 1.0.5. | 2025-03-11 | 4.3 | CVE-2025-28859 |
| codexpert--WC Affiliate A Complete WooCommerce Affiliate Plugin | The WC Affiliate - A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_all_data' function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive affiliate data, including personally identifiable information (PII). | 2025-03-15 | 6.5 | CVE-2024-12336 |
| creativemindssolutions--CM FAQ Simplify support with an intuitive FAQ management tool | The CM FAQ - Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-03-14 | 6.1 | CVE-2025-2166 |
| dangrossman--W3Counter Free Real-Time Web Stats | Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats allows Cross Site Request Forgery. This issue affects W3Counter Free Real-Time Web Stats: from n/a through 4.1. | 2025-03-11 | 4.3 | CVE-2025-28856 |
| Datalust--Seq | An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events, there can be disk space exhaustion (if saved to disk) or a termination of the server process with an out-of-memory error. | 2025-03-11 | 6.5 | CVE-2025-27911 |
| Datalust--Seq | An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions. | 2025-03-11 | 5.7 | CVE-2024-58102 |
| Dell--NetWorker Management Console | Dell NetWorker, 19.11.0.3 and below versions, contain(s) an Open Redirect Vulnerability in NMC. An unauthenticated attacker with remoter access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. | 2025-03-13 | 4.3 | CVE-2025-21104 |
| detheme--DethemeKit for Elementor | The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget (countdown feature) in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-14 | 6.4 | CVE-2025-1526 |
| devitemsllc--ShopLentor WooCommerce Builder for Elementor & Gutenberg +20 Modules All in One Solution (formerly WooLentor) | The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +20 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via the plugin's Flash Sale Countdown module in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-12 | 6.4 | CVE-2025-1527 |
| djeet--Finale Lite Sales Countdown Timer & Discount for WooCommerce | The Finale Lite - Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-12 | 6.4 | CVE-2024-12589 |
| duogeek--Simple Amazon Affiliate | The Simple Amazon Affiliate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'msg' parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-03-12 | 6.1 | CVE-2025-2077 |
| edwardw--WP No-Bot Question | Cross-Site Request Forgery (CSRF) vulnerability in edwardw WP No-Bot Question allows Cross Site Request Forgery. This issue affects WP No-Bot Question: from n/a through 0.1.7. | 2025-03-11 | 4.3 | CVE-2025-28909 |
| element-hq--element-android | Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than the configured amount of times. An attacker with physical access to a device can exploit this to guess the PIN. Version 1.6.34 solves the issue. | 2025-03-14 | 5.1 | CVE-2025-27606 |
| Fastmover--Plugins Last Updated Column | Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column allows Cross Site Request Forgery. This issue affects Plugins Last Updated Column: from n/a through 0.1.3. | 2025-03-11 | 4.3 | CVE-2025-28887 |
| flarum--framework | Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain (e.g., `subdomain.host.com`) sets cookies scoped to the parent domain (`.host.com`). This allows session token replacement for applications hosted on sibling subdomains (e.g., `community.host.com`) if session tokens aren't rotated post-authentication. Key Constraints are that the attacker must control any subdomain under the parent domain (e.g., `evil.host.com` or `x.y.host.com`), and the parent domain must not be on the Public Suffix List. Due to non-existent session token rotation after authenticating we can theoretically reproduce the vulnerability by using browser dev tools, but due to the browser's security measures this does not seem to be exploitable as described. Version 1.8.10 contains a patch for the issue. | 2025-03-12 | 6.8 | CVE-2025-27794 |
| Fortinet--FortiAnalyzer | An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below eventlog may allow any low privileged user with access to event log section to retrieve certificate private key and encrypted password logged as system log. | 2025-03-14 | 6.5 | CVE-2024-40585 |
| Fortinet--FortiMail | A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands. | 2025-03-11 | 6.7 | CVE-2024-46663 |
| Fortinet--FortiManager | Multiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 and 5.6.0 through 5.6.11 and 5.4.0 through 5.4.7 and 5.2.0 through 5.2.10 and 5.0.0 through 5.0.12 and 4.3.4 through 4.3.8 allows attacker to execute unauthorized code or commands via crafted CLI requests. | 2025-03-11 | 6.7 | CVE-2024-32123 |
| Fortinet--FortiManager | Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via specifically crafted CLI requests. | 2025-03-11 | 4.2 | CVE-2024-33501 |
| Fortinet--FortiNAC-F | An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F. | 2025-03-14 | 4.8 | CVE-2023-48785 |
| Fortinet--FortiNAC | A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port. | 2025-03-14 | 5.3 | CVE-2023-33300 |
| Fortinet--FortiNDR | An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image. | 2025-03-14 | 6.5 | CVE-2024-47573 |
| Fortinet--FortiPortal | An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints. | 2025-03-14 | 4.8 | CVE-2024-40590 |
| Fortinet--FortiSandbox | A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. | 2025-03-11 | 4.3 | CVE-2024-52960 |
| Fortinet--FortiSandbox | An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox Cloud version 23.4, FortiSandbox at least 4.4.0 through 4.4.6 and 4.2.0 through 4.2.7 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 2025-03-11 | 4.3 | CVE-2024-54026 |
| Fortinet--FortiWeb | An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests. | 2025-03-11 | 5.6 | CVE-2023-42784 |
| Fortinet--FortiWeb | An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests. | 2025-03-14 | 5.6 | CVE-2024-55594 |
| Fortinet--FortiWeb | A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests. | 2025-03-11 | 5.5 | CVE-2024-55597 |
| frazahmed--ProductDyno | The ProductDyno plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'res' parameter in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts into pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This vulnerability is potentially a duplicate of CVE-2025-22320. | 2025-03-11 | 6.1 | CVE-2024-13413 |
| froxlor--Froxlor | Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue. | 2025-03-13 | 5.8 | CVE-2025-29773 |
| GE Vernova--N60 multilin | An improper input validation in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that enstablishes a TCP connection through a port forwarding. The lack of the IP address and port validation may allow the attacker to bypass firewall rules or to send malicious traffic in the network | 2025-03-10 | 6.1 | CVE-2025-27253 |
| GE Vernova--N60 multilin | Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing the integration check to be bypassed. | 2025-03-10 | 6.1 | CVE-2025-27257 |
| GitLab--GitLab | An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions. | 2025-03-13 | 6.5 | CVE-2024-13054 |
| GitLab--GitLab | An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs. | 2025-03-13 | 6.5 | CVE-2025-1257 |
| GitLab--GitLab | An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information. | 2025-03-13 | 4.4 | CVE-2024-12380 |
| GitLab--GitLab | An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential information intended for internal use only. | 2025-03-13 | 4.3 | CVE-2025-0652 |
| givewp--GiveWP Donation Plugin and Fundraising Platform | The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0. This makes it possible for unauthenticated attackers to disclose sensitive information included within earnings reports. | 2025-03-15 | 6.5 | CVE-2025-2025 |
| glpi-project--glpi-inventory-plugin | The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version 1.5.0 fixes the issue. | 2025-03-14 | 6.5 | CVE-2025-26626 |
| gnarf--binlayerpress | The binlayerpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-03-12 | 4.4 | CVE-2025-2076 |
| Google--Android | In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2025-03-10 | 6.6 | CVE-2024-56187 |
| Google--Android | In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-03-10 | 5.1 | CVE-2024-56184 |
| Google--Android | In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. | 2025-03-10 | 5.1 | CVE-2024-56185 |
| Google--Android | In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-03-10 | 5.1 | CVE-2024-56186 |
| Google--Android | there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-03-10 | 5.1 | CVE-2024-56188 |
| gpenverne--BlogBuzzTime for WP | The BlogBuzzTime for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-03-12 | 4.4 | CVE-2025-2078 |
| HashiCorp--Nomad | Nomad Community and Nomad Enterprise ("Nomad") are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19. | 2025-03-10 | 6.5 | CVE-2025-1296 |
| HCL Software--HCL AppScan Traffic Recorder | HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or the computer where the application is running. | 2025-03-13 | 4.3 | CVE-2024-30143 |
| hdfgroup -- hdf5 | A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | 2025-03-10 | 5 | CVE-2025-2153 |
| HGiga--C&Cm@il | The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email. | 2025-03-10 | 5.4 | CVE-2025-2150 |
| Hillstone Networks--Hillstone Next Generation FireWall | Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23. | 2025-03-12 | 5.3 | CVE-2025-2239 |
| IBM--App Connect Enterprise Certified Container | IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input. | 2025-03-12 | 4.3 | CVE-2024-52362 |
| IBM--Common Cryptographic Architecture | IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack. | 2025-03-11 | 6.5 | CVE-2024-22340 |
| IBM--Common Cryptographic Architecture | IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests. | 2025-03-11 | 6.5 | CVE-2024-49823 |
| IBM--QRadar EDR | IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information. | 2025-03-14 | 5.9 | CVE-2024-45643 |
| IBM--QRadar EDR | IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user. | 2025-03-14 | 4.1 | CVE-2024-45638 |
| IBM--Sterling B2B Integrator Standard Edition | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-03-11 | 4.8 | CVE-2024-56338 |
| IBM--Sterling File Gateway | IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system. | 2025-03-10 | 5.3 | CVE-2024-47109 |
| IROAD--Dash Cam FX2 | A vulnerability was found in IROAD Dash Cam FX2 up to 20250308 and classified as problematic. This issue affects some unknown processing of the component Device Registration. The manipulation of the argument Password with the input qwertyuiop leads to use of default password. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. | 2025-03-16 | 6.3 | CVE-2025-2347 |
| IROAD--Dash Cam FX2 | A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been rated as critical. Affected by this issue is some unknown functionality of the file /action/upload_file. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. | 2025-03-16 | 6.3 | CVE-2025-2350 |
| IROAD--Dash Cam FX2 | A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been classified as problematic. Affected is an unknown function of the file /mnt/extsd/event/ of the component HTTP/RTSP. The manipulation leads to information disclosure. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. | 2025-03-16 | 4.3 | CVE-2025-2348 |
| IROAD--Dash Cam X5 | A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-16 | 5.3 | CVE-2025-2344 |
| IROAD--Dash Cam X5 | A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulation of the argument Domain Name leads to origin validation error. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. | 2025-03-16 | 5.6 | CVE-2025-2346 |
| IROAD--X5 Mobile App | A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-16 | 5.3 | CVE-2025-2342 |
| jdsofttech--School Management System WPSchoolPress | The School Management System - WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with teacher-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-03-15 | 6.5 | CVE-2025-1669 |
| jdsofttech--School Management System WPSchoolPress | The School Management System - WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-03-15 | 6.5 | CVE-2025-1670 |
| jdsofttech--School Management System WPSchoolPress | The School Management System - WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to delete arbitrary user accounts. | 2025-03-15 | 4.3 | CVE-2025-1668 |
| JetBrains--Ktor | In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible | 2025-03-12 | 5.3 | CVE-2025-29904 |
| JetBrains--Runtime | In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible | 2025-03-12 | 5.2 | CVE-2025-29903 |
| Jogesh--Responsive Google Map | Missing Authorization vulnerability in Jogesh Responsive Google Map allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Google Map: from n/a through 3.1.5. | 2025-03-11 | 5.3 | CVE-2025-28920 |
| juniper -- junos | An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS: * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2. | 2025-03-12 | 4.4 | CVE-2025-21590 |
| jwpegram--Block Spam By Math Reloaded | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jwpegram Block Spam By Math Reloaded allows Stored XSS. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4. | 2025-03-11 | 5.9 | CVE-2025-28871 |
| jwpegram--Block Spam By Math Reloaded | Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4. | 2025-03-11 | 5.3 | CVE-2025-28872 |
| Kubernetes--Kubelet | This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable. | 2025-03-13 | 6.5 | CVE-2025-1767 |
| Kubernetes--Kubelet | This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. | 2025-03-13 | 5.9 | CVE-2024-9042 |
| lavacode--Lava Ajax Search | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lavacode Lava Ajax Search allows Stored XSS. This issue affects Lava Ajax Search: from n/a through 1.1.9. | 2025-03-11 | 5.9 | CVE-2025-28937 |
| Leica BioSystems--Aperio Eslide Manager | The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field has a hover over action that will display a Microsoft Tool Tip which a user can use to quickly view the memo associated with the slide and execute the JavaScript. | 2025-03-14 | 4.6 | CVE-2025-1888 |
| lf-edge--ekuiper | LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in the victim's browser. Version 2.0.8 fixes the issue. | 2025-03-10 | 5.4 | CVE-2024-52812 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commit bc235cdb423a ("bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]") first introduced deadlock prevention for fentry/fexit programs attaching on bpf_task_storage helpers. That commit also employed the logic in map free path in its v6 version. Later bpf_cgrp_storage was first introduced in c4bcfb38a95e ("bpf: Implement cgroup storage available to non-cgroup-attached bpf progs") which faces the same issue as bpf_task_storage, instead of its busy counter, NULL was passed to bpf_local_storage_map_free() which opened a window to cause deadlock: <TASK> (acquiring local_storage->lock) _raw_spin_lock_irqsave+0x3d/0x50 bpf_local_storage_update+0xd1/0x460 bpf_cgrp_storage_get+0x109/0x130 bpf_prog_a4d4a370ba857314_cgrp_ptr+0x139/0x170 ? __bpf_prog_enter_recur+0x16/0x80 bpf_trampoline_6442485186+0x43/0xa4 cgroup_storage_ptr+0x9/0x20 (holding local_storage->lock) bpf_selem_unlink_storage_nolock.constprop.0+0x135/0x160 bpf_selem_unlink_storage+0x6f/0x110 bpf_local_storage_map_free+0xa2/0x110 bpf_map_free_deferred+0x5b/0x90 process_one_work+0x17c/0x390 worker_thread+0x251/0x360 kthread+0xd2/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Progs: - A: SEC("fentry/cgroup_storage_ptr") - cgid (BPF_MAP_TYPE_HASH) Record the id of the cgroup the current task belonging to in this hash map, using the address of the cgroup as the map key. - cgrpa (BPF_MAP_TYPE_CGRP_STORAGE) If current task is a kworker, lookup the above hash map using function parameter @owner as the key to get its corresponding cgroup id which is then used to get a trusted pointer to the cgroup through bpf_cgroup_from_id(). This trusted pointer can then be passed to bpf_cgrp_storage_get() to finally trigger the deadlock issue. - B: SEC("tp_btf/sys_enter") - cgrpb (BPF_MAP_TYPE_CGRP_STORAGE) The only purpose of this prog is to fill Prog A's hash map by calling bpf_cgrp_storage_get() for as many userspace tasks as possible. Steps to reproduce: - Run A; - while (true) { Run B; Destroy B; } Fix this issue by passing its busy counter to the free procedure so it can be properly incremented before storage/smap locking. | 2025-03-12 | 5.5 | CVE-2024-58088 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed [BUG] When running btrfs with block size (4K) smaller than page size (64K, aarch64), there is a very high chance to crash the kernel at generic/750, with the following messages: (before the call traces, there are 3 extra debug messages added) BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental BTRFS info (device dm-3): checking UUID tree hrtimer: interrupt took 5451385 ns BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28 BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28 BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28 ------------[ cut here ]------------ WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs] CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs] lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] Call trace: can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P) can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L) btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs] extent_writepage+0x10c/0x3b8 [btrfs] extent_write_cache_pages+0x21c/0x4e8 [btrfs] btrfs_writepages+0x94/0x160 [btrfs] do_writepages+0x74/0x190 filemap_fdatawrite_wbc+0x74/0xa0 start_delalloc_inodes+0x17c/0x3b0 [btrfs] btrfs_start_delalloc_roots+0x17c/0x288 [btrfs] shrink_delalloc+0x11c/0x280 [btrfs] flush_space+0x288/0x328 [btrfs] btrfs_async_reclaim_data_space+0x180/0x228 [btrfs] process_one_work+0x228/0x680 worker_thread+0x1bc/0x360 kthread+0x100/0x118 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0 BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0 CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89 Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write) pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : process_one_work+0x110/0x680 lr : worker_thread+0x1bc/0x360 Call trace: process_one_work+0x110/0x680 (P) worker_thread+0x1bc/0x360 (L) worker_thread+0x1bc/0x360 kthread+0x100/0x118 ret_from_fork+0x10/0x20 Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception SMP: stopping secondary CPUs SMP: failed to stop secondary CPUs 2-3 Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: 0x275bb9540000 from 0xffff800080000000 PHYS_OFFSET: 0xffff8fbba0000000 CPU features: 0x100,00000070,00801250,8201720b [CAUSE] The above warning is triggered immediately after the delalloc range failure, this happens in the following sequence: - Range [1568K, 1636K) is dirty 1536K 1568K 1600K 1636K 1664K | |/////////|////////| | Where 1536K, 1600K and 1664K are page boundaries (64K page size) - Enter extent_writepage() for page 1536K - Enter run_delalloc_nocow() with locke ---truncated--- | 2025-03-12 | 5.5 | CVE-2024-58089 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encrypted_standard() to prevent null pointer dereference. | 2025-03-12 | 5.5 | CVE-2025-21844 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fix SST write failure 'commit 18bcb4aa54ea ("mtd: spi-nor: sst: Factor out common write operation to `sst_nor_write_data()`")' introduced a bug where only one byte of data is written, regardless of the number of bytes passed to sst_nor_write_data(), causing a kernel crash during the write operation. Ensure the correct number of bytes are written as passed to sst_nor_write_data(). Call trace: [ 57.400180] ------------[ cut here ]------------ [ 57.404842] While writing 2 byte written 1 bytes [ 57.409493] WARNING: CPU: 0 PID: 737 at drivers/mtd/spi-nor/sst.c:187 sst_nor_write_data+0x6c/0x74 [ 57.418464] Modules linked in: [ 57.421517] CPU: 0 UID: 0 PID: 737 Comm: mtd_debug Not tainted 6.12.0-g5ad04afd91f9 #30 [ 57.429517] Hardware name: Xilinx Versal A2197 Processor board revA - x-prc-02 revA (DT) [ 57.437600] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 57.444557] pc : sst_nor_write_data+0x6c/0x74 [ 57.448911] lr : sst_nor_write_data+0x6c/0x74 [ 57.453264] sp : ffff80008232bb40 [ 57.456570] x29: ffff80008232bb40 x28: 0000000000010000 x27: 0000000000000001 [ 57.463708] x26: 000000000000ffff x25: 0000000000000000 x24: 0000000000000000 [ 57.470843] x23: 0000000000010000 x22: ffff80008232bbf0 x21: ffff000816230000 [ 57.477978] x20: ffff0008056c0080 x19: 0000000000000002 x18: 0000000000000006 [ 57.485112] x17: 0000000000000000 x16: 0000000000000000 x15: ffff80008232b580 [ 57.492246] x14: 0000000000000000 x13: ffff8000816d1530 x12: 00000000000004a4 [ 57.499380] x11: 000000000000018c x10: ffff8000816fd530 x9 : ffff8000816d1530 [ 57.506515] x8 : 00000000fffff7ff x7 : ffff8000816fd530 x6 : 0000000000000001 [ 57.513649] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 [ 57.520782] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0008049b0000 [ 57.527916] Call trace: [ 57.530354] sst_nor_write_data+0x6c/0x74 [ 57.534361] sst_nor_write+0xb4/0x18c [ 57.538019] mtd_write_oob_std+0x7c/0x88 [ 57.541941] mtd_write_oob+0x70/0xbc [ 57.545511] mtd_write+0x68/0xa8 [ 57.548733] mtdchar_write+0x10c/0x290 [ 57.552477] vfs_write+0xb4/0x3a8 [ 57.555791] ksys_write+0x74/0x10c [ 57.559189] __arm64_sys_write+0x1c/0x28 [ 57.563109] invoke_syscall+0x54/0x11c [ 57.566856] el0_svc_common.constprop.0+0xc0/0xe0 [ 57.571557] do_el0_svc+0x1c/0x28 [ 57.574868] el0_svc+0x30/0xcc [ 57.577921] el0t_64_sync_handler+0x120/0x12c [ 57.582276] el0t_64_sync+0x190/0x194 [ 57.585933] ---[ end trace 0000000000000000 ]--- [pratyush@kernel.org: add Cc stable tag] | 2025-03-12 | 5.5 | CVE-2025-21845 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current->fs. Reorganize the code so that the the final write happens from the workqueue but with the caller's credentials. This preserves the (strange) permission model and has almost no regression risk. This api should stop to exist though. | 2025-03-12 | 5.5 | CVE-2025-21846 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of sps->cstream should be checked similarly as it is done in sof_set_stream_data_offset() function. Assuming that it is not NULL if sps->stream is NULL is incorrect and can lead to NULL pointer dereference. | 2025-03-12 | 5.5 | CVE-2025-21847 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. | 2025-03-12 | 5.5 | CVE-2025-21848 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Use spin_lock_irqsave() in interruptible context spin_lock/unlock() functions used in interrupt contexts could result in a deadlock, as seen in GitLab issue #13399, which occurs when interrupt comes in while holding a lock. Try to remedy the problem by saving irq state before spin lock acquisition. v2: add irqs' state save/restore calls to all locks/unlocks in signal_irq_work() execution (Maciej) v3: use with spin_lock_irqsave() in guc_lrc_desc_unpin() instead of other lock/unlock calls and add Fixes and Cc tags (Tvrtko); change title and commit message (cherry picked from commit c088387ddd6482b40f21ccf23db1125e8fa4af7e) | 2025-03-12 | 5.5 | CVE-2025-21849 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: nvmet: Fix crash when a namespace is disabled The namespace percpu counter protects pending I/O, and we can only safely diable the namespace once the counter drop to zero. Otherwise we end up with a crash when running blktests/nvme/058 (eg for loop transport): [ 2352.930426] [ T53909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI [ 2352.930431] [ T53909] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 2352.930434] [ T53909] CPU: 3 UID: 0 PID: 53909 Comm: kworker/u16:5 Tainted: G W 6.13.0-rc6 #232 [ 2352.930438] [ T53909] Tainted: [W]=WARN [ 2352.930440] [ T53909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 [ 2352.930443] [ T53909] Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop] [ 2352.930449] [ T53909] RIP: 0010:blkcg_set_ioprio+0x44/0x180 as the queue is already torn down when calling submit_bio(); So we need to init the percpu counter in nvmet_ns_enable(), and wait for it to drop to zero in nvmet_ns_disable() to avoid having I/O pending after the namespace has been disabled. | 2025-03-12 | 5.5 | CVE-2025-21850 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Yan Zhai reported a BPF prog could trigger a null-ptr-deref [0] in trace_kfree_skb if the prog does not check if rx_sk is NULL. Commit c53795d48ee8 ("net: add rx_sk to trace_kfree_skb") added rx_sk to trace_kfree_skb, but rx_sk is optional and could be NULL. Let's add kfree_skb to raw_tp_null_args[] to let the BPF verifier validate such a prog and prevent the issue. Now we fail to load such a prog: libbpf: prog 'drop': -- BEGIN PROG LOAD LOG -- 0: R1=ctx() R10=fp0 ; int BPF_PROG(drop, struct sk_buff *skb, void *location, @ kfree_skb_sk_null.bpf.c:21 0: (79) r3 = *(u64 *)(r1 +24) func 'kfree_skb' arg3 has btf_id 5253 type STRUCT 'sock' 1: R1=ctx() R3_w=trusted_ptr_or_null_sock(id=1) ; bpf_printk("sk: %d, %d\n", sk, sk->__sk_common.skc_family); @ kfree_skb_sk_null.bpf.c:24 1: (69) r4 = *(u16 *)(r3 +16) R3 invalid mem access 'trusted_ptr_or_null_' processed 2 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 -- END PROG LOAD LOG -- Note this fix requires commit 838a10bd2ebf ("bpf: Augment raw_tp arguments with PTR_MAYBE_NULL"). [0]: BUG: kernel NULL pointer dereference, address: 0000000000000010 PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 0 P4D 0 PREEMPT SMP RIP: 0010:bpf_prog_5e21a6db8fcff1aa_drop+0x10/0x2d Call Trace: <TASK> ? __die+0x1f/0x60 ? page_fault_oops+0x148/0x420 ? search_bpf_extables+0x5b/0x70 ? fixup_exception+0x27/0x2c0 ? exc_page_fault+0x75/0x170 ? asm_exc_page_fault+0x22/0x30 ? bpf_prog_5e21a6db8fcff1aa_drop+0x10/0x2d bpf_trace_run4+0x68/0xd0 ? unix_stream_connect+0x1f4/0x6f0 sk_skb_reason_drop+0x90/0x120 unix_stream_connect+0x1f4/0x6f0 __sys_connect+0x7f/0xb0 __x64_sys_connect+0x14/0x20 do_syscall_64+0x47/0xc30 entry_SYSCALL_64_after_hwframe+0x4b/0x53 | 2025-03-12 | 5.5 | CVE-2025-21852 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freeze_mutex during mmap operation We use map->freeze_mutex to prevent races between map_freeze() and memory mapping BPF map contents with writable permissions. The way we naively do this means we'll hold freeze_mutex for entire duration of all the mm and VMA manipulations, which is completely unnecessary. This can potentially also lead to deadlocks, as reported by syzbot in [0]. So, instead, hold freeze_mutex only during writeability checks, bump (proactively) "write active" count for the map, unlock the mutex and proceed with mmap logic. And only if something went wrong during mmap logic, then undo that "write active" counter increment. [0] https://lore.kernel.org/bpf/678dcbc9.050a0220.303755.0066.GAE@google.com/ | 2025-03-12 | 5.5 | CVE-2025-21853 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressed in vsock_proto::psock_update_sk_prot(). However, there is an edge case where an unconnected (connectible) socket may lose its previously assigned transport. This is handled with a NULL check in the vsock/BPF recv path. Another design detail is that listening vsocks are not supposed to have any transport assigned at all. Which implies they are not supported by the sockmap. But this is complicated by the fact that a socket, before switching to TCP_LISTEN, may have had some transport assigned during a failed connect() attempt. Hence, we may end up with a listening vsock in a sockmap, which blows up quickly: KASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127] CPU: 7 UID: 0 PID: 56 Comm: kworker/7:0 Not tainted 6.14.0-rc1+ Workqueue: vsock-loopback vsock_loopback_work RIP: 0010:vsock_read_skb+0x4b/0x90 Call Trace: sk_psock_verdict_data_ready+0xa4/0x2e0 virtio_transport_recv_pkt+0x1ca8/0x2acc vsock_loopback_work+0x27d/0x3f0 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x35a/0x700 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 For connectible sockets, instead of relying solely on the state of vsk->transport, tell sockmap to only allow those representing established connections. This aligns with the behaviour for AF_INET and AF_UNIX. | 2025-03-12 | 5.5 | CVE-2025-21854 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_api: fix error handling causing NULL dereference tcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can return 1 if the allocation succeeded after wrapping. This was treated as an error, with value 1 returned to caller tcf_exts_init_ex() which sets exts->actions to NULL and returns 1 to caller fl_change(). fl_change() treats err == 1 as success, calling tcf_exts_validate_ex() which calls tcf_action_init() with exts->actions as argument, where it is dereferenced. Example trace: BUG: kernel NULL pointer dereference, address: 0000000000000000 CPU: 114 PID: 16151 Comm: handler114 Kdump: loaded Not tainted 5.14.0-503.16.1.el9_5.x86_64 #1 RIP: 0010:tcf_action_init+0x1f8/0x2c0 Call Trace: tcf_action_init+0x1f8/0x2c0 tcf_exts_validate_ex+0x175/0x190 fl_change+0x537/0x1120 [cls_flower] | 2025-03-12 | 5.5 | CVE-2025-21857 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: USB: gadget: f_midi: f_midi_complete to call queue_work When using USB MIDI, a lock is attempted to be acquired twice through a re-entrant call to f_midi_transmit, causing a deadlock. Fix it by using queue_work() to schedule the inner f_midi_transmit() via a high priority work queue from the completion handler. | 2025-03-12 | 5.5 | CVE-2025-21859 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() If migration succeeded, we called folio_migrate_flags()->mem_cgroup_migrate() to migrate the memcg from the old to the new folio. This will set memcg_data of the old folio to 0. Similarly, if migration failed, memcg_data of the dst folio is left unset. If we call folio_putback_lru() on such folios (memcg_data == 0), we will add the folio to be freed to the LRU, making memcg code unhappy. Running the hmm selftests: # ./hmm-tests ... # RUN hmm.hmm_device_private.migrate ... [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00 [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff) [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9 [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000 [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg && !mem_cgroup_disabled()) [ 102.087230][T14893] ------------[ cut here ]------------ [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.090478][T14893] Modules linked in: [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151 [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.096104][T14893] Code: ... [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293 [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426 [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880 [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8 [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000 [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000 [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0 [ 102.113478][T14893] PKRU: 55555554 [ 102.114172][T14893] Call Trace: [ 102.114805][T14893] <TASK> [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.116547][T14893] ? __warn.cold+0x110/0x210 [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.118667][T14893] ? report_bug+0x1b9/0x320 [ 102.119571][T14893] ? handle_bug+0x54/0x90 [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50 [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20 [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0 [ 102.123506][T14893] ? dump_page+0x4f/0x60 [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200 [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10 [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720 [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10 [ 102.129550][T14893] folio_putback_lru+0x16/0x80 [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530 [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0 [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80 Likely, nothing else goes wrong: putting the last folio reference will remove the folio from the LRU again. So besides memcg complaining, adding the folio to be freed to the LRU is just an unnecessary step. The new flow resembles what we have in migrate_folio_move(): add the dst to the lru, rem ---truncated--- | 2025-03-12 | 5.5 | CVE-2025-21861 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: drop_monitor: fix incorrect initialization order Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-executor.0/7995 lock: 0xffff88805303f3e0, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 CPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x119/0x179 lib/dump_stack.c:118 debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline] do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline] _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159 reset_per_cpu_data+0xe6/0x240 [drop_monitor] net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800 netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497 genl_rcv+0x29/0x40 net/netlink/genetlink.c:811 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348 netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916 sock_sendmsg_nosec net/socket.c:651 [inline] __sock_sendmsg+0x157/0x190 net/socket.c:663 ____sys_sendmsg+0x712/0x870 net/socket.c:2378 ___sys_sendmsg+0xf8/0x170 net/socket.c:2432 __sys_sendmsg+0xea/0x1b0 net/socket.c:2461 do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x62/0xc7 RIP: 0033:0x7f3f9815aee9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9 RDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007 RBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768 If drop_monitor is built as a kernel module, syzkaller may have time to send a netlink NET_DM_CMD_START message during the module loading. This will call the net_dm_monitor_start() function that uses a spinlock that has not yet been initialized. To fix this, let's place resource initialization above the registration of a generic netlink family. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller. | 2025-03-12 | 5.5 | CVE-2025-21862 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6_tunnel_net_exit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the pair of netns The xfrm_state found on spi_byaddr was not deleted at the time we delete the netns, because we still have a reference on it. This lingering reference comes from a secpath (which holds a ref on the xfrm_state), which is still attached to an skb. This skb is not leaked, it ends up on sk_receive_queue and then gets defer-free'd by skb_attempt_defer_free. The problem happens when we defer freeing an skb (push it on one CPU's defer_list), and don't flush that list before the netns is deleted. In that case, we still have a reference on the xfrm_state that we don't expect at this point. We already drop the skb's dst in the TCP receive path when it's no longer needed, so let's also drop the secpath. At this point, tcp_filter has already called into the LSM hooks that may require the secpath, so it should not be needed anymore. However, in some of those places, the MPTCP extension has just been attached to the skb, so we cannot simply drop all extensions. | 2025-03-12 | 5.5 | CVE-2025-21864 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Brad Spengler reported the list_del() corruption splat in gtp_net_exit_batch_rtnl(). [0] Commit eb28fd76c0a0 ("gtp: Destroy device along with udp socket's netns dismantle.") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl() to destroy devices in each netns as done in geneve and ip tunnels. However, this could trigger ->dellink() twice for the same device during ->exit_batch_rtnl(). Say we have two netns A & B and gtp device B that resides in netns B but whose UDP socket is in netns A. 1. cleanup_net() processes netns A and then B. 2. gtp_net_exit_batch_rtnl() finds the device B while iterating netns A's gn->gtp_dev_list and calls ->dellink(). [ device B is not yet unlinked from netns B as unregister_netdevice_many() has not been called. ] 3. gtp_net_exit_batch_rtnl() finds the device B while iterating netns B's for_each_netdev() and calls ->dellink(). gtp_dellink() cleans up the device's hash table, unlinks the dev from gn->gtp_dev_list, and calls unregister_netdevice_queue(). Basically, calling gtp_dellink() multiple times is fine unless CONFIG_DEBUG_LIST is enabled. Let's remove for_each_netdev() in gtp_net_exit_batch_rtnl() and delegate the destruction to default_device_exit_batch() as done in bareudp. [0]: list_del corruption, ffff8880aaa62c00->next (autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]) is LIST_POISON1 (ffffffffffffff02) (prev is 0xffffffffffffff04) kernel BUG at lib/list_debug.c:58! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 UID: 0 PID: 1804 Comm: kworker/u8:7 Tainted: G T 6.12.13-grsec-full-20250211091339 #1 Tainted: [T]=RANDSTRUCT Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: netns cleanup_net RIP: 0010:[<ffffffff84947381>] __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58 Code: c2 76 91 31 c0 e8 9f b1 f7 fc 0f 0b 4d 89 f0 48 c7 c1 02 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 e0 c2 76 91 31 c0 e8 7f b1 f7 fc <0f> 0b 4d 89 e8 48 c7 c1 04 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 60 RSP: 0018:fffffe8040b4fbd0 EFLAGS: 00010283 RAX: 00000000000000cc RBX: dffffc0000000000 RCX: ffffffff818c4054 RDX: ffffffff84947381 RSI: ffffffff818d1512 RDI: 0000000000000000 RBP: ffff8880aaa62c00 R08: 0000000000000001 R09: fffffbd008169f32 R10: fffffe8040b4f997 R11: 0000000000000001 R12: a1988d84f24943e4 R13: ffffffffffffff02 R14: ffffffffffffff04 R15: ffff8880aaa62c08 RBX: kasan shadow of 0x0 RCX: __wake_up_klogd.part.0+0x74/0xe0 kernel/printk/printk.c:4554 RDX: __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58 RSI: vprintk+0x72/0x100 kernel/printk/printk_safe.c:71 RBP: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object] RSP: process kstack fffffe8040b4fbd0+0x7bd0/0x8000 [kworker/u8:7+netns 1804 ] R09: kasan shadow of process kstack fffffe8040b4f990+0x7990/0x8000 [kworker/u8:7+netns 1804 ] R10: process kstack fffffe8040b4f997+0x7997/0x8000 [kworker/u8:7+netns 1804 ] R15: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc08/0x1000 [slab object] FS: 0000000000000000(0000) GS:ffff888116000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000748f5372c000 CR3: 0000000015408000 CR4: 00000000003406f0 shadow CR4: 00000000003406f0 Stack: 0000000000000000 ffffffff8a0c35e7 ffffffff8a0c3603 ffff8880aaa62c00 ffff8880aaa62c00 0000000000000004 ffff88811145311c 0000000000000005 0000000000000001 ffff8880aaa62000 fffffe8040b4fd40 ffffffff8a0c360d Call Trace: <TASK> [<ffffffff8a0c360d>] __list_del_entry_valid include/linux/list.h:131 [inline] fffffe8040b4fc28 [<ffffffff8a0c360d>] __list_del_entry include/linux/list.h:248 [inline] fffffe8040b4fc28 [<ffffffff8a0c360d>] list_del include/linux/list.h:262 [inl ---truncated--- | 2025-03-12 | 5.5 | CVE-2025-21865 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Erhard reported the following KASAN hit while booting his PowerMac G4 with a KASAN-enabled kernel 6.13-rc6: BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8 Write of size 8 at addr f1000000 by task chronyd/1293 CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2 Tainted: [W]=WARN Hardware name: PowerMac3,6 7455 0x80010303 PowerMac Call Trace: [c2437590] [c1631a84] dump_stack_lvl+0x70/0x8c (unreliable) [c24375b0] [c0504998] print_report+0xdc/0x504 [c2437610] [c050475c] kasan_report+0xf8/0x108 [c2437690] [c0505a3c] kasan_check_range+0x24/0x18c [c24376a0] [c03fb5e4] copy_to_kernel_nofault+0xd8/0x1c8 [c24376c0] [c004c014] patch_instructions+0x15c/0x16c [c2437710] [c00731a8] bpf_arch_text_copy+0x60/0x7c [c2437730] [c0281168] bpf_jit_binary_pack_finalize+0x50/0xac [c2437750] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec [c2437880] [c0280394] bpf_prog_select_runtime+0x15c/0x478 [c24378d0] [c1263428] bpf_prepare_filter+0xbf8/0xc14 [c2437990] [c12677ec] bpf_prog_create_from_user+0x258/0x2b4 [c24379d0] [c027111c] do_seccomp+0x3dc/0x1890 [c2437ac0] [c001d8e0] system_call_exception+0x2dc/0x420 [c2437f30] [c00281ac] ret_from_syscall+0x0/0x2c --- interrupt: c00 at 0x5a1274 NIP: 005a1274 LR: 006a3b3c CTR: 005296c8 REGS: c2437f40 TRAP: 0c00 Tainted: G W (6.13.0-rc6-PMacG4) MSR: 0200f932 <VEC,EE,PR,FP,ME,IR,DR,RI> CR: 24004422 XER: 00000000 GPR00: 00000166 af8f3fa0 a7ee3540 00000001 00000000 013b6500 005a5858 0200f932 GPR08: 00000000 00001fe9 013d5fc8 005296c8 2822244c 00b2fcd8 00000000 af8f4b57 GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002 GPR24: 00afdbb0 00000000 00000000 00000000 006e0004 013ce060 006e7c1c 00000001 NIP [005a1274] 0x5a1274 LR [006a3b3c] 0x6a3b3c --- interrupt: c00 The buggy address belongs to the virtual mapping at [f1000000, f1002000) created by: text_area_cpu_up+0x20/0x190 The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x76e30 flags: 0x80000000(zone=2) raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001 raw: 00000000 page dumped because: kasan: bad access detected Memory state around the buggy address: f0ffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0ffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >f1000000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ f1000080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f1000100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ================================================================== f8 corresponds to KASAN_VMALLOC_INVALID which means the area is not initialised hence not supposed to be used yet. Powerpc text patching infrastructure allocates a virtual memory area using get_vm_area() and flags it as VM_ALLOC. But that flag is meant to be used for vmalloc() and vmalloc() allocated memory is not supposed to be used before a call to __vmalloc_node_range() which is never called for that area. That went undetected until commit e4137f08816b ("mm, kasan, kmsan: instrument copy_from/to_kernel_nofault") The area allocated by text_area_cpu_up() is not vmalloc memory, it is mapped directly on demand when needed by map_kernel_page(). There is no VM flag corresponding to such usage, so just pass no flag. That way the area will be unpoisonned and usable immediately. | 2025-03-12 | 5.5 | CVE-2025-21866 |
| LoveCards--LoveCardsV2 | A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This vulnerability affects unknown code of the file /api/system/other of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-12 | 5.3 | CVE-2025-2218 |
| maennchen1.de--m1.DownloadList | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maennchen1.de m1.DownloadList allows DOM-Based XSS. This issue affects m1.DownloadList: from n/a through 0.19. | 2025-03-15 | 6.5 | CVE-2025-26895 |
| mg12--Mobile Themes | Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes allows Cross Site Request Forgery. This issue affects Mobile Themes: from n/a through 1.1.1. | 2025-03-11 | 4.3 | CVE-2025-28881 |
| microsoft -- windows_10_1507 | Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. | 2025-03-11 | 5.5 | CVE-2025-24991 |
| microsoft -- windows_10_1507 | Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. | 2025-03-11 | 4.6 | CVE-2025-24984 |
| Microsoft--Azure Agent for Site Recovery | Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally. | 2025-03-11 | 6.7 | CVE-2025-21199 |
| Microsoft--Azure promptflow-core | Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network. | 2025-03-11 | 6.5 | CVE-2025-24986 |
| Microsoft--Windows 10 Version 1809 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | 2025-03-11 | 6.5 | CVE-2025-24054 |
| Microsoft--Windows 10 Version 1809 | Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. | 2025-03-11 | 6.6 | CVE-2025-24987 |
| Microsoft--Windows 10 Version 1809 | Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. | 2025-03-11 | 6.6 | CVE-2025-24988 |
| Microsoft--Windows 10 Version 1809 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | 2025-03-11 | 6.5 | CVE-2025-24996 |
| Microsoft--Windows 10 Version 1809 | Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally. | 2025-03-11 | 5.5 | CVE-2025-24992 |
| Microsoft--Windows 10 Version 1809 | Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack. | 2025-03-11 | 4.3 | CVE-2025-24055 |
| Microsoft--Windows Server 2022 | Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally. | 2025-03-11 | 4.4 | CVE-2025-24997 |
| Microsoft--Windows Server 2025 | Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | 2025-03-11 | 4.3 | CVE-2025-21247 |
| mooveagency--GDPR Cookie Compliance Cookie Banner, Cookie Consent, Cookie Notice CCPA, DSGVO, RGPD | The GDPR Cookie Compliance - Cookie Banner, Cookie Consent, Cookie Notice - CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.15.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-03-12 | 4.4 | CVE-2025-2205 |
| Mozilla--Thunderbird | When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. | 2025-03-10 | 5.3 | CVE-2025-26695 |
| Muntasir Rahman--Custom Dashboard Page | Cross-Site Request Forgery (CSRF) vulnerability in Muntasir Rahman Custom Dashboard Page allows Cross Site Request Forgery. This issue affects Custom Dashboard Page: from n/a through 1.0. | 2025-03-11 | 4.3 | CVE-2025-28912 |
| mylo2h2s--DP ALTerminator - Missing ALT manager | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mylo2h2s DP ALTerminator - Missing ALT manager allows Stored XSS. This issue affects DP ALTerminator - Missing ALT manager: from n/a through 1.0.2. | 2025-03-11 | 5.9 | CVE-2025-28943 |
| n/a--Doufox | A vulnerability classified as critical was found in Doufox up to 0.2.0. Affected by this vulnerability is an unknown functionality of the file /?s=doudou&c=file&a=list. The manipulation of the argument dir leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-12 | 4.7 | CVE-2025-2215 |
| n/a--HDF5 | A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about a batch of vulnerabilities. His response was "reject" without further explanation. We have not received an elaboration even after asking politely for further details. Currently we assume that the vendor wants to "dispute" the entries which is why they are flagged as such until further details become available. | 2025-03-14 | 5.3 | CVE-2025-2308 |
| n/a--HDF5 | A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about a batch of vulnerabilities. His response was "reject" without further explanation. We have not received an elaboration even after asking politely for further details. Currently we assume that the vendor wants to "dispute" the entries which is why they are flagged as such until further details become available. | 2025-03-14 | 5.3 | CVE-2025-2309 |
| n/a--HDF5 | A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about a batch of vulnerabilities. His response was "reject" without further explanation. We have not received an elaboration even after asking politely for further details. Currently we assume that the vendor wants to "dispute" the entries which is why they are flagged as such until further details become available. | 2025-03-14 | 5.3 | CVE-2025-2310 |
| n/a--libzvbi | A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as 8def647eea27f7fd7ad33ff79c2d6d3e39948dce. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. | 2025-03-11 | 5.3 | CVE-2025-2173 |
| n/a--libzvbi | A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. | 2025-03-11 | 5.3 | CVE-2025-2174 |
| n/a--libzvbi | A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. | 2025-03-11 | 4.3 | CVE-2025-2175 |
| n/a--MRCMS | A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path/name leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-11 | 5.4 | CVE-2025-2193 |
| n/a--n/a | An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the round_up_to_page funciton. | 2025-03-10 | 6 | CVE-2024-57492 |
| n/a--n/a | An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may cause an exception in the AMF's internal state machine, leading to an AMF crash and resulting in a Denial of Service (DoS). | 2025-03-12 | 6.5 | CVE-2025-25774 |
| n/a--n/a | A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted GET request. | 2025-03-11 | 6.8 | CVE-2025-25927 |
| n/a--n/a | XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment variable. | 2025-03-12 | 5.3 | CVE-2024-27763 |
| n/a--n/a | Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdm_fsave_htmltmp, /servlet/gsdm_btlk_openfile components | 2025-03-11 | 5.4 | CVE-2024-51320 |
| n/a--n/a | Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp components | 2025-03-11 | 5.4 | CVE-2024-51322 |
| n/a--n/a | A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.267 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | 2025-03-10 | 5.4 | CVE-2024-53307 |
| n/a--n/a | A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the user's browser. | 2025-03-10 | 5.4 | CVE-2024-55199 |
| n/a--n/a | Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function. | 2025-03-12 | 5.6 | CVE-2025-25566 |
| n/a--n/a | Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function. | 2025-03-10 | 5.4 | CVE-2025-25620 |
| n/a--n/a | AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1. | 2025-03-12 | 5.6 | CVE-2025-25683 |
| n/a--n/a | Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint | 2025-03-11 | 5.4 | CVE-2025-25747 |
| n/a--n/a | A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save. | 2025-03-10 | 5.4 | CVE-2025-25908 |
| n/a--n/a | A reflected cross-site scripting (XSS) vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the reportType parameter. | 2025-03-11 | 5.4 | CVE-2025-25929 |
| n/a--n/a | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token and involves a crafted URL with manipulated query parameters that triggers XSS when accessed by a victim. | 2025-03-12 | 5.4 | CVE-2025-27914 |
| n/a--n/a | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration. | 2025-03-12 | 5.4 | CVE-2025-27915 |
| n/a--n/a | An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers. | 2025-03-12 | 4.2 | CVE-2024-34398 |
| n/a--n/a | A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form. | 2025-03-11 | 4.8 | CVE-2025-25925 |
| n/a--PyTorch | A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. | 2025-03-10 | 5 | CVE-2025-2148 |
| nik00726--Thumbnail carousel slider | The Thumbnail carousel slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-03-15 | 4.9 | CVE-2019-25222 |
| Nintex--Automation | Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action. | 2025-03-10 | 5.4 | CVE-2025-27924 |
| Nintex--Automation | In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users. | 2025-03-10 | 4.3 | CVE-2025-27926 |
| NotFound--Ohio Extra | Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ohio Extra allows Code Injection. This issue affects Ohio Extra: from n/a through 3.4.7. | 2025-03-15 | 6.5 | CVE-2025-26924 |
| NotFound--Pie Register Premium | Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | 2025-03-15 | 6.3 | CVE-2025-26940 |
| NVIDIA--Riva | NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service. | 2025-03-11 | 6.5 | CVE-2025-23243 |
| ohtan--Spam Byebye | Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye allows Cross Site Request Forgery. This issue affects Spam Byebye: from n/a through 2.2.4. | 2025-03-11 | 4.3 | CVE-2025-28941 |
| omnipressteam--Omnipress | The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | 2025-03-14 | 4.3 | CVE-2024-13407 |
| onosproject--onos-lib-go | Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits. | 2025-03-16 | 6.2 | CVE-2025-30077 |
| Open Asset Import Library--Assimp | A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-10 | 6.3 | CVE-2025-2151 |
| otale--Tale Blog | A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-03-16 | 5.3 | CVE-2025-2339 |
| OTRS AG--OTRS | A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.x | 2025-03-10 | 4.8 | CVE-2025-24387 |
| pipdig--pipDisqus | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pipdig pipDisqus allows Stored XSS. This issue affects pipDisqus: from n/a through 1.6. | 2025-03-11 | 5.9 | CVE-2025-28908 |
| pixelstats--pixelstats | The pixelstats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' and 'sortby' parameters in all versions up to, and including, 0.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-03-15 | 6.1 | CVE-2025-2164 |
| Planet Studio--Builder for Contact Form 7 by Webconstruct | Cross-Site Request Forgery (CSRF) vulnerability in Planet Studio Builder for Contact Form 7 by Webconstruct allows Cross Site Request Forgery. This issue affects Builder for Contact Form 7 by Webconstruct: from n/a through 1.2.2. | 2025-03-11 | 4.3 | CVE-2025-28864 |
| popeating--Post Read Time | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in popeating Post Read Time allows Stored XSS. This issue affects Post Read Time: from n/a through 1.2.6. | 2025-03-11 | 5.9 | CVE-2025-28926 |
| Rahul Arora--WP Last Modified | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rahul Arora WP Last Modified allows Stored XSS. This issue affects WP Last Modified: from n/a through 0.1. | 2025-03-11 | 5.9 | CVE-2025-28907 |
| Rajesh Kumar--WP Bulk Post Duplicator | Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Kumar WP Bulk Post Duplicator allows Cross Site Request Forgery. This issue affects WP Bulk Post Duplicator: from n/a through 1.2. | 2025-03-11 | 4.3 | CVE-2025-28884 |
| Ravinder Khurana--WP Hide Admin Bar | Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar allows Cross Site Request Forgery. This issue affects WP Hide Admin Bar: from n/a through 2.0. | 2025-03-11 | 4.3 | CVE-2025-28910 |
| Recapture Cart Recovery and Email Marketing--Recapture for WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in Recapture Cart Recovery and Email Marketing Recapture for WooCommerce allows Cross Site Request Forgery. This issue affects Recapture for WooCommerce: from n/a through 1.0.43. | 2025-03-15 | 6.5 | CVE-2025-26899 |
| Red Hat--Red Hat | A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas the updated registrar expects str. This issue leads to an exception when processing agent registration requests, causing the agent to fail. | 2025-03-15 | 4.3 | CVE-2025-1057 |
| Rodolphe MOULIN--List Mixcloud | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodolphe MOULIN List Mixcloud allows Stored XSS. This issue affects List Mixcloud: from n/a through 1.4. | 2025-03-11 | 6.5 | CVE-2025-28930 |
| sakurapixel--Lunar | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sakurapixel Lunar allows Stored XSS. This issue affects Lunar: from n/a through 1.3.0. | 2025-03-11 | 5.9 | CVE-2025-28936 |
| SAP_SE--S/4HANA (Manage Purchasing Info Records) | OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application. | 2025-03-11 | 4.3 | CVE-2025-26656 |
| SAP_SE--SAP Business Objects Business Intelligence Platform | Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they could use it to craft further exploits. There is no impact on the integrity and availability of the application. | 2025-03-11 | 4.1 | CVE-2025-23185 |
| SAP_SE--SAP Business One (Service Layer) | The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper session management, the attackers can elevate themselves to higher privilege and can read, modify and/or write new data. To gain authenticated sessions of other users, the attacker must invest considerable time and effort. This vulnerability has a high impact on the confidentiality and integrity of the application with no effect on the availability of the application. | 2025-03-11 | 6.8 | CVE-2025-26658 |
| SAP_SE--SAP Business Warehouse (Process Chains) | SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data loading, activation, or deletion, will not be executed as initially modeled. This could lead to unexpected results in business reporting leading to a significant impact on integrity. However, there is no impact on confidentiality or availability. | 2025-03-11 | 5.7 | CVE-2025-25244 |
| SAP_SE--SAP BusinessObjects Business Intelligence Platform (Web Intelligence) | SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability. | 2025-03-11 | 5.4 | CVE-2025-25245 |
| SAP_SE--SAP BusinessObjects Business Intelligence Platform | SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability. This vulnerability occurs only when script/html execution is enabled by the administrator in Central Management Console. | 2025-03-11 | 4.7 | CVE-2025-0062 |
| SAP_SE--SAP Fiori apps (Posting Library) | SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted. | 2025-03-11 | 4.3 | CVE-2025-26660 |
| SAP_SE--SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) | SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting (XSS) vulnerability. This allows an attacker with no privileges, to craft a malicious web message that exploits WEBGUI functionality. On successful exploitation, the malicious JavaScript payload executes in the scope of victim�s browser potentially compromising their data and/or manipulating browser content. This leads to a limited impact on confidentiality and integrity. There is no impact on availability | 2025-03-11 | 6.1 | CVE-2025-26659 |
| SAP_SE--SAP NetWeaver Application Server ABAP | SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity. | 2025-03-11 | 6.1 | CVE-2025-25242 |
| SAP_SE--SAP NetWeaver Application Server Java | User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). This could enable an attacker to inject malicious payload that gets stored and executed when a user accesses the functionality, hence leading to information disclosure or unauthorized data modifications within the scope of victim�s browser. There is no impact on availability. | 2025-03-11 | 5.4 | CVE-2025-27431 |
| SAP_SE--SAP NetWeaver Enterprise Portal (OBN component) | SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application. | 2025-03-11 | 5.3 | CVE-2025-23194 |
| SAP_SE--SAP S/4HANA (Manage Bank Statements) | The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and availability of the application. | 2025-03-11 | 4.3 | CVE-2025-27433 |
| SAP_SE--SAP S/4HANA (Manage Bank Statements) | The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application. | 2025-03-11 | 4.3 | CVE-2025-27436 |
| SAP_SE--SAP S/4HANA (RBD) | An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability. | 2025-03-11 | 4.3 | CVE-2025-23188 |
| SAP_SE--SAP Web Dispatcher and Internet Communication Manager | SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability. | 2025-03-11 | 4.9 | CVE-2025-0071 |
| Schneider Electric--EcoStruxure Panel Server | CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device. | 2025-03-12 | 6 | CVE-2025-2002 |
| Schneider Electric--EcoStruxure Power Automation System User Interface (EPAS-UI) - Secured Versions | CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to reboot the workstation and interrupt the normal boot process. | 2025-03-12 | 6.8 | CVE-2025-0813 |
| Search & Filter--Search & Filter Pro | The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the values of arbitrary post meta. | 2025-03-14 | 4.3 | CVE-2025-1528 |
| shanebp--BP Email Assign Templates | Authorization Bypass Through User-Controlled Key vulnerability in shanebp BP Email Assign Templates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BP Email Assign Templates: from n/a through 1.6. | 2025-03-11 | 6.5 | CVE-2025-28874 |
| shanebp--BP Email Assign Templates | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Email Assign Templates allows Stored XSS. This issue affects BP Email Assign Templates: from n/a through 1.6. | 2025-03-11 | 5.9 | CVE-2025-28875 |
| sharethis--ShareThis Dashboard for Google Analytics | The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all features. | 2025-03-14 | 5.3 | CVE-2025-1507 |
| Shellbot--Easy Image Display | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shellbot Easy Image Display allows Stored XSS. This issue affects Easy Image Display: from n/a through 1.2.5. | 2025-03-11 | 6.5 | CVE-2025-28919 |
| ShineTheme--Travel Booking WordPress Theme | The Traveler theme for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-03-15 | 6.1 | CVE-2025-1773 |
| Siemens--SiPass integrated AC5102 (ACC-G2) | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8). Affected devices expose several MQTT URLs without authentication. This could allow an unauthenticated remote attacker to access sensitive data. | 2025-03-11 | 5.3 | CVE-2024-52285 |
| Siemens--Tecnomatix Plant Simulation V2302 | A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict access to the file deletion functionality. This could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files. | 2025-03-11 | 6.8 | CVE-2025-25266 |
| Siemens--Tecnomatix Plant Simulation V2302 | A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict the scope of files accessible to the simulation model. This could allow an unauthorized attacker to compromise the confidentiality of the system. | 2025-03-11 | 6.2 | CVE-2025-25267 |
| Skrill_Team--Skrill Official | Cross-Site Request Forgery (CSRF) vulnerability in Skrill_Team Skrill Official allows Cross Site Request Forgery. This issue affects Skrill Official: from n/a through 1.0.65. | 2025-03-11 | 4.3 | CVE-2025-28876 |
| SmartDataSoft--Resido - Real Estate WordPress Theme | The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers to issue requests to internal services and update API key details. | 2025-03-14 | 5.3 | CVE-2025-1285 |
| smerriman--Login Logger | Cross-Site Request Forgery (CSRF) vulnerability in smerriman Login Logger allows Cross Site Request Forgery. This issue affects Login Logger: from n/a through 1.2.1. | 2025-03-11 | 4.3 | CVE-2025-28866 |
| sminozzi--WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins | The WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-03-13 | 4.9 | CVE-2025-2250 |
| softaculous--Page Builder: Pagelayer Drag and Drop website builder | The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to. | 2025-03-12 | 4.3 | CVE-2024-13430 |
| softaculous--Page Builder: Pagelayer Drag and Drop website builder | The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post function. This makes it possible for unauthenticated attackers to modify post contents via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-03-10 | 4.3 | CVE-2025-1926 |
| softaculous--Page Builder: Pagelayer Drag and Drop website builder | The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to bypass post moderation and publish posts to the site. | 2025-03-13 | 4.3 | CVE-2025-2104 |
| Square--Wire | Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt. | 2025-03-16 | 5.8 | CVE-2024-58103 |
| stesvis--Frontpage category filter | Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter allows Cross Site Request Forgery. This issue affects Frontpage category filter: from n/a through 1.0.2. | 2025-03-11 | 4.3 | CVE-2025-28867 |
| Stoque--Zeev.it | A vulnerability, which was classified as problematic, was found in Stoque Zeev.it 4.24. This affects an unknown part of the file /Login?inpLostSession=1 of the component Login Page. The manipulation of the argument inpRedirectURL leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-11 | 4.3 | CVE-2025-2192 |
| str4d--ed25519-java | The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message. | 2025-03-13 | 4.3 | CVE-2020-36843 |
| strategy11team--Business Directory Plugin Easy Listing Directories for WordPress | The Business Directory Plugin - Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax_listing_submit_image_upload' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to add arbitrary images to listings. | 2025-03-13 | 5.3 | CVE-2024-13887 |
| tbeu--matio | A vulnerability, which was classified as critical, has been found in tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of the file src/mat.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-16 | 6.3 | CVE-2025-2337 |
| tbeu--matio | A vulnerability, which was classified as critical, was found in tbeu matio 1.5.28. Affected is the function strdup_vprintf of the file src/io.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-16 | 6.3 | CVE-2025-2338 |
| themeum--Qubely Advanced Gutenberg Blocks | The Qubely - Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, password-protected, draft, and trashed post data. | 2025-03-11 | 4.3 | CVE-2024-13228 |
| themeum--WP Crowdfunding | The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to download all of a site's post content when WooCommerce is installed. | 2025-03-12 | 5.3 | CVE-2025-1508 |
| Thiago S.F.--Skitter Slideshow | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thiago S.F. Skitter Slideshow allows Stored XSS. This issue affects Skitter Slideshow: from n/a through 2.5.2. | 2025-03-11 | 5.9 | CVE-2025-28906 |
| tripetto--WordPress form builder plugin for contact forms, surveys and quizzes Tripetto | The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary results via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-03-15 | 4.3 | CVE-2025-1530 |
| TYPO3--oidc | An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: (1) an attacker can anticipate the e-mail address of the user, (2) an attacker can register a public frontend user account using that e-mail address before the user's first OIDC login, and (3) the IDP returns an email field containing the e-mail address of the user, | 2025-03-16 | 4.2 | CVE-2025-24856 |
| umbraco--Umbraco-CMS | Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. The issue is patched in versions 15.2.3 and 14.3.3. No known workarounds are available. | 2025-03-11 | 4.3 | CVE-2025-27601 |
| umbraco--Umbraco-CMS | Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folders the editor does not have access to. The issue is patched in versions 10.8.9 and 13.7.1. No known workarounds are available. | 2025-03-11 | 4.9 | CVE-2025-27602 |
| uncannyowl--Uncanny Automator Easy Automation, Integration, Webhooks & Workflow Builder Plugin | The Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Automator_Send_Webhook class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2025-03-12 | 5.5 | CVE-2024-13838 |
| Unknown--Coronavirus (COVID-19) Notice Message | The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-11 | 4.8 | CVE-2025-0629 |
| Unknown--SEO Tools | The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-03-11 | 6.1 | CVE-2024-13853 |
| Unknown--XV Random Quotes | The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack | 2025-03-11 | 4.3 | CVE-2024-13580 |
| uxper--Civi - Job Board & Freelance Marketplace WordPress Theme | The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of randomization of a password created during Single Sign-On via Google or Facebook. This makes it possible for unauthenticated attackers to change the password of arbitrary Candidate-level users if the attacker knows the username assigned to the victim during account creation. | 2025-03-14 | 5.6 | CVE-2024-13772 |
| vcita--CRM and Lead Management by vcita | The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable and disable plugin widgets. | 2025-03-13 | 4.3 | CVE-2024-13703 |
| Venugopal--Comment Date and Gravatar remover | Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover allows Cross Site Request Forgery. This issue affects Comment Date and Gravatar remover: from n/a through 1.0. | 2025-03-11 | 4.3 | CVE-2025-28862 |
| vim--vim | Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198. | 2025-03-13 | 4.4 | CVE-2025-29768 |
| Vivek Marakana--Tabbed Login Widget | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vivek Marakana Tabbed Login Widget allows Stored XSS. This issue affects Tabbed Login Widget: from n/a through 1.1.2. | 2025-03-11 | 6.5 | CVE-2025-28929 |
| webaways--NEX-Forms Ultimate Form Builder Contact forms and much more | The NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via a form. | 2025-03-12 | 5.3 | CVE-2024-13498 |
| wedevs--Appsero Helper | The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on the 'appsero_helper' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-03-11 | 6.1 | CVE-2024-13436 |
| Will Brubaker--Awesome Surveys | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Will Brubaker Awesome Surveys allows Stored XSS. This issue affects Awesome Surveys: from n/a through 2.0.10. | 2025-03-11 | 5.9 | CVE-2025-28878 |
| wp01ru--WP01 Speed, Security, SEO consultant | The WP01 plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 2.6.2 due to a missing capability check and insufficient restrictions on the make_archive() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download and read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-03-15 | 6.5 | CVE-2025-2267 |
| wponlinesupport--Portfolio and Projects | The Portfolio and Projects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-03-15 | 4.9 | CVE-2024-13847 |
| Xerox--Xerox Desktop Print Experience | Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access. | 2025-03-12 | 5.2 | CVE-2025-1984 |
| xjb--REST API TO MiniProgram | Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram allows Cross Site Request Forgery. This issue affects REST API TO MiniProgram: from n/a through 4.7.1. | 2025-03-11 | 4.3 | CVE-2025-28886 |
| ZipList--ZipList Recipe | Cross-Site Request Forgery (CSRF) vulnerability in ZipList ZipList Recipe allows Cross Site Request Forgery. This issue affects ZipList Recipe: from n/a through 3.1. | 2025-03-11 | 4.3 | CVE-2025-28868 |
| Zoom Communications, Inc--Zoom Apps | Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access. | 2025-03-11 | 6.5 | CVE-2025-0149 |
| zoorum--Zoorum Comments | The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorum_set_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-03-15 | 6.1 | CVE-2025-2163 |
| zozothemes--Zegen - Church WordPress Theme | The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import, export, and update theme options. | 2025-03-14 | 4.3 | CVE-2025-2289 |
| ZTE--GoldenDB | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. | 2025-03-11 | 6.4 | CVE-2025-26704 |
| ZTE--GoldenDB | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. | 2025-03-11 | 5.3 | CVE-2025-26705 |
| ZTE--GoldenDB | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.07. | 2025-03-11 | 5.4 | CVE-2025-26706 |
| ZTE--GoldenDB | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. | 2025-03-11 | 5.3 | CVE-2025-26707 |
| ZTE--GoldenDB | Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. | 2025-03-11 | 4.9 | CVE-2025-26702 |
| ZTE--GoldenDB | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. | 2025-03-11 | 4.3 | CVE-2025-26703 |
| zzskzy--Warehouse Refinement Management System | A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. Affected by this issue is the function UploadCrash of the file /crash/log/SaveCrash.ashx. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-12 | 6.3 | CVE-2025-2216 |
| zzskzy--Warehouse Refinement Management System | A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 1.3. This affects the function ProcessRequest of the file /getAdyData.ashx. The manipulation of the argument showid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-12 | 6.3 | CVE-2025-2217 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| aitangbao--springboot-manager | A vulnerability classified as problematic has been found in aitangbao springboot-manager 3.0. This affects an unknown part of the file /sys/permission. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-11 | 2.4 | CVE-2025-2206 |
| aitangbao--springboot-manager | A vulnerability classified as problematic was found in aitangbao springboot-manager 3.0. This vulnerability affects unknown code of the file /sys/dept. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-11 | 2.4 | CVE-2025-2207 |
| aitangbao--springboot-manager | A vulnerability, which was classified as problematic, has been found in aitangbao springboot-manager 3.0. This issue affects some unknown processing of the file /sysFiles/upload of the component Filename Handler. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-11 | 2.4 | CVE-2025-2208 |
| aitangbao--springboot-manager | A vulnerability, which was classified as problematic, was found in aitangbao springboot-manager 3.0. Affected is an unknown function of the file /sysDict/add. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-11 | 2.4 | CVE-2025-2209 |
| aitangbao--springboot-manager | A vulnerability has been found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /sysJob/add. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-11 | 2.4 | CVE-2025-2210 |
| aitangbao--springboot-manager | A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sysDictDetail/add. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-11 | 2.4 | CVE-2025-2211 |
| Apache Software Foundation--Apache OFBiz | Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18. It's a regression between 18.12.17 and 18.12.18. In case you use something like that, which is not recommended! For security, only official releases should be used. In other words, if you use 18.12.17 you are still safe. The version 18.12.17 is not a affected. But something between 18.12.17 and 18.12.18 is. In that case, users are recommended to upgrade to version 18.12.18, which fixes the issue. | 2025-03-10 | 3.5 | CVE-2025-26865 |
| Apple--macOS | This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a device may be able to read contact numbers from the lock screen. | 2025-03-10 | 2.4 | CVE-2024-44179 |
| Archer--Archer | In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a GenericContent/Record.aspx?id= URI. This enables unauthorized modification of system-generated metadata, compromising data integrity and potentially impacting auditing, compliance, and security controls. | 2025-03-11 | 1.8 | CVE-2025-27893 |
| Castlenet--CBW383G2N | A vulnerability was found in Castlenet CBW383G2N up to 20250301. It has been classified as problematic. This affects an unknown part of the file /RgSwInfo.asp. The manipulation of the argument Description with the input <img/src/onerror=prompt(8)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-11 | 2.4 | CVE-2025-2212 |
| Castlenet--CBW383G2N | A vulnerability was found in Castlenet CBW383G2N up to 20250301. It has been declared as problematic. This vulnerability affects unknown code of the file /wlanPrimaryNetwork.asp of the component Wireless Menu. The manipulation of the argument SSID with the input <img/src/onerror=prompt(8)> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-11 | 2.4 | CVE-2025-2213 |
| changeweb -- unifiedtransform | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections. | 2025-03-10 | 2.7 | CVE-2025-25615 |
| Claro--A7600-A1 | A vulnerability, which was classified as problematic, has been found in Claro A7600-A1 RNR4-A72T-2x16_v2110403_CLA_32_160817. Affected by this issue is some unknown functionality of the file /form2pingv6.cgi of the component Ping6 Diagnóstico. The manipulation of the argument ip6addr with the input <img/src/onerror=prompt(8)> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-11 | 2.4 | CVE-2025-2191 |
| Drivin--Solues | A vulnerability classified as problematic was found in Drivin Soluções up to 20250226. This vulnerability affects unknown code of the file /api/school/registerSchool of the component API Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-16 | 3.5 | CVE-2025-2335 |
| Fortinet--FortiSIEM | An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests. | 2025-03-11 | 3.8 | CVE-2024-55592 |
| Fortinet--FortiWeb | An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands over the log database via specifically crafted strings parameters. | 2025-03-14 | 2.7 | CVE-2022-29059 |
| ftcms -- ftcms | A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-10 | 2.4 | CVE-2025-2133 |
| GitLab--GitLab | An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introduce malicious code. | 2025-03-13 | 3.7 | CVE-2024-8402 |
| GitLab--GitLab | An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users. | 2025-03-13 | 2.7 | CVE-2024-7296 |
| IBM--Common Cryptographic Architecture | IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations. | 2025-03-11 | 3.7 | CVE-2024-41760 |
| IBM--Sterling B2B Integrator Standard Edition | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user. | 2025-03-10 | 2.7 | CVE-2024-52905 |
| IROAD--Dash Cam FX2 | A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effort. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | 2025-03-16 | 3.1 | CVE-2025-2349 |
| IROAD--Dash Cam X5 | A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-16 | 3.1 | CVE-2025-2341 |
| librasean--IP-Utils | The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value. | 2025-03-11 | 2.9 | CVE-2024-28607 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64. It turns out arena_map_free() is calling apply_to_existing_page_range() with the address returned by bpf_arena_get_kern_vm_start(). If this address is not page-aligned the code ends up calling apply_to_pte_range() with that unaligned address causing soft lockup. Fix it by round up GUARD_SZ to PAGE_SIZE << 1 so that the division by 2 in bpf_arena_get_kern_vm_start() returns a page-aligned value. | 2025-03-12 | 3.3 | CVE-2025-21851 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: mm/zswap: fix inconsistency when zswap_store_page() fails Commit b7c0ccdfbafd ("mm: zswap: support large folios in zswap_store()") skips charging any zswap entries when it failed to zswap the entire folio. However, when some base pages are zswapped but it failed to zswap the entire folio, the zswap operation is rolled back. When freeing zswap entries for those pages, zswap_entry_free() uncharges the zswap entries that were not previously charged, causing zswap charging to become inconsistent. This inconsistency triggers two warnings with following steps: # On a machine with 64GiB of RAM and 36GiB of zswap $ stress-ng --bigheap 2 # wait until the OOM-killer kills stress-ng $ sudo reboot The two warnings are: in mm/memcontrol.c:163, function obj_cgroup_release(): WARN_ON_ONCE(nr_bytes & (PAGE_SIZE - 1)); in mm/page_counter.c:60, function page_counter_cancel(): if (WARN_ONCE(new < 0, "page_counter underflow: %ld nr_pages=%lu\n", new, nr_pages)) zswap_stored_pages also becomes inconsistent in the same way. As suggested by Kanchana, increment zswap_stored_pages and charge zswap entries within zswap_store_page() when it succeeds. This way, zswap_entry_free() will decrement the counter and uncharge the entries when it failed to zswap the entire folio. While this could potentially be optimized by batching objcg charging and incrementing the counter, let's focus on fixing the bug this time and leave the optimization for later after some evaluation. After resolving the inconsistency, the warnings disappear. [42.hyeyoo@gmail.com: refactor zswap_store_page()] Link: https://lkml.kernel.org/r/20250131082037.2426-1-42.hyeyoo@gmail.com | 2025-03-12 | 3.3 | CVE-2025-21860 |
| n/a--Microweber | A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of the argument group leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-12 | 3.5 | CVE-2025-2214 |
| n/a--MRCMS | A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-11 | 3.5 | CVE-2025-2194 |
| n/a--MRCMS | A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admin/file/rename.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument name/path leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-11 | 3.5 | CVE-2025-2195 |
| n/a--MRCMS | A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-11 | 3.5 | CVE-2025-2196 |
| n/a--PyTorch | A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | 2025-03-10 | 2.5 | CVE-2025-2149 |
| Odyssey--CMS | A vulnerability was found in Odyssey CMS up to 10.34. It has been classified as problematic. Affected is an unknown function of the file /modules/odyssey_contact_form/odyssey_contact_form.php of the component reCAPTCHA Handler. The manipulation of the argument g-recaptcha-response leads to key management error. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-12 | 3.3 | CVE-2025-2220 |
| otale--Tale Blog | A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-03-16 | 2.4 | CVE-2025-2340 |
| Red Hat--Red Hat Satellite 6 | A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively. | 2025-03-15 | 3.3 | CVE-2025-2157 |
| SAP_SE--SAP CRM and SAP S/4HANA (Interaction Center) | Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability | 2025-03-11 | 3.5 | CVE-2025-27430 |
| SAP_SE--SAP Electronic Invoicing for Brazil (eDocument Cockpit) | The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call each transaction and view the inbound delivery details. This vulnerability has a low impact on the confidentiality with no effect on the integrity and the availability of the application. | 2025-03-11 | 2.4 | CVE-2025-27432 |
| SAP_SE--SAP Just In Time | SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted. | 2025-03-11 | 3.1 | CVE-2025-26655 |
| Siemens--RUGGEDCOM RM1224 LTE(4G) EU | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2.1), SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) (All versions < V8.2.1), SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2.1), SCALANCE SC-600 family (All versions). Affected devices improperly validate usernames during OpenVPN authentication. This could allow an attacker to get partial invalid usernames accepted by the server. | 2025-03-11 | 3.7 | CVE-2025-23384 |
| Siemens--SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if and only if the malicious path ends with 'log' . | 2025-03-11 | 3.8 | CVE-2025-27397 |
| Siemens--SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privileged remote attacker to execute a limited set of binaries that are already present on the filesystem. | 2025-03-11 | 2.7 | CVE-2025-27398 |
| snowflakedb--snowflake-jdbc | Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. Snowflake fixed the issue in version 3.23.1. | 2025-03-13 | 3.3 | CVE-2025-27496 |
| StarSea99--starsea-mall | A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-16 | 2.4 | CVE-2025-2352 |
| TianoCore--EDK2 | EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. | 2025-03-14 | 3.5 | CVE-2025-2295 |
| Unknown--Social Share Buttons, Social Sharing Icons, Click to Tweet Social Media Plugin by Social Snap | The Social Share Buttons, Social Sharing Icons, Click to Tweet - Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-11 | 3.5 | CVE-2024-13615 |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| AMI--MegaRAC-SPx | AMI's SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 2025-03-11 | not yet calculated | CVE-2024-54085 |
| Apache Software Foundation--Apache Felix HTTP Webconsole Plugin | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue. | 2025-03-12 | not yet calculated | CVE-2025-27867 |
| Apache Software Foundation--Apache NiFi | Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials information. Upgrading to Apache NiFi 2.3.0 is the recommended mitigation, which removes the credentials from provenance event records. | 2025-03-12 | not yet calculated | CVE-2025-27017 |
| Ashlar-Vellum--Cobalt | Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25185. | 2025-03-11 | not yet calculated | CVE-2025-2012 |
| Ashlar-Vellum--Cobalt | Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25186. | 2025-03-11 | not yet calculated | CVE-2025-2013 |
| Ashlar-Vellum--Cobalt | Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VS files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25235. | 2025-03-11 | not yet calculated | CVE-2025-2014 |
| Ashlar-Vellum--Cobalt | Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25236. | 2025-03-11 | not yet calculated | CVE-2025-2015 |
| Ashlar-Vellum--Cobalt | Ashlar-Vellum Cobalt VC6 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25238. | 2025-03-11 | not yet calculated | CVE-2025-2016 |
| Ashlar-Vellum--Cobalt | Ashlar-Vellum Cobalt CO File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25240. | 2025-03-11 | not yet calculated | CVE-2025-2017 |
| Ashlar-Vellum--Cobalt | Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25245. | 2025-03-11 | not yet calculated | CVE-2025-2018 |
| Ashlar-Vellum--Cobalt | Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25252. | 2025-03-11 | not yet calculated | CVE-2025-2019 |
| Ashlar-Vellum--Cobalt | Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25254. | 2025-03-11 | not yet calculated | CVE-2025-2020 |
| Ashlar-Vellum--Cobalt | Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25264. | 2025-03-11 | not yet calculated | CVE-2025-2021 |
| Ashlar-Vellum--Cobalt | Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25276. | 2025-03-11 | not yet calculated | CVE-2025-2022 |
| Ashlar-Vellum--Cobalt | Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25348. | 2025-03-11 | not yet calculated | CVE-2025-2023 |
| Avid--Avid NEXIS E-series | Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F-series on Linux, Avid Avid NEXIS PRO+ on Linux, Avid System Director Appliance (SDA+) on Linux allows code execution on underlying operating system with root permissions.This issue affects Avid NEXIS E-series: before 2024.6.0; Avid NEXIS F-series: before 2024.6.0; Avid NEXIS PRO+: before 2024.6.0; System Director Appliance (SDA+): before 2024.6.0. | 2025-03-12 | not yet calculated | CVE-2024-26290 |
| Bitdefender--BOX v1 | An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit. | 2025-03-12 | not yet calculated | CVE-2024-13870 |
| Bitdefender--BOX v1 | A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code execution (RCE). | 2025-03-12 | not yet calculated | CVE-2024-13871 |
| Bitdefender--BOX v1 | Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device. | 2025-03-12 | not yet calculated | CVE-2024-13872 |
| Concrete CMS--Concrete CMS | Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph for reporting. | 2025-03-10 | not yet calculated | CVE-2025-0660 |
| CyclopsMC--IntegratedScripting | Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java reflection on a thrown exception object it's possible to escape the JavaScript sandbox for IntegratedScripting's Variable Cards, and leverage that to construct arbitrary Java classes and invoke arbitrary Java methods. This vulnerability allows for execution of arbitrary Java methods, and by extension arbitrary native code e.g. from `java.lang.Runtime.exec`, on the Minecraft server by any player with the ability to create and use an IntegratedScripting Variable Card. Versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 fix the issue. | 2025-03-13 | not yet calculated | CVE-2025-27107 |
| dataease--dataease | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | 2025-03-13 | not yet calculated | CVE-2025-24974 |
| dataease--dataease | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | 2025-03-13 | not yet calculated | CVE-2025-27103 |
| dataease--dataease | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | 2025-03-13 | not yet calculated | CVE-2025-27138 |
| DavidOsipov--PostQuantum-Feldman-VSS | Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.7.6b0 and prior, the `secure_redundant_execution` function in feldman_vss.py attempts to mitigate fault injection attacks by executing a function multiple times and comparing results. However, several critical weaknesses exist. Python's execution environment cannot guarantee true isolation between redundant executions, the constant-time comparison implementation in Python is subject to timing variations, the randomized execution order and timing provide insufficient protection against sophisticated fault attacks, and the error handling may leak timing information about partial execution results. These limitations make the protection ineffective against targeted fault injection attacks, especially from attackers with physical access to the hardware. A successful fault injection attack could allow an attacker to bypass the redundancy check mechanisms, extract secret polynomial coefficients during share generation or verification, force the acceptance of invalid shares during verification, and/or manipulate the commitment verification process to accept fraudulent commitments. This undermines the core security guarantees of the Verifiable Secret Sharing scheme. As of time of publication, no patched versions of Post-Quantum Secure Feldman's Verifiable Secret Sharing exist, but other mitigations are available. Long-term remediation requires reimplementing the security-critical functions in a lower-level language like Rust. Short-term mitigations include deploying the software in environments with physical security controls, increasing the redundancy count (from 5 to a higher number) by modifying the source code, adding external verification of cryptographic operations when possible, considering using hardware security modules (HSMs) for key operations. | 2025-03-14 | not yet calculated | CVE-2025-29779 |
| DavidOsipov--PostQuantum-Feldman-VSS | Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.7.6b0 and prior, the `feldman_vss` library contains timing side-channel vulnerabilities in its matrix operations, specifically within the `_find_secure_pivot` function and potentially other parts of `_secure_matrix_solve`. These vulnerabilities are due to Python's execution model, which does not guarantee constant-time execution. An attacker with the ability to measure the execution time of these functions (e.g., through repeated calls with carefully crafted inputs) could potentially recover secret information used in the Verifiable Secret Sharing (VSS) scheme. The `_find_secure_pivot` function, used during Gaussian elimination in `_secure_matrix_solve`, attempts to find a non-zero pivot element. However, the conditional statement `if matrix[row][col] != 0 and row_random < min_value:` has execution time that depends on the value of `matrix[row][col]`. This timing difference can be exploited by an attacker. The `constant_time_compare` function in this file also does not provide a constant-time guarantee. The Python implementation of matrix operations in the _find_secure_pivot and _secure_matrix_solve functions cannot guarantee constant-time execution, potentially leaking information about secret polynomial coefficients. An attacker with the ability to make precise timing measurements of these operations could potentially extract secret information through statistical analysis of execution times, though practical exploitation would require significant expertise and controlled execution environments. Successful exploitation of these timing side-channels could allow an attacker to recover secret keys or other sensitive information protected by the VSS scheme. This could lead to a complete compromise of the shared secret. As of time of publication, no patched versions of Post-Quantum Secure Feldman's Verifiable Secret Sharing exist, but other mitigations are available. As acknowledged in the library's documentation, these vulnerabilities cannot be adequately addressed in pure Python. In the short term, consider using this library only in environments where timing measurements by attackers are infeasible. In the medium term, implement your own wrappers around critical operations using constant-time libraries in languages like Rust, Go, or C. In the long term, wait for the planned Rust implementation mentioned in the library documentation that will properly address these issues. | 2025-03-14 | not yet calculated | CVE-2025-29780 |
| demergent-labs--azle | Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Calling `setTimer` in Azle versions `0.27.0`, `0.28.0`, and `0.29.0` causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the global state of the previous timer. The infinite loop will occur with any valid invocation of `setTimer`. The problem has been fixed as of Azle version `0.30.0`. As a workaround, if a canister is caught in this infinite loop after calling `setTimer`, the canister can be upgraded and the timers will all be cleared, thus ending the loop. | 2025-03-14 | not yet calculated | CVE-2025-29776 |
| Devolutions--Remote Desktop Manager | Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic. | 2025-03-13 | not yet calculated | CVE-2025-1635 |
| Devolutions--Remote Desktop Manager | Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My Personal Credentials in a shared vault via the clear history feature due to faulty business logic. | 2025-03-13 | not yet calculated | CVE-2025-1636 |
| Devolutions--Server | Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking. | 2025-03-13 | not yet calculated | CVE-2025-2277 |
| Devolutions--Server | Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID. | 2025-03-13 | not yet calculated | CVE-2025-2278 |
| Devolutions--Server | Improper access control in web extension restriction feature in Devolutions Server 2024.3.13 and earlier allows an authenticated user to bypass the browser extension restriction feature. | 2025-03-13 | not yet calculated | CVE-2025-2280 |
| Eclipse Foundation--Eclipse Cyclone DDS | An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions. | 2025-03-12 | not yet calculated | CVE-2024-10838 |
| golang.org/x/net--golang.org/x/net/http/httpproxy | Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied. | 2025-03-12 | not yet calculated | CVE-2025-22870 |
| Google--Keras | The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading. | 2025-03-11 | not yet calculated | CVE-2025-1550 |
| hikashop.com--Hikashop component for Joomla | A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions. | 2025-03-15 | not yet calculated | CVE-2025-25225 |
| HP Inc.--HP LaserJet MFP M232-M237 Printer Series | The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP). | 2025-03-14 | not yet calculated | CVE-2025-2268 |
| jitbit--HtmlSanitizer | HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a `contentEditable` element to set the elements `innerHTML` to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. The issue is patched in version 2.0.3. | 2025-03-14 | not yet calculated | CVE-2025-29771 |
| Joomla! Project--Joomla! CMS | Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions. | 2025-03-11 | not yet calculated | CVE-2025-22213 |
| Jouni Malinen--hostapd | hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail. | 2025-03-12 | not yet calculated | CVE-2025-24912 |
| LabRedesCefetRJ--WeGIA | WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the `tipo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. Version 3.2.17 contains a patch for the issue. | 2025-03-14 | not yet calculated | CVE-2025-29782 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl. | 2025-03-14 | not yet calculated | CVE-2023-52927 |
| LogicalDOC--LogicalDOC Community | The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with 'read' and 'download' privileges on at least one existing document in the application is required to exploit the vulnerability. Exploitation of this vulnerability would allow an attacker to read the contents of any file available within the privileges of the system user running the application. | 2025-03-14 | not yet calculated | CVE-2024-12019 |
| LogicalDOC--LogicalDOC Community | Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables. | 2025-03-14 | not yet calculated | CVE-2024-12245 |
| LogicalDOC--LogicalDOC Community | Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables. | 2025-03-14 | not yet calculated | CVE-2024-54445 |
| LogicalDOC--LogicalDOC Community | Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables. | 2025-03-14 | not yet calculated | CVE-2024-54446 |
| LogicalDOC--LogicalDOC Community | Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables. | 2025-03-14 | not yet calculated | CVE-2024-54447 |
| LogicalDOC--LogicalDOC Community | The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is needed to carry out the attack. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC. | 2025-03-14 | not yet calculated | CVE-2024-54448 |
| LogicalDOC--LogicalDOC Community | The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An account with 'read' and 'write' privileges on at least one existing document in the application is required to exploit the vulnerability. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC. | 2025-03-14 | not yet calculated | CVE-2024-54449 |
| LogicalDOC--LogicalDOC Enterprise | There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possible due to cookie security flags, however the XSS may be used to induce a victim to perform on-site requests without their knowledge. This vulnerability only affects LogicalDOC Enterprise. | 2025-03-14 | not yet calculated | CVE-2024-12020 |
| Mennekes--Smart / Premium charging stations | The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS. | 2025-03-11 | not yet calculated | CVE-2025-22366 |
| Mennekes--Smart / Premium charging stations | The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS. | 2025-03-11 | not yet calculated | CVE-2025-22367 |
| Mennekes--Smart / Premium charging stations | The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS. | 2025-03-11 | not yet calculated | CVE-2025-22368 |
| Mennekes--Smart / Premium charging stations | The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS. | 2025-03-11 | not yet calculated | CVE-2025-22369 |
| Mennekes--Smart / Premium charging stations | Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized. | 2025-03-11 | not yet calculated | CVE-2025-22370 |
| Meta Platforms, Inc--below | A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow. | 2025-03-11 | not yet calculated | CVE-2025-27591 |
| MLJAR--PlotAI | A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting the risk. The vendor does not plan to release a patch to fix this vulnerability. | 2025-03-10 | not yet calculated | CVE-2025-1497 |
| mmaitre314--picklescan | picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise a BadZipFile error. However, PyTorch's more forgiving ZIP implementation still allows the model to be loaded, enabling malicious payloads to bypass detection. | 2025-03-10 | not yet calculated | CVE-2025-1944 |
| mmaitre314--picklescan | picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being successfully loaded by PyTorch's torch.load(). This can lead to arbitrary code execution when loading a compromised model. | 2025-03-10 | not yet calculated | CVE-2025-1945 |
| Mogify Infotech--Tinxy Wi-Fi Lock Controller v1 RF | This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device. | 2025-03-11 | not yet calculated | CVE-2025-2189 |
| n/a--n/a | The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module | 2025-03-11 | not yet calculated | CVE-2021-37787 |
| n/a--n/a | Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component. | 2025-03-13 | not yet calculated | CVE-2024-22880 |
| n/a--n/a | Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter | 2025-03-13 | not yet calculated | CVE-2024-28803 |
| n/a--n/a | File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header. | 2025-03-14 | not yet calculated | CVE-2024-29409 |
| n/a--n/a | A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.jsp. | 2025-03-11 | not yet calculated | CVE-2024-51319 |
| n/a--n/a | In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication. | 2025-03-11 | not yet calculated | CVE-2024-51321 |
| n/a--n/a | Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks. | 2025-03-13 | not yet calculated | CVE-2024-53406 |
| n/a--n/a | A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2025-03-13 | not yet calculated | CVE-2024-55060 |
| n/a--n/a | User Enumeration via Discrepancies in Error Messages in the Celk Sistemas Celk Saude v.3.1.252.1 password recovery functionality which allows a remote attacker to enumerate users through discrepancies in the responses. | 2025-03-13 | not yet calculated | CVE-2024-55198 |
| n/a--n/a | An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. | 2025-03-13 | not yet calculated | CVE-2024-57062 |
| n/a--n/a | Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters. | 2025-03-13 | not yet calculated | CVE-2024-57348 |
| n/a--n/a | An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload into the HTML field of a template. | 2025-03-13 | not yet calculated | CVE-2025-25363 |
| n/a--n/a | An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request. | 2025-03-10 | not yet calculated | CVE-2025-25382 |
| n/a--n/a | SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. | 2025-03-12 | not yet calculated | CVE-2025-25565 |
| n/a--n/a | SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. | 2025-03-12 | not yet calculated | CVE-2025-25567 |
| n/a--n/a | SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. | 2025-03-12 | not yet calculated | CVE-2025-25568 |
| n/a--n/a | Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task. | 2025-03-13 | not yet calculated | CVE-2025-25598 |
| n/a--n/a | FS Inc S3150 8T2F Switch s3150-8t2f-switch-fsos-220d_118101 has a stored cross-site scripting (XSS) vulnerability in the web management interface. | 2025-03-13 | not yet calculated | CVE-2025-25625 |
| n/a--n/a | LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when a specially crafted QR code is presented to the camera. | 2025-03-11 | not yet calculated | CVE-2025-25680 |
| n/a--n/a | A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an id_sessione CSRF token. | 2025-03-11 | not yet calculated | CVE-2025-25748 |
| n/a--n/a | An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies. | 2025-03-11 | not yet calculated | CVE-2025-25749 |
| n/a--n/a | An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function | 2025-03-14 | not yet calculated | CVE-2025-25871 |
| n/a--n/a | An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function | 2025-03-14 | not yet calculated | CVE-2025-25872 |
| n/a--n/a | Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function | 2025-03-14 | not yet calculated | CVE-2025-25873 |
| n/a--n/a | An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function | 2025-03-12 | not yet calculated | CVE-2025-25975 |
| n/a--n/a | CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the CPF parameter. | 2025-03-14 | not yet calculated | CVE-2025-26163 |
| n/a--n/a | Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution. | 2025-03-12 | not yet calculated | CVE-2025-26260 |
| n/a--n/a | SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass via the captcha parameter | 2025-03-14 | not yet calculated | CVE-2025-26312 |
| n/a--n/a | A cross-site scripting (XSS) vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image. | 2025-03-13 | not yet calculated | CVE-2025-28010 |
| n/a--n/a | A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter. | 2025-03-13 | not yet calculated | CVE-2025-28011 |
| n/a--n/a | A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters. | 2025-03-13 | not yet calculated | CVE-2025-28015 |
| n/a--n/a | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function. | 2025-03-14 | not yet calculated | CVE-2025-29029 |
| n/a--n/a | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function. | 2025-03-14 | not yet calculated | CVE-2025-29030 |
| n/a--n/a | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function. | 2025-03-14 | not yet calculated | CVE-2025-29031 |
| n/a--n/a | Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function. | 2025-03-14 | not yet calculated | CVE-2025-29032 |
| n/a--n/a | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | 2025-03-13 | not yet calculated | CVE-2025-29357 |
| n/a--n/a | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | 2025-03-13 | not yet calculated | CVE-2025-29358 |
| n/a--n/a | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | 2025-03-13 | not yet calculated | CVE-2025-29359 |
| n/a--n/a | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | 2025-03-13 | not yet calculated | CVE-2025-29360 |
| n/a--n/a | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | 2025-03-13 | not yet calculated | CVE-2025-29361 |
| n/a--n/a | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | 2025-03-13 | not yet calculated | CVE-2025-29362 |
| n/a--n/a | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffer overflow via the schedStartTime and schedEndTime parameters at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | 2025-03-13 | not yet calculated | CVE-2025-29363 |
| n/a--n/a | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | 2025-03-14 | not yet calculated | CVE-2025-29384 |
| n/a--n/a | In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | 2025-03-14 | not yet calculated | CVE-2025-29385 |
| n/a--n/a | In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | 2025-03-14 | not yet calculated | CVE-2025-29386 |
| n/a--n/a | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | 2025-03-14 | not yet calculated | CVE-2025-29387 |
| n/a--n/a | CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the DATANASC parameter. | 2025-03-14 | not yet calculated | CVE-2025-30022 |
| node-saml--xml-crypto | xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively. | 2025-03-14 | not yet calculated | CVE-2025-29774 |
| node-saml--xml-crypto | xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively. | 2025-03-14 | not yet calculated | CVE-2025-29775 |
| obiba--opal | Opal is OBiBa's core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of the application are impacted, as this is exploitable by any user to reveal all files in the opal filesystem. This also means that low-privilege users such as DataShield users can retrieve the files of other users. Version 5.1.1 contains a patch for the issue. | 2025-03-11 | not yet calculated | CVE-2025-27101 |
| obiba--opal | Opal is OBiBa's core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery (CSRF) were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referrer header can be dropped from CSRF requests using `<meta name="referrer" content="never">`, effectively bypassing this protection. Version 5.1.1 contains a patch for the issue. | 2025-03-11 | not yet calculated | CVE-2025-27792 |
| OpenText--Service Manager | Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenTextâ„¢ Service Manager. The vulnerability could reveal sensitive information retained by the browser. This issue affects Service Manager: 9.70, 9.71, 9.72, 9.80. | 2025-03-12 | not yet calculated | CVE-2025-0883 |
| OpenText--Service Manager | Unquoted Search Path or Element vulnerability in OpenTextâ„¢ Service Manager. The vulnerability could allow a user to gain SYSTEM privileges through Privilege Escalation. This issue affects Service Manager: 9.70, 9.71, 9.72. | 2025-03-12 | not yet calculated | CVE-2025-0884 |
| Optigo Networks--Visual BACnet Capture Tool | Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions. | 2025-03-13 | not yet calculated | CVE-2025-2079 |
| Optigo Networks--Visual BACnet Capture Tool | Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products. | 2025-03-13 | not yet calculated | CVE-2025-2080 |
| Optigo Networks--Visual BACnet Capture Tool | Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients. | 2025-03-13 | not yet calculated | CVE-2025-2081 |
| owen2345--camaleon-cms | A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering. | 2025-03-14 | not yet calculated | CVE-2025-2304 |
| Palo Alto Networks--GlobalProtect App | A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected. | 2025-03-12 | not yet calculated | CVE-2025-0117 |
| Palo Alto Networks--GlobalProtect App | A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device. This issue does not apply to the GlobalProtect app on other (non-Windows) platforms. | 2025-03-12 | not yet calculated | CVE-2025-0118 |
| Palo Alto Networks--PAN-OS | A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway. This issue does not apply to Cloud NGFWs or Prisma Access software. | 2025-03-12 | not yet calculated | CVE-2025-0114 |
| Palo Alto Networks--PAN-OS | A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. You can greatly reduce the risk of this issue by restricting access to the management interface to only trusted users and internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access. | 2025-03-12 | not yet calculated | CVE-2025-0115 |
| Palo Alto Networks--PAN-OS | A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode. This issue does not apply to Cloud NGFWs or Prisma Access software. | 2025-03-12 | not yet calculated | CVE-2025-0116 |
| PDF-XChange--PDF-XChange Editor | PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25368. | 2025-03-11 | not yet calculated | CVE-2025-0900 |
| pimcore--pimcore | Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue. | 2025-03-11 | not yet calculated | CVE-2025-27617 |
| ratify-project--ratify | Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry (ACR). The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure authentication providers may be impacted by a vulnerability that exists in versions prior to 1.2.3 and 1.3.2. Both Azure authentication providers attempt to exchange an Entra ID (EID) token for an ACR refresh token. However, Ratify's Azure authentication providers did not verify that the target registry is an ACR. This could have led to the EID token being presented to a non-ACR registry during token exchange. EID tokens with ACR access can potentially be extracted and abused if a user workload contains an image reference to a malicious registry. As of versions 1.2.3 and 1.3.2, the Azure workload identity and Azure managed identity authentication providers are updated to add new validation prior to EID token exchange. Validation relies upon registry domain validation against a pre-configured list of well-known ACR endpoints. EID token exchange will be executed only if at least one of the configured well-known domain suffixes (wildcard support included) matches the registry domain of the image reference. | 2025-03-11 | not yet calculated | CVE-2025-27403 |
| Rising Technosoft--CAP back office application | This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to other user accounts. | 2025-03-13 | not yet calculated | CVE-2025-29994 |
| Rising Technosoft--CAP back office application | This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targeted users. | 2025-03-13 | not yet calculated | CVE-2025-29995 |
| Rising Technosoft--CAP back office application | This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this vulnerability could allow the attacker to bypass Two-Factor Authentication (2FA) for other user accounts. | 2025-03-13 | not yet calculated | CVE-2025-29996 |
| Rising Technosoft--CAP back office application | This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts. | 2025-03-13 | not yet calculated | CVE-2025-29997 |
| Rising Technosoft--CAP back office application | This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system. | 2025-03-13 | not yet calculated | CVE-2025-29998 |
| Robothy--local-s3 | LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity (XXE) injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML parser is configured to resolve external entities. This allows an attacker to declare an external entity that references an internal URL, which the server will then attempt to fetch when parsing the XML. The vulnerability specifically occurs in the location constraint processing, where the XML parser resolves external entities without proper validation or restrictions. When the external entity is resolved, the server makes an HTTP request to the specified URL and includes the response content in the parsed XML document. This vulnerability can be exploited to perform server-side request forgery (SSRF) attacks, allowing an attacker to make requests to internal services or resources that should not be accessible from external networks. The server will include the responses from these internal requests in the resulting bucket configuration, effectively leaking sensitive information. The attacker only needs to be able to send HTTP requests to the LocalS3 service to exploit this vulnerability. | 2025-03-10 | not yet calculated | CVE-2025-27136 |
| SAML-Toolkits--ruby-saml | ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue. | 2025-03-12 | not yet calculated | CVE-2025-25291 |
| SAML-Toolkits--ruby-saml | ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue. | 2025-03-12 | not yet calculated | CVE-2025-25292 |
| SAML-Toolkits--ruby-saml | ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue. | 2025-03-12 | not yet calculated | CVE-2025-25293 |
| Samsung--SmartThings | Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615. | 2025-03-11 | not yet calculated | CVE-2025-2233 |
| Significant-Gravitas--AutoGPT | AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery (SSRF) vulnerability inside component (or block) `Send Web Request`. The root cause is that IPV6 address is not restricted or filtered, which allows attackers to perform a server side request forgery to visit an IPV6 service. autogpt-platform-beta-v0.4.2 fixes the issue. | 2025-03-10 | not yet calculated | CVE-2025-22603 |
| Unknown--Download Manager | The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files. | 2025-03-16 | not yet calculated | CVE-2024-13126 |
| Unknown--GDPR Cookie Compliance | The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-16 | not yet calculated | CVE-2025-1619 |
| Unknown--GDPR Cookie Compliance | The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-16 | not yet calculated | CVE-2025-1620 |
| Unknown--GDPR Cookie Compliance | The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-16 | not yet calculated | CVE-2025-1621 |
| Unknown--GDPR Cookie Compliance | The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-16 | not yet calculated | CVE-2025-1622 |
| Unknown--GDPR Cookie Compliance | The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-16 | not yet calculated | CVE-2025-1623 |
| Unknown--GDPR Cookie Compliance | The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-16 | not yet calculated | CVE-2025-1624 |
| Unknown--Poll Maker | The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-16 | not yet calculated | CVE-2024-13602 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.