Vulnerability Summary for the Week of April 7, 2025
Released
Apr 14, 2025
Document ID
SB25-104
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| n/a -- n/a | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793). | 2025-04-08 | 10 | CVE-2024-41794 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7. | 2025-04-09 | 10 | CVE-2025-32642 |
| n/a -- n/a | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. | 2025-04-08 | 9.1 | CVE-2024-41788 |
| n/a -- n/a | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. | 2025-04-08 | 9.1 | CVE-2024-41789 |
| n/a -- n/a | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. | 2025-04-08 | 9.1 | CVE-2024-41790 |
| n/a -- n/a | A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request | 2025-04-08 | 9.8 | CVE-2024-48887 |
| n/a -- n/a | A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (All versions), Industrial Edge Device Kit - x86-64 V1.18 (All versions), Industrial Edge Device Kit - x86-64 V1.19 (All versions), Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1), Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a), Industrial Edge Virtual Device (All versions < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions), SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0), SIMATIC IPC127E Industrial Edge Device (All versions < V3.0), SIMATIC IPC227E Industrial Edge Device (All versions < V3.0), SIMATIC IPC427E Industrial Edge Device (All versions < V3.0), SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user. | 2025-04-08 | 9.8 | CVE-2024-54092 |
| n/a -- n/a | An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websocket message. | 2025-04-09 | 9.8 | CVE-2024-55210 |
| n/a -- n/a | Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. | 2025-04-10 | 9 | CVE-2024-58136 |
| n/a -- n/a | The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 2025-04-08 | 9.1 | CVE-2025-2004 |
| mediatek -- software_development_kit | In wlan service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406897; Issue ID: MSV-2875. | 2025-04-07 | 9.8 | CVE-2025-20654 |
| n/a -- n/a | A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4. | 2025-04-11 | 9.1 | CVE-2025-23391 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 9.1 | CVE-2025-24446 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 9.1 | CVE-2025-24447 |
| n/a -- n/a | Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used. | 2025-04-08 | 9.8 | CVE-2025-25226 |
| n/a -- n/a | The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2025-04-11 | 9.8 | CVE-2025-2636 |
| n/a -- n/a | SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system. | 2025-04-08 | 9.9 | CVE-2025-27429 |
| n/a -- n/a | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account. | 2025-04-10 | 9.8 | CVE-2025-27690 |
| n/a -- n/a | OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product. | 2025-04-09 | 9.8 | CVE-2025-27797 |
| ruoyi -- ruoyi | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter | 2025-04-07 | 9.8 | CVE-2025-28402 |
| ruoyi -- ruoyi | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method | 2025-04-07 | 9.8 | CVE-2025-28405 |
| ruoyi -- ruoyi | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter | 2025-04-07 | 9.8 | CVE-2025-28406 |
| ruoyi -- ruoyi | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter | 2025-04-07 | 9.8 | CVE-2025-28408 |
| ruoyi -- ruoyi | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges | 2025-04-07 | 9.8 | CVE-2025-28410 |
| ruoyi -- ruoyi | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave | 2025-04-07 | 9.8 | CVE-2025-28411 |
| ruoyi -- ruoyi | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController | 2025-04-07 | 9.8 | CVE-2025-28412 |
| ruoyi -- ruoyi | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component | 2025-04-07 | 9.8 | CVE-2025-28413 |
| n/a -- n/a | Sqlite 3.49.0 is susceptible to integer overflow through the concat function. | 2025-04-07 | 9.8 | CVE-2025-29087 |
| n/a -- n/a | SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the application. | 2025-04-08 | 9.8 | CVE-2025-30016 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction. | 2025-04-08 | 9.1 | CVE-2025-30281 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass authentication mechanisms and execute code with the privileges of the authenticated user. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application. | 2025-04-08 | 9.1 | CVE-2025-30282 |
| n/a -- n/a | Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Using Malicious Files. This issue affects Squeeze: from n/a through 1.6. | 2025-04-09 | 9.1 | CVE-2025-31002 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity allows Cross Site Request Forgery. This issue affects Buddypress Humanity: from n/a through 1.2. | 2025-04-09 | 9.8 | CVE-2025-31033 |
| n/a -- n/a | SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system. | 2025-04-08 | 9.9 | CVE-2025-31330 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSmartContracts WPSmartContracts allows Blind SQL Injection. This issue affects WPSmartContracts: from n/a through 2.0.10. | 2025-04-11 | 9.3 | CVE-2025-31565 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync allows SQL Injection. This issue affects Bulk Product Sync: from n/a through 8.6. | 2025-04-11 | 9.3 | CVE-2025-31599 |
| n/a -- n/a | HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a 'save' function in 'HAXCMSFile.php'. This save function uses a denylist to block specific file types from being uploaded to the server. This list is non-exhaustive and only blocks '.php', '.sh', '.js', and '.css' files. The existing logic causes the system to "fail open" rather than "fail closed." This vulnerability is fixed in 10.0.3. | 2025-04-08 | 9.9 | CVE-2025-32028 |
| n/a -- n/a | Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail allows Upload a Web Shell to a Web Server. This issue affects WP Remote Thumbnail: from n/a through 1.3.1. | 2025-04-10 | 9.9 | CVE-2025-32140 |
| n/a -- n/a | Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress allows Upload a Web Shell to a Web Server. This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000025. | 2025-04-10 | 9.1 | CVE-2025-32202 |
| n/a -- n/a | Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects allows Upload a Web Shell to a Web Server. This issue affects Processing Projects: from n/a through 1.0.2. | 2025-04-10 | 9.1 | CVE-2025-32206 |
| n/a -- n/a | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. This vulnerability is fixed in 1.4.8. | 2025-04-09 | 9.8 | CVE-2025-32375 |
| n/a -- n/a | wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3. | 2025-04-09 | 9.9 | CVE-2025-32461 |
| n/a -- n/a | Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | 2025-04-07 | 9.8 | CVE-2025-3248 |
| n/a -- n/a | Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO allows Privilege Escalation. This issue affects Rankology SEO – On-site SEO: from n/a through 2.2.3. | 2025-04-11 | 9.8 | CVE-2025-32491 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer allows Upload a Web Shell to a Web Server. This issue affects Ultra Demo Importer: from n/a through 1.0.5. | 2025-04-09 | 9.6 | CVE-2025-32496 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vertim Neon Product Designer allows SQL Injection. This issue affects Neon Product Designer: from n/a through 2.1.1. | 2025-04-11 | 9.3 | CVE-2025-32565 |
| n/a -- n/a | Deserialization of Untrusted Data vulnerability in empik EmpikPlace for Woocommerce allows Object Injection. This issue affects EmpikPlace for Woocommerce: from n/a through 1.4.2. | 2025-04-11 | 9.8 | CVE-2025-32568 |
| n/a -- n/a | Deserialization of Untrusted Data vulnerability in RealMag777 TableOn - WordPress Posts Table Filterable allows Object Injection. This issue affects TableOn - WordPress Posts Table Filterable: from n/a through 1.0.2. | 2025-04-11 | 9.8 | CVE-2025-32569 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop allows Upload a Web Shell to a Web Server. This issue affects WP shop: from n/a through 2.6.0. | 2025-04-09 | 9.6 | CVE-2025-32576 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online allows PHP Local File Inclusion. This issue affects Build App Online: from n/a through 1.0.23. | 2025-04-11 | 9.8 | CVE-2025-32577 |
| n/a -- n/a | Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts allows Upload a Web Shell to a Web Server. This issue affects Sync Posts: from n/a through 1.0. | 2025-04-11 | 9.9 | CVE-2025-32579 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats allows Blind SQL Injection. This issue affects WP Online Users Stats: from n/a through 1.0.0. | 2025-04-11 | 9.3 | CVE-2025-32603 |
| n/a -- n/a | Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly allows Object Injection. This issue affects WpBookingly: from n/a through 1.2.0. | 2025-04-11 | 9.8 | CVE-2025-32607 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor allows Cross Site Request Forgery. This issue affects Anant Addons for Elementor: from n/a through 1.1.5. | 2025-04-09 | 9.6 | CVE-2025-32641 |
| n/a -- n/a | Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation. This issue affects Checkout Mestres WP: from n/a through 8.7.5. | 2025-04-09 | 9.8 | CVE-2025-32695 |
| n/a -- n/a | In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code, because those lookup values lead to incorrect length calculations and incorrect memcpy operations. | 2025-04-10 | 9 | CVE-2025-32743 |
| n/a -- n/a | In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter. | 2025-04-10 | 9.1 | CVE-2025-32754 |
| n/a -- n/a | In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter. | 2025-04-10 | 9.1 | CVE-2025-32755 |
| n/a -- n/a | The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. | 2025-04-08 | 9.8 | CVE-2025-3361 |
| n/a -- n/a | The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. | 2025-04-08 | 9.8 | CVE-2025-3362 |
| n/a -- n/a | The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. | 2025-04-08 | 9.8 | CVE-2025-3363 |
| n/a -- n/a | The Everest Forms - Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | 2025-04-11 | 9.8 | CVE-2025-3439 |
| Apple--iOS and iPadOS | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution. | 2025-04-11 | 8.8 | CVE-2023-42970 |
| Cyberdigm--DestinyECM | Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, which probabilistically enables JSON Hijacking (aka JavaScript Hijacking) via forgery web page.* Due to product customization, version information may differ from the following version description. For further inquiries, please contact the vendor. | 2025-04-07 | 8.8 | CVE-2024-11071 |
| Elastic--Kibana | Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal. | 2025-04-08 | 8.7 | CVE-2024-12556 |
| n/a -- n/a | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices contains a path traversal vulnerability. This could allow an unauthenticated attacker it to access arbitrary files on the device with root privileges. | 2025-04-08 | 8.6 | CVE-2024-41792 |
| n/a -- n/a | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device via ssh. | 2025-04-08 | 8.6 | CVE-2024-41793 |
| Qualcomm, Inc.--Snapdragon | Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards. | 2025-04-07 | 8.2 | CVE-2024-45552 |
| n/a -- n/a | Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expected to be blocked and access resources that would be expected to be protected. | 2025-04-08 | 8.8 | CVE-2024-55354 |
| Huawei--HarmonyOS | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 2025-04-07 | 8.4 | CVE-2024-58124 |
| Huawei--HarmonyOS | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 2025-04-07 | 8.4 | CVE-2024-58125 |
| Huawei--HarmonyOS | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 2025-04-07 | 8.4 | CVE-2024-58126 |
| Huawei--HarmonyOS | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 2025-04-07 | 8.4 | CVE-2024-58127 |
| n/a -- n/a | The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection. This issue affects JPlatform before 10.0.6 and a PatchPlugin release 10.0.6 was issued 2023-02-06. | 2025-04-07 | 8.6 | CVE-2025-0942 |
| n/a -- n/a | IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029. | 2025-04-08 | 8.8 | CVE-2025-1095 |
| n/a -- n/a | Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root. | 2025-04-08 | 8.8 | CVE-2025-20936 |
| n/a -- n/a | Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to pair with specific bluetooth devices without user interaction. | 2025-04-08 | 8.8 | CVE-2025-20946 |
| n/a -- n/a | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | 2025-04-08 | 8.8 | CVE-2025-21205 |
| n/a -- n/a | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | 2025-04-08 | 8.8 | CVE-2025-21221 |
| n/a -- n/a | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | 2025-04-08 | 8.8 | CVE-2025-21222 |
| n/a -- n/a | Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | 2025-04-08 | 8.2 | CVE-2025-22466 |
| n/a -- n/a | In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application. | 2025-04-08 | 8.5 | CVE-2025-23186 |
| n/a -- n/a | A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. | 2025-04-11 | 8.2 | CVE-2025-23388 |
| n/a -- n/a | A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. | 2025-04-11 | 8.4 | CVE-2025-23389 |
| n/a -- n/a | OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product. | 2025-04-09 | 8.8 | CVE-2025-25053 |
| n/a -- n/a | The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'st_Authentication_Controller::edit_profile' function in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2025-04-08 | 8.8 | CVE-2025-2525 |
| n/a -- n/a | The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. | 2025-04-08 | 8.8 | CVE-2025-2526 |
| n/a -- n/a | Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. | 2025-04-08 | 8.8 | CVE-2025-26647 |
| n/a -- n/a | Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. | 2025-04-08 | 8.1 | CVE-2025-26663 |
| n/a -- n/a | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-04-08 | 8.8 | CVE-2025-26669 |
| n/a -- n/a | Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. | 2025-04-08 | 8.1 | CVE-2025-26670 |
| n/a -- n/a | Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | 2025-04-08 | 8.1 | CVE-2025-26671 |
| n/a -- n/a | Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally. | 2025-04-08 | 8.4 | CVE-2025-26678 |
| n/a -- n/a | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | 2025-04-08 | 8.8 | CVE-2025-27477 |
| n/a -- n/a | Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | 2025-04-08 | 8.1 | CVE-2025-27480 |
| n/a -- n/a | Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | 2025-04-08 | 8.8 | CVE-2025-27481 |
| n/a -- n/a | Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | 2025-04-08 | 8.1 | CVE-2025-27482 |
| n/a -- n/a | Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. | 2025-04-08 | 8 | CVE-2025-27487 |
| n/a -- n/a | Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally. | 2025-04-08 | 8.6 | CVE-2025-27737 |
| n/a -- n/a | Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network. | 2025-04-08 | 8.8 | CVE-2025-27740 |
| n/a -- n/a | MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation. | 2025-04-10 | 8.1 | CVE-2025-27812 |
| n/a -- n/a | MSI Center before 2.0.52.0 has Missing PE Signature Validation. | 2025-04-10 | 8.1 | CVE-2025-27813 |
| n/a -- n/a | The Motors - Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins on the affected site's server which may make remote code execution possible. | 2025-04-08 | 8.8 | CVE-2025-2807 |
| ruoyi -- ruoyi | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId | 2025-04-07 | 8.8 | CVE-2025-28407 |
| ruoyi -- ruoyi | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId | 2025-04-07 | 8.8 | CVE-2025-28409 |
| n/a -- n/a | A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php. | 2025-04-10 | 8.8 | CVE-2025-29017 |
| n/a -- n/a | jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the set_password function in application/controllers/home.php. | 2025-04-09 | 8.8 | CVE-2025-29390 |
| n/a -- n/a | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 2025-04-08 | 8.8 | CVE-2025-29794 |
| n/a -- n/a | Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | 2025-04-08 | 8.3 | CVE-2025-29986 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 8 | CVE-2025-30284 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 8 | CVE-2025-30285 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. | 2025-04-08 | 8 | CVE-2025-30286 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass authentication mechanisms and execute code with the privileges of the authenticated user. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application. | 2025-04-08 | 8.1 | CVE-2025-30287 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to access files and directories that are stored outside the intended restricted directory. Exploitation of this issue requires user interaction. | 2025-04-08 | 8.7 | CVE-2025-30290 |
| apache -- airflow_common_sql_provider | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow Common SQL Provider. When using the partition clause in SQLTableCheckOperator as parameter (which was a recommended pattern), Authenticated UI User could inject arbitrary SQL command when triggering DAG exposing partition_clause to the user. This allowed the DAG Triggering user to escalate privileges to execute those arbitrary commands which they normally would not have. This issue affects Apache Airflow Common SQL Provider: before 1.24.1. Users are recommended to upgrade to version 1.24.1, which fixes the issue. | 2025-04-07 | 8.8 | CVE-2025-30473 |
| n/a -- n/a | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet DyaPress ERP/CRM allows PHP Local File Inclusion. This issue affects DyaPress ERP/CRM: from n/a through 18.0.2.0. | 2025-04-10 | 8.1 | CVE-2025-30582 |
| n/a -- n/a | The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelist_options() function. This makes it possible for unauthenticated attackers to update the default role option that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances. | 2025-04-08 | 8.8 | CVE-2025-3064 |
| n/a -- n/a | The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key. | 2025-04-10 | 8.1 | CVE-2025-3102 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags allows Cross Site Request Forgery. This issue affects Seo Meta Tags: from n/a through 1.4. | 2025-04-09 | 8.8 | CVE-2025-31023 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in WPSolr free WPSolr allows Privilege Escalation. This issue affects WPSolr: from n/a through 24.0. | 2025-04-09 | 8.8 | CVE-2025-31036 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs allows Privilege Escalation. This issue affects Essential Breadcrumbs: from n/a through 1.1.1. | 2025-04-09 | 8.8 | CVE-2025-31038 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound WP Food ordering and Restaurant Menu allows PHP Local File Inclusion. This issue affects WP Food ordering and Restaurant Menu: from n/a through 1.1. | 2025-04-11 | 8.1 | CVE-2025-31040 |
| Huawei--HarmonyOS | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 2025-04-07 | 8.4 | CVE-2025-31170 |
| Huawei--HarmonyOS | Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-04-07 | 8.8 | CVE-2025-31173 |
| Huawei--HarmonyOS | Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity. | 2025-04-07 | 8.4 | CVE-2025-31175 |
| n/a -- n/a | Incorrect Privilege Assignment vulnerability in NotFound WP User Profiles allows Privilege Escalation. This issue affects WP User Profiles: from n/a through 2.6.2. | 2025-04-10 | 8.8 | CVE-2025-31524 |
| n/a -- n/a | Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1. | 2025-04-08 | 8.8 | CVE-2025-32017 |
| n/a -- n/a | Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the user or via maliciously crafted context, to automatically write to files outside of the opened workspace. This behavior required deliberate prompting, making successful exploitation highly impractical in real-world scenarios. Furthermore, the edited file was still displayed in the UI as usual for user review, making it unlikely for the edit to go unnoticed by the user. This vulnerability is fixed in 0.48.7. | 2025-04-08 | 8 | CVE-2025-32018 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce allows Blind SQL Injection. This issue affects CardGate Payments for WooCommerce: from n/a through 3.2.1. | 2025-04-10 | 8.2 | CVE-2025-32119 |
| n/a -- n/a | Deserialization of Untrusted Data vulnerability in PickPlugins Accordion allows Object Injection. This issue affects Accordion: from n/a through 2.3.10. | 2025-04-11 | 8.8 | CVE-2025-32143 |
| n/a -- n/a | Deserialization of Untrusted Data vulnerability in PickPlugins Job Board Manager allows Object Injection. This issue affects Job Board Manager: from n/a through 2.1.60. | 2025-04-11 | 8.8 | CVE-2025-32144 |
| n/a -- n/a | Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.3.5. | 2025-04-10 | 8.8 | CVE-2025-32145 |
| n/a -- n/a | The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions. | 2025-04-11 | 8.6 | CVE-2025-32367 |
| n/a -- n/a | An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response. | 2025-04-08 | 8.6 | CVE-2025-32406 |
| n/a -- n/a | Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of both directory traversal and unintended handling of concurrency. | 2025-04-07 | 8.1 | CVE-2025-32409 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonate allows PHP Local File Inclusion. This issue affects IDonate: from n/a through 2.1.8. | 2025-04-11 | 8.1 | CVE-2025-32519 |
| n/a -- n/a | Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eazy Plugin Manager: from n/a through 4.3.0. | 2025-04-11 | 8.8 | CVE-2025-32542 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP allows Blind SQL Injection. This issue affects All push notification for WP: from n/a through 1.5.3. | 2025-04-09 | 8.2 | CVE-2025-32547 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ketanajani Duplicate Title Checker allows Blind SQL Injection. This issue affects Duplicate Title Checker: from n/a through 1.2. | 2025-04-11 | 8.5 | CVE-2025-32558 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dev02ali Easy Post Duplicator allows SQL Injection. This issue affects Easy Post Duplicator: from n/a through 1.0.1. | 2025-04-11 | 8.5 | CVE-2025-32567 |
| n/a -- n/a | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pickupp WooCommerce Pickupp allows PHP Local File Inclusion. This issue affects WooCommerce Pickupp: from n/a through 2.4.0. | 2025-04-11 | 8.1 | CVE-2025-32587 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in odude Flexi - Guest Submit allows PHP Local File Inclusion. This issue affects Flexi - Guest Submit: from n/a through 4.28. | 2025-04-11 | 8.1 | CVE-2025-32589 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON allows PHP Local File Inclusion. This issue affects EventON: from n/a through 2.3.2. | 2025-04-11 | 8.8 | CVE-2025-32614 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.43. | 2025-04-11 | 8.5 | CVE-2025-32618 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion. This issue affects JS Job Manager: from n/a through 2.0.2. | 2025-04-11 | 8.1 | CVE-2025-32627 |
| n/a -- n/a | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Path Traversal. This issue affects WP-BusinessDirectory: from n/a through 3.1.2. | 2025-04-11 | 8.6 | CVE-2025-32629 |
| n/a -- n/a | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in oxygensuite Oxygen MyData for WooCommerce allows Path Traversal. This issue affects Oxygen MyData for WooCommerce: from n/a through 1.0.63. | 2025-04-11 | 8.6 | CVE-2025-32631 |
| n/a -- n/a | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in neoslab Database Toolset allows Path Traversal. This issue affects Database Toolset: from n/a through 1.8.4. | 2025-04-11 | 8.6 | CVE-2025-32633 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ability, Inc Accessibility Suite by Online ADA allows SQL Injection. This issue affects Accessibility Suite by Online ADA: from n/a through 4.18. | 2025-04-11 | 8.5 | CVE-2025-32650 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.65. | 2025-04-11 | 8.1 | CVE-2025-32654 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Testimonial Slider And Showcase Pro allows PHP Local File Inclusion. This issue affects Testimonial Slider And Showcase Pro: from n/a through 2.3.15. | 2025-04-11 | 8.1 | CVE-2025-32656 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Cooming Soon allows PHP Local File Inclusion. This issue affects FAT Cooming Soon: from n/a through 1.1. | 2025-04-11 | 8.1 | CVE-2025-32663 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager allows PHP Local File Inclusion. This issue affects Real Estate Manager: from n/a through 7.3. | 2025-04-10 | 8.1 | CVE-2025-32668 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion. This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.9. | 2025-04-11 | 8.1 | CVE-2025-32672 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer allows Blind SQL Injection. This issue affects Error Log Viewer: from n/a through 1.0.5. | 2025-04-11 | 8.5 | CVE-2025-32681 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce allows SQL Injection. This issue affects Review Stars Count For WooCommerce: from n/a through 2.0. | 2025-04-10 | 8.5 | CVE-2025-32687 |
| tenda -- ac1206_firmware | A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-07 | 8.8 | CVE-2025-3328 |
| Tenda--AC7 | A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. Affected by this issue is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument pptp_server_start_ip/pptp_server_end_ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 8.8 | CVE-2025-3346 |
| n/a -- n/a | The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-04-10 | 8.8 | CVE-2025-3417 |
| n/a -- n/a | The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajax_edit_save() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator. | 2025-04-12 | 8.8 | CVE-2025-3418 |
| n/a -- n/a | A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using the archiver.Unarchive functionality with ZIP files, like this: archiver.Unarchive(zipFile, outputDir), A crafted ZIP file can be extracted in such a way that it writes files to the affected system with the same privileges as the application executing this vulnerable functionality. Consequently, sensitive files may be overwritten, potentially leading to privilege escalation, code execution, and other severe outcomes in some cases. It's worth noting that a similar vulnerability was found in TAR files (CVE-2024-0406). Although a fix was implemented, it hasn't been officially released, and the affected project has since been deprecated. The successor to mholt/archiver is a new project called mholt/archives, and its initial release (v0.1.0) removes the Unarchive() functionality. | 2025-04-13 | 8.1 | CVE-2025-3445 |
| n/a -- n/a | A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. | 2025-04-13 | 8.8 | CVE-2025-3538 |
| n/a -- n/a | A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 2025-04-13 | 8 | CVE-2025-3539 |
| n/a -- n/a | A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGI_WizardProtoProcess of the file /api/wizard/getCapability of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 2025-04-13 | 8 | CVE-2025-3540 |
| n/a -- n/a | A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGI_WizardProtoProcess of the file /api/wizard/getSpecs of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 2025-04-13 | 8 | CVE-2025-3541 |
| propanetank--Roommate-Bill-Tracking | A vulnerability was found in propanetank Roommate-Bill-Tracking up to 288437f658fc9ee7d4b92a9da12557024d8bc55c. It has been declared as critical. This vulnerability affects unknown code of the file /includes/login.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The name of the patch is b32bb1b940f82d38fb9310cd66ebe349e20a1d0a. It is recommended to apply a patch to fix this issue. | 2025-04-09 | 7.3 | CVE-2017-20197 |
| Fortinet--FortiOS | Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities in Fortinet FortiOS SSL VPN webmode version 7.4.0, version 7.2.0 through 7.2.5, version 7.0.1 through 7.0.11 and version 6.4.7 through 6.4.14 and Fortinet FortiProxy SSL VPN webmode version 7.2.0 through 7.2.6 and version 7.0.0 through 7.0.12 allows a VPN user to corrupt memory potentially leading to code or commands execution via specifically crafted requests. | 2025-04-08 | 7.5 | CVE-2023-37930 |
| Apple--macOS | An app may be able to elevate privileges. This issue is fixed in macOS 14. This issue was addressed by removing the vulnerable code. | 2025-04-11 | 7.3 | CVE-2023-41076 |
| Apple--iOS and iPadOS | Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling. | 2025-04-11 | 7.3 | CVE-2023-42875 |
| Apple--iOS and iPadOS | A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to break out of its sandbox. | 2025-04-11 | 7.8 | CVE-2023-42977 |
| Sophos--Taegis Endpoint Agent (Linux) | A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected. | 2025-04-11 | 7.8 | CVE-2024-13861 |
| Unknown--Feedify | The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-04-10 | 7.1 | CVE-2024-13874 |
| n/a -- n/a | A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device | 2025-04-08 | 7.5 | CVE-2024-26013 |
| Qualcomm, Inc.--Snapdragon | Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. | 2025-04-07 | 7.5 | CVE-2024-33058 |
| n/a -- n/a | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. This could allow an unauthenticated remote attacker to read or clear the log files on the device, reset the device or set the date and time. | 2025-04-08 | 7.3 | CVE-2024-41791 |
| Qualcomm, Inc.--Snapdragon | Memory corruption while processing IOCTL calls. | 2025-04-07 | 7.8 | CVE-2024-43058 |
| Qualcomm, Inc.--Snapdragon | Cryptographic issues while generating an asymmetric key pair for RKP use cases. | 2025-04-07 | 7.1 | CVE-2024-43065 |
| Qualcomm, Inc.--Snapdragon | Memory corruption while handling file descriptor during listener registration/de-registration. | 2025-04-07 | 7.8 | CVE-2024-43066 |
| Qualcomm, Inc.--Snapdragon | Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory. | 2025-04-07 | 7.8 | CVE-2024-43067 |
| Qualcomm, Inc.--Snapdragon | Information disclosure while creating MQ channels. | 2025-04-07 | 7.7 | CVE-2024-45549 |
| Qualcomm, Inc.--Snapdragon | Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation. | 2025-04-07 | 7.8 | CVE-2024-45557 |
| n/a -- n/a | A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b. | 2025-04-11 | 7.7 | CVE-2024-52280 |
| n/a -- n/a | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests. | 2025-04-08 | 7.2 | CVE-2024-54024 |
| Huawei--HarmonyOS | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-04-07 | 7.5 | CVE-2024-58107 |
| Huawei--HarmonyOS | Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | 2025-04-07 | 7.5 | CVE-2024-58111 |
| Huawei--HarmonyOS | Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | 2025-04-07 | 7.5 | CVE-2024-58112 |
| n/a -- n/a | Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device. | 2025-04-10 | 7.5 | CVE-2025-1073 |
| n/a -- n/a | Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429. | 2025-04-09 | 7.7 | CVE-2025-1968 |
| mediatek -- mt2735_firmware | In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01519028; Issue ID: MSV-2768. | 2025-04-07 | 7.5 | CVE-2025-20659 |
| mediatek -- software_development_kit | In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00408868; Issue ID: MSV-3031. | 2025-04-07 | 7.5 | CVE-2025-20663 |
| mediatek -- software_development_kit | In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406217; Issue ID: MSV-2773. | 2025-04-07 | 7.5 | CVE-2025-20664 |
| n/a -- n/a | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | 2025-04-08 | 7.5 | CVE-2025-21174 |
| n/a -- n/a | Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7 | CVE-2025-21191 |
| n/a -- n/a | Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-21204 |
| Qualcomm, Inc.--Snapdragon | Memory corruption while processing escape code in API. | 2025-04-07 | 7.8 | CVE-2025-21421 |
| Qualcomm, Inc.--Snapdragon | Memory corruption occurs when handling client calls to EnableTestMode through an Escape call. | 2025-04-07 | 7.8 | CVE-2025-21423 |
| Qualcomm, Inc.--Snapdragon | Memory corruption may occur due top improper access control in HAB process. | 2025-04-07 | 7.3 | CVE-2025-21425 |
| Qualcomm, Inc.--Snapdragon | Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session. | 2025-04-07 | 7.5 | CVE-2025-21428 |
| Qualcomm, Inc.--Snapdragon | Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. | 2025-04-07 | 7.5 | CVE-2025-21429 |
| Qualcomm, Inc.--Snapdragon | Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. | 2025-04-07 | 7.5 | CVE-2025-21430 |
| Qualcomm, Inc.--Snapdragon | Transient DOS may occur while parsing EHT operation IE or EHT capability IE. | 2025-04-07 | 7.5 | CVE-2025-21434 |
| Qualcomm, Inc.--Snapdragon | Transient DOS may occur while parsing extended IE in beacon. | 2025-04-07 | 7.5 | CVE-2025-21435 |
| Qualcomm, Inc.--Snapdragon | Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads. | 2025-04-07 | 7.8 | CVE-2025-21436 |
| Qualcomm, Inc.--Snapdragon | Memory corruption while processing memory map or unmap IOCTL operations simultaneously. | 2025-04-07 | 7.8 | CVE-2025-21437 |
| Qualcomm, Inc.--Snapdragon | Memory corruption while IOCTL call is invoked from user-space to read board data. | 2025-04-07 | 7.8 | CVE-2025-21438 |
| Qualcomm, Inc.--Snapdragon | Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer. | 2025-04-07 | 7.8 | CVE-2025-21439 |
| Qualcomm, Inc.--Snapdragon | Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. | 2025-04-07 | 7.8 | CVE-2025-21440 |
| Qualcomm, Inc.--Snapdragon | Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. | 2025-04-07 | 7.8 | CVE-2025-21441 |
| Qualcomm, Inc.--Snapdragon | Memory corruption while transmitting packet mapping information with invalid header payload size. | 2025-04-07 | 7.8 | CVE-2025-21442 |
| Qualcomm, Inc.--Snapdragon | Memory corruption while processing message content in eAVB. | 2025-04-07 | 7.8 | CVE-2025-21443 |
| Qualcomm, Inc.--Snapdragon | Memory corruption may occur while processing device IO control call for session control. | 2025-04-07 | 7.8 | CVE-2025-21447 |
| Qualcomm, Inc.--Snapdragon | Transient DOS may occur while parsing SSID in action frames. | 2025-04-07 | 7.5 | CVE-2025-21448 |
| n/a -- n/a | A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition. Continuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition. This issue affects Junos OS: * from 23.1R1 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R2. This issue isn't applicable to any versions of Junos OS before 23.1R1. This issue doesn't affect vSRX Series which doesn't support DHCP Snooping. This issue doesn't affect Junos OS Evolved. There are no indicators of compromise for this issue. | 2025-04-09 | 7.4 | CVE-2025-21591 |
| n/a -- n/a | An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS). In a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and prefix-length is set to 56, the ports assigned to the user will not be freed. Eventually, users cannot establish new connections. Affected FPC/PIC need to be manually restarted to recover. Following is the command to identify the issue: user@host> show services nat source port-block Host_IP External_IP Port_Block Ports_Used/ Block_State/ Range Ports_Total Left_Time(s) 2001:: x.x.x.x 58880-59391 256/256*1 Active/- >>>>>>>>port still usedThis issue affects Junos OS on MX Series: * from 21.2 before 21.2R3-S8, * from 21.4 before 21.4R3-S7, * from 22.1 before 22.1R3-S6, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R1-S2, 23.4R2. This issue does not affect versions before 20.2R1. | 2025-04-09 | 7.5 | CVE-2025-21594 |
| n/a -- n/a | An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive. Continuous receipt of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Junos OS: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S4, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R1-S1, 24.2R2. An indicator of compromise is to review the CPU % of the httpd process in the CLI: e.g. show system processes extensive | match httpd PID nobody 52 0 20M 191M select 2 0:01 80.00% httpd{httpd} <<<<< the percentage of httpd usage if high may be an indicator | 2025-04-09 | 7.5 | CVE-2025-21601 |
| n/a -- n/a | CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following man in the middle attack. | 2025-04-09 | 7.8 | CVE-2025-2222 |
| n/a -- n/a | CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when a malicious project file is loaded by a user from the local system. | 2025-04-09 | 7.8 | CVE-2025-2223 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetCompareWishlist allows PHP Local File Inclusion.This issue affects JetCompareWishlist: from n/a through 1.5.9. | 2025-04-10 | 7.5 | CVE-2025-22279 |
| n/a -- n/a | DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System. | 2025-04-08 | 7.8 | CVE-2025-22458 |
| n/a -- n/a | SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution. | 2025-04-08 | 7.2 | CVE-2025-22461 |
| n/a -- n/a | An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations. | 2025-04-10 | 7.2 | CVE-2025-23008 |
| n/a -- n/a | A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1. | 2025-04-10 | 7.8 | CVE-2025-23386 |
| n/a -- n/a | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-24058 |
| n/a -- n/a | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-24060 |
| n/a -- n/a | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-24062 |
| n/a -- n/a | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-24073 |
| n/a -- n/a | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-24074 |
| n/a -- n/a | Insufficient state checks lead to a vector that allows to bypass 2FA checks. | 2025-04-08 | 7.5 | CVE-2025-25227 |
| n/a -- n/a | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to access and modify the filesystem via crafted requests. | 2025-04-08 | 7.2 | CVE-2025-25254 |
| n/a -- n/a | There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. | 2025-04-09 | 7.3 | CVE-2025-2629 |
| n/a -- n/a | There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. | 2025-04-09 | 7.3 | CVE-2025-2630 |
| n/a -- n/a | Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. | 2025-04-09 | 7.8 | CVE-2025-2631 |
| n/a -- n/a | Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. | 2025-04-09 | 7.8 | CVE-2025-2632 |
| n/a -- n/a | Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account. | 2025-04-10 | 7 | CVE-2025-26330 |
| n/a -- n/a | Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally. | 2025-04-08 | 7.3 | CVE-2025-26628 |
| n/a -- n/a | Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-26639 |
| n/a -- n/a | Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7 | CVE-2025-26640 |
| n/a -- n/a | Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network. | 2025-04-08 | 7.5 | CVE-2025-26641 |
| n/a -- n/a | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-26642 |
| n/a -- n/a | Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-26648 |
| n/a -- n/a | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7 | CVE-2025-26649 |
| n/a -- n/a | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | 2025-04-08 | 7.5 | CVE-2025-26652 |
| n/a -- n/a | Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7 | CVE-2025-26665 |
| n/a -- n/a | Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-26666 |
| n/a -- n/a | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | 2025-04-08 | 7.5 | CVE-2025-26668 |
| n/a -- n/a | Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | 2025-04-08 | 7.5 | CVE-2025-26673 |
| n/a -- n/a | Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-26674 |
| n/a -- n/a | Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-26675 |
| n/a -- n/a | Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-26679 |
| n/a -- n/a | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | 2025-04-08 | 7.5 | CVE-2025-26680 |
| n/a -- n/a | Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | 2025-04-08 | 7.5 | CVE-2025-26682 |
| n/a -- n/a | Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | 2025-04-08 | 7.5 | CVE-2025-26686 |
| n/a -- n/a | Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. | 2025-04-08 | 7.5 | CVE-2025-26687 |
| n/a -- n/a | Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-26688 |
| n/a -- n/a | Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying host operating system. | 2025-04-08 | 7.2 | CVE-2025-27082 |
| n/a -- n/a | Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system. | 2025-04-08 | 7.2 | CVE-2025-27083 |
| n/a -- n/a | After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-27182 |
| n/a -- n/a | After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-27183 |
| n/a -- n/a | Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-27193 |
| n/a -- n/a | Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-27194 |
| n/a -- n/a | Media Encoder versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-27195 |
| n/a -- n/a | Premiere Pro versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-27196 |
| n/a -- n/a | Photoshop Desktop versions 25.12.1, 26.4.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-27198 |
| n/a -- n/a | Animate versions 24.0.7, 23.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-27199 |
| n/a -- n/a | Animate versions 24.0.7, 23.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-27200 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Vice Versa allows Reflected XSS.This issue affects Vice Versa: from n/a through 2.2.3. | 2025-04-10 | 7.1 | CVE-2025-27350 |
| n/a -- n/a | Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on confidentiality. There is no impact on integrity or availability. | 2025-04-08 | 7.7 | CVE-2025-27428 |
| n/a -- n/a | Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-27467 |
| n/a -- n/a | Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | 2025-04-08 | 7.5 | CVE-2025-27469 |
| n/a -- n/a | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | 2025-04-08 | 7.5 | CVE-2025-27470 |
| n/a -- n/a | Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. | 2025-04-08 | 7.5 | CVE-2025-27473 |
| n/a -- n/a | Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7 | CVE-2025-27475 |
| n/a -- n/a | Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-27476 |
| n/a -- n/a | Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7 | CVE-2025-27478 |
| n/a -- n/a | Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network. | 2025-04-08 | 7.5 | CVE-2025-27479 |
| n/a -- n/a | Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-27483 |
| n/a -- n/a | Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network. | 2025-04-08 | 7.5 | CVE-2025-27484 |
| n/a -- n/a | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | 2025-04-08 | 7.5 | CVE-2025-27485 |
| n/a -- n/a | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | 2025-04-08 | 7.5 | CVE-2025-27486 |
| n/a -- n/a | Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-27489 |
| n/a -- n/a | Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-27490 |
| n/a -- n/a | Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network. | 2025-04-08 | 7.1 | CVE-2025-27491 |
| n/a -- n/a | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7 | CVE-2025-27492 |
| n/a -- n/a | Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-27727 |
| n/a -- n/a | Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-27728 |
| n/a -- n/a | Use after free in Windows Shell allows an unauthorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-27729 |
| n/a -- n/a | Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-27730 |
| n/a -- n/a | Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-27731 |
| n/a -- n/a | Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7 | CVE-2025-27732 |
| n/a -- n/a | Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-27733 |
| n/a -- n/a | Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-27739 |
| n/a -- n/a | Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-27741 |
| n/a -- n/a | Untrusted search path in System Center allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-27743 |
| n/a -- n/a | Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-27744 |
| n/a -- n/a | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-27745 |
| n/a -- n/a | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-27746 |
| n/a -- n/a | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-27747 |
| n/a -- n/a | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-27748 |
| n/a -- n/a | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-27749 |
| n/a -- n/a | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-27750 |
| n/a -- n/a | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-27751 |
| n/a -- n/a | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-27752 |
| n/a -- n/a | Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information. | 2025-04-09 | 7.5 | CVE-2025-27934 |
| n/a -- n/a | The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-04-10 | 7.3 | CVE-2025-2805 |
| n/a -- n/a | The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-04-10 | 7.3 | CVE-2025-2809 |
| ruoyi -- ruoyi | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings | 2025-04-07 | 7.2 | CVE-2025-28403 |
| n/a -- n/a | An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITE_DBCONFIG_LOOKASIDE component | 2025-04-10 | 7.5 | CVE-2025-29088 |
| n/a -- n/a | Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores. | 2025-04-09 | 7.6 | CVE-2025-29189 |
| n/a -- n/a | horvey Library-Manager v1.0 is vulnerable to SQL Injection in Admin/Controller/BookController.class.php. | 2025-04-09 | 7.2 | CVE-2025-29391 |
| n/a -- n/a | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-29791 |
| n/a -- n/a | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.3 | CVE-2025-29792 |
| n/a -- n/a | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 2025-04-08 | 7.2 | CVE-2025-29793 |
| n/a -- n/a | Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-29800 |
| n/a -- n/a | Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-29801 |
| n/a -- n/a | Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.3 | CVE-2025-29802 |
| n/a -- n/a | Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. | 2025-04-12 | 7.3 | CVE-2025-29803 |
| n/a -- n/a | Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.3 | CVE-2025-29804 |
| n/a -- n/a | Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. | 2025-04-08 | 7.5 | CVE-2025-29805 |
| n/a -- n/a | Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. | 2025-04-08 | 7.1 | CVE-2025-29809 |
| n/a -- n/a | Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | 2025-04-08 | 7.5 | CVE-2025-29810 |
| n/a -- n/a | Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-29811 |
| n/a -- n/a | Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-29812 |
| n/a -- n/a | Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network. | 2025-04-08 | 7.5 | CVE-2025-29816 |
| n/a -- n/a | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-29820 |
| n/a -- n/a | Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally. | 2025-04-08 | 7.8 | CVE-2025-29822 |
| n/a -- n/a | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-04-08 | 7.8 | CVE-2025-29823 |
| microsoft -- windows_10_1607 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 7.8 | CVE-2025-29824 |
| n/a -- n/a | Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 2025-04-12 | 7.5 | CVE-2025-29834 |
| n/a -- n/a | Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information. | 2025-04-09 | 7.5 | CVE-2025-29870 |
| n/a -- n/a | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues. | 2025-04-10 | 7.5 | CVE-2025-29915 |
| n/a -- n/a | SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected. | 2025-04-08 | 7.7 | CVE-2025-30014 |
| n/a -- n/a | Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. | 2025-04-08 | 7.5 | CVE-2025-30151 |
| n/a -- n/a | An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would like to thank Volodymyr Ilyin for bringing this issue to our attention. | 2025-04-07 | 7.5 | CVE-2025-30195 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | 2025-04-08 | 7.8 | CVE-2025-30288 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. | 2025-04-08 | 7.5 | CVE-2025-30289 |
| adobe -- framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-30295 |
| adobe -- framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-30296 |
| adobe -- framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-30297 |
| adobe -- framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-30298 |
| adobe -- framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-30299 |
| adobe -- framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 7.8 | CVE-2025-30304 |
| n/a -- n/a | A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Under a rare timing scenario outside the attacker's control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component. This issue affects Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R2. | 2025-04-09 | 7.5 | CVE-2025-30644 |
| n/a -- n/a | A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS). Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition. On all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts. This issue affects Junos OS on SRX Series: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2. | 2025-04-09 | 7.5 | CVE-2025-30645 |
| n/a -- n/a | An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS). When a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes, which will lead to the unavailability of the DHCP service and thereby resulting in a sustained DoS. The DHCP process will restart automatically to recover the service. This issue will occur when dhcp-security is enabled. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S10, * from 22.2 before 22.2R3-S6, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2; Junos OS Evolved: * from 22.4 before 22.4R3-S6-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO. . | 2025-04-09 | 7.4 | CVE-2025-30648 |
| n/a -- n/a | An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs. Continued receipt and processing of these specific packets will sustain the DoS condition. This issue affects Junos OS: * All versions before 22.2R3-S6, * from 22.4 before 22.4R3-S4, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R1-S2, 24.2R2 An indicator of compromise will indicate the SPC3 SPUs utilization has spiked. For example: user@device> show services service-sets summary Service sets CPU Interface configured Bytes used Session bytes used Policy bytes used utilization "interface" 1 "bytes" (percent%) "sessions" ("percent"%) "bytes" ("percent"%) 99.97 % OVLD <<<<<< look for high CPU usage | 2025-04-09 | 7.5 | CVE-2025-30649 |
| n/a -- n/a | A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When an attacker sends a specific ICMPv6 packet to an interface with "protocols router-advertisement" configured, rpd crashes and restarts. Continued receipt of this packet will cause a sustained DoS condition. This issue only affects systems configured with IPv6. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S10, * from 22.2 before 22.2R3-S6, * from 22.4 before 22.4R3-S4, * from 23.2 before 23.2R2-S2, * from 23.4 before 23.4R2; and Junos OS Evolved: * All versions before 21.2R3-S9-EVO, * from 21.4-EVO before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO, * from 22.4-EVO before 22.4R3-S4-EVO, * from 23.2-EVO before 23.2R2-S2-EVO, * from 23.4-EVO before 23.4R2-EVO. | 2025-04-09 | 7.5 | CVE-2025-30651 |
| n/a -- n/a | An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, subsequent SIP invites will cause the crash again and lead to a sustained DoS. This issue affects Junos OS on MX Series and SRX Series: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R1-S2, 24.2R2. | 2025-04-09 | 7.5 | CVE-2025-30656 |
| n/a -- n/a | A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in Juniper Buffers (jbufs) which are never released. When these jbufs are exhausted, the device stops forwarding all transit traffic. A jbuf memory leak can be noticed from the following logs: (<node>.)<fpc> Warning: jbuf pool id <#> utilization level (<current level>%) is above <threshold>%! To recover from this issue, the affected device needs to be manually rebooted to free the leaked jbufs. This issue affects Junos OS on SRX Series: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R2. | 2025-04-09 | 7.5 | CVE-2025-30658 |
| n/a -- n/a | An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart. This issue affects Junos OS on SRX Series: * All 21.4 versions, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2. This issue does not affect versions before 21.4. | 2025-04-09 | 7.5 | CVE-2025-30659 |
| n/a -- n/a | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop. When this issue occurs the following logs can be observed: <fpc #> MQSS(0): LI-3: Received a parcel with more than 512B accompanying data CHASSISD_FPC_ASIC_ERROR: ASIC Error detected <...> This issue affects Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S4, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S2, * 23.4 versions before 23.4R2. | 2025-04-09 | 7.5 | CVE-2025-30660 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ho3einie Material Dashboard allows PHP Local File Inclusion. This issue affects Material Dashboard: from n/a through 1.4.5. | 2025-04-11 | 7.5 | CVE-2025-31014 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! - MailHawk allows PHP Local File Inclusion. This issue affects WordPress SMTP Service, Email Delivery Solved! - MailHawk: from n/a through 1.3.1. | 2025-04-11 | 7.5 | CVE-2025-31015 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dolby_uk Mobile Smart allows Reflected XSS. This issue affects Mobile Smart: from n/a through v1.3.16. | 2025-04-11 | 7.1 | CVE-2025-31021 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Austin Comment Validation Reloaded allows Stored XSS. This issue affects Comment Validation Reloaded: from n/a through 0.5. | 2025-04-09 | 7.1 | CVE-2025-31026 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Hide Categories allows Reflected XSS. This issue affects WP Hide Categories: from n/a through 1.0. | 2025-04-11 | 7.1 | CVE-2025-31028 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway allows Stored XSS. This issue affects Pagopar – WooCommerce Gateway: from n/a through 2.7.1. | 2025-04-09 | 7.1 | CVE-2025-31032 |
| n/a -- n/a | Missing Authorization vulnerability in NotFound AnyTrack Affiliate Link Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AnyTrack Affiliate Link Manager: from n/a through 1.0.4. | 2025-04-11 | 7.5 | CVE-2025-31041 |
| Huawei--HarmonyOS | Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-04-07 | 7.8 | CVE-2025-31172 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled allows Stored XSS. This issue affects Scheduled: from n/a through 1.0. | 2025-04-09 | 7.1 | CVE-2025-31375 |
| n/a -- n/a | Missing Authorization vulnerability in Asaquzzaman mishu Woo Product Feed For Marketing Channels allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Product Feed For Marketing Channels: from n/a through 1.9.0. | 2025-04-09 | 7.5 | CVE-2025-31377 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danbwb Oppso Unit Converter allows Reflected XSS. This issue affects Oppso Unit Converter: from n/a through 1.1.1. | 2025-04-11 | 7.1 | CVE-2025-31378 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in programphases Insert HTML Here allows Reflected XSS. This issue affects Insert HTML Here: from n/a through 1.0. | 2025-04-11 | 7.1 | CVE-2025-31379 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in theode Language Field allows Stored XSS. This issue affects Language Field: from n/a through 0.9. | 2025-04-09 | 7.1 | CVE-2025-31382 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in FrescoChat Live Chat allows Stored XSS. This issue affects FrescoChat Live Chat: from n/a through 3.2.6. | 2025-04-09 | 7.1 | CVE-2025-31383 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Site Table of Contents allows Stored XSS. This issue affects Site Table of Contents: from n/a through 0.3. | 2025-04-09 | 7.1 | CVE-2025-31385 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in doa The World allows Stored XSS. This issue affects The World: from n/a through 0.4. | 2025-04-09 | 7.1 | CVE-2025-31388 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in bdoga Social Crowd allows Stored XSS. This issue affects Social Crowd: from n/a through 0.9.6.1. | 2025-04-09 | 7.1 | CVE-2025-31390 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in regen Script Compressor allows Stored XSS. This issue affects Script Compressor: from n/a through 1.7.1. | 2025-04-09 | 7.1 | CVE-2025-31391 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Shameem Reza Smart Product Gallery Slider allows Cross Site Request Forgery. This issue affects Smart Product Gallery Slider: from n/a through 1.0.4. | 2025-04-09 | 7.1 | CVE-2025-31392 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in vfvalent Social Bookmarking RELOADED allows Stored XSS. This issue affects Social Bookmarking RELOADED: from n/a through 3.18. | 2025-04-09 | 7.1 | CVE-2025-31393 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey (trepmal) More Mime Type Filters allows Stored XSS. This issue affects More Mime Type Filters: from n/a through 0.3. | 2025-04-09 | 7.1 | CVE-2025-31394 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in a.ankit Easy Custom CSS allows Stored XSS. This issue affects Easy Custom CSS: from n/a through 1.0. | 2025-04-09 | 7.1 | CVE-2025-31395 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Chandan Garg CG Scroll To Top allows Stored XSS. This issue affects CG Scroll To Top: from n/a through 3.5. | 2025-04-09 | 7.1 | CVE-2025-31399 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in icyleaf WS Audio Player allows Stored XSS. This issue affects WS Audio Player: from n/a through 1.1.8. | 2025-04-09 | 7.1 | CVE-2025-31400 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX – Make Me Christmas allows Stored XSS. This issue affects MMX – Make Me Christmas: from n/a through 1.0.0. | 2025-04-09 | 7.1 | CVE-2025-31401 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard Plugin NewsBoard Post and RSS Scroller allows Stored XSS. This issue affects NewsBoard Post and RSS Scroller: from n/a through 1.2.12. | 2025-04-09 | 7.1 | CVE-2025-31402 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk AF Tell a Friend allows Stored XSS. This issue affects AF Tell a Friend: from n/a through 1.4. | 2025-04-09 | 7.1 | CVE-2025-31404 |
| n/a -- n/a | apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in some cases during query validation, leading to exponential resource usage when deeply nested and reused fragments were involved. This could lead to excessive resource consumption and denial of service in applications. This vulnerability is fixed in 1.27.0. | 2025-04-07 | 7.5 | CVE-2025-31496 |
| n/a -- n/a | Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. Named fragments were being expanded once per fragment spread during query planning, leading to exponential resource usage when deeply nested and reused fragments were involved. This could lead to excessive resource consumption and denial of service. This has been remediated in @apollo/gateway version 2.10.1. | 2025-04-07 | 7.5 | CVE-2025-32030 |
| n/a -- n/a | Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. The query planner includes an optimization that significantly speeds up planning for applicable GraphQL selections. However, queries with deeply nested and reused named fragments can generate many selections where this optimization does not apply, leading to significantly longer planning times. Because the query planner does not enforce a timeout, a small number of such queries can render gateway inoperable. This could lead to excessive resource consumption and denial of service. This has been remediated in @apollo/gateway version 2.10.1. | 2025-04-07 | 7.5 | CVE-2025-32031 |
| n/a -- n/a | The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. The query planner includes an optimization that significantly speeds up planning for applicable GraphQL selections. However, queries with deeply nested and reused named fragments can generate many selections where this optimization does not apply, leading to significantly longer planning times. Because the query planner does not enforce a timeout, a small number of such queries can exhaust router's thread pool, rendering it inoperable. This could lead to excessive resource consumption and denial of service. This has been remediated in apollo-router versions 1.61.2 and 2.1.1. | 2025-04-07 | 7.5 | CVE-2025-32032 |
| n/a -- n/a | The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters (e.g. for a query's height). If a counter exceeded the maximum value for this data type (4,294,967,295), it wrapped around to 0, unintentionally allowing queries to bypass configured thresholds. This could occur for large queries if the payload limit were sufficiently increased, but could also occur for small queries with deeply nested and reused named fragments. This has been remediated in apollo-router versions 1.61.2 and 2.1.1. | 2025-04-07 | 7.5 | CVE-2025-32033 |
| n/a -- n/a | The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, a vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. Named fragments were being expanded once per fragment spread during query planning, leading to exponential resource usage when deeply nested and reused fragments were involved. This could lead to excessive resource consumption and denial of service. This has been remediated in apollo-router versions 1.61.2 and 2.1.1. | 2025-04-07 | 7.5 | CVE-2025-32034 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5sterrenspecialist 5sterrenspecialist allows Reflected XSS. This issue affects 5sterrenspecialist: from n/a through 1.3. | 2025-04-10 | 7.1 | CVE-2025-32114 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Popping Content Light allows Reflected XSS. This issue affects Popping Content Light: from n/a through 2.4. | 2025-04-10 | 7.1 | CVE-2025-32115 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studi7 QR Master allows Reflected XSS. This issue affects QR Master: from n/a through 1.0.5. | 2025-04-10 | 7.1 | CVE-2025-32116 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS. This issue affects Widgetize Pages Light: from n/a through 3.0. | 2025-04-08 | 7.1 | CVE-2025-32117 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aaronfrey Nearby Locations allows SQL Injection. This issue affects Nearby Locations: from n/a through 1.1.1. | 2025-04-10 | 7.6 | CVE-2025-32128 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aThemes aThemes Addons for Elementor. This issue affects aThemes Addons for Elementor: from n/a through 1.0.15. | 2025-04-10 | 7.5 | CVE-2025-32158 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON. This issue affects EventON: from n/a through 2.3.2. | 2025-04-10 | 7.5 | CVE-2025-32160 |
| n/a -- n/a | The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service. Apollo Router's usage of Apollo Compiler has been updated so that validation logic processes each named fragment only once, preventing redundant traversal. This has been remediated in apollo-router versions 1.61.2 and 2.1.1. | 2025-04-09 | 7.5 | CVE-2025-32380 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in blueinstyle Advanced Tag Lists allows Stored XSS. This issue affects Advanced Tag Lists: from n/a through 1.2. | 2025-04-09 | 7.1 | CVE-2025-32476 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Jordi Salord WP-Easy Menu allows Stored XSS. This issue affects WP-Easy Menu: from n/a through 0.41. | 2025-04-09 | 7.1 | CVE-2025-32477 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Mario Aguiar WP SexyLightBox allows Stored XSS. This issue affects WP SexyLightBox: from n/a through 0.5.3. | 2025-04-09 | 7.1 | CVE-2025-32478 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in ab-tools Flags Widget allows Stored XSS. This issue affects Flags Widget: from n/a through 1.0.7. | 2025-04-09 | 7.1 | CVE-2025-32479 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in dalziel Windows Live Writer allows Stored XSS. This issue affects Windows Live Writer: from n/a through 0.1. | 2025-04-09 | 7.1 | CVE-2025-32480 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in ninotheme Nino Social Connect allows Stored XSS. This issue affects Nino Social Connect: from n/a through 2.0. | 2025-04-09 | 7.1 | CVE-2025-32481 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in quanganhdo Custom Smilies allows Stored XSS. This issue affects Custom Smilies: from n/a through 1.2. | 2025-04-09 | 7.1 | CVE-2025-32482 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WP-Planification allows Stored XSS. This issue affects WP-Planification: from n/a through 2.3.1. | 2025-04-09 | 7.1 | CVE-2025-32484 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in squiter Spoiler Block allows Stored XSS. This issue affects Spoiler Block: from n/a through 1.7. | 2025-04-09 | 7.1 | CVE-2025-32497 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in oleglark VKontakte Cross-Post allows Stored XSS. This issue affects VKontakte Cross-Post: from n/a through 0.3.2. | 2025-04-09 | 7.1 | CVE-2025-32498 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Sudavar Codescar Radio Widget allows Stored XSS. This issue affects Codescar Radio Widget: from n/a through 0.4.2. | 2025-04-09 | 7.1 | CVE-2025-32500 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in dimafreund RentSyst allows Stored XSS. This issue affects RentSyst: from n/a through 2.0.72. | 2025-04-09 | 7.1 | CVE-2025-32501 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in lemmentwickler ePaper Lister for Yumpu allows Stored XSS. This issue affects ePaper Lister for Yumpu: from n/a through 1.4.0. | 2025-04-09 | 7.1 | CVE-2025-32502 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield allows Stored XSS. This issue affects Link Shield: from n/a through 0.5.4. | 2025-04-09 | 7.1 | CVE-2025-32503 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in SCAND MultiMailer allows Stored XSS. This issue affects MultiMailer: from n/a through 1.0.3. | 2025-04-09 | 7.1 | CVE-2025-32505 |
| n/a -- n/a | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMinds Simple WP Events allows Path Traversal. This issue affects Simple WP Events: from n/a through 1.8.17. | 2025-04-11 | 7.5 | CVE-2025-32509 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SCAND MultiMailer allows Reflected XSS. This issue affects MultiMailer: from n/a through 1.0.3. | 2025-04-11 | 7.1 | CVE-2025-32517 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in hossainawlad ALD Login Page allows Stored XSS. This issue affects ALD Login Page: from n/a through 1.1. | 2025-04-09 | 7.1 | CVE-2025-32518 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in payphone WooCommerce - Payphone Gateway allows Reflected XSS. This issue affects WooCommerce - Payphone Gateway: from n/a through 3.2.0. | 2025-04-11 | 7.1 | CVE-2025-32523 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyWorks MyWorks WooCommerce Sync for QuickBooks Online allows Reflected XSS. This issue affects MyWorks WooCommerce Sync for QuickBooks Online: from n/a through 2.9.1. | 2025-04-11 | 7.1 | CVE-2025-32524 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in interactivegeomaps Interactive Geo Maps allows Reflected XSS. This issue affects Interactive Geo Maps: from n/a through 1.6.24. | 2025-04-11 | 7.1 | CVE-2025-32525 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Workbox Workbox Video from Vimeo & Youtube allows Reflected XSS. This issue affects Workbox Video from Vimeo & Youtube: from n/a through 3.2.2. | 2025-04-11 | 7.1 | CVE-2025-32534 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sandeep Verma HTML5 Video Player with Playlist allows Reflected XSS. This issue affects HTML5 Video Player with Playlist: from n/a through 2.50. | 2025-04-11 | 7.1 | CVE-2025-32536 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry Lock Your Updates allows Reflected XSS. This issue affects Lock Your Updates: from n/a through 1.1. | 2025-04-11 | 7.1 | CVE-2025-32537 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dev02ali Easy Post Duplicator allows Reflected XSS. This issue affects Easy Post Duplicator: from n/a through 1.0.1. | 2025-04-11 | 7.1 | CVE-2025-32538 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach WooCommerce - Store Exporter allows Reflected XSS. This issue affects WooCommerce - Store Exporter: from n/a through 2.7.4. | 2025-04-11 | 7.1 | CVE-2025-32539 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin WooCommerce Sales MIS Report allows Reflected XSS. This issue affects WooCommerce Sales MIS Report: from n/a through 4.0.3. | 2025-04-11 | 7.1 | CVE-2025-32541 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hivedigital Canonical Attachments allows Reflected XSS. This issue affects Canonical Attachments: from n/a through 1.7. | 2025-04-09 | 7.1 | CVE-2025-32543 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1. | 2025-04-09 | 7.2 | CVE-2025-32550 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace allows Reflected XSS. This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through 1.0.8. | 2025-04-11 | 7.1 | CVE-2025-32551 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress allows Reflected XSS. This issue affects RestroPress: from n/a through 3.1.8.4. | 2025-04-11 | 7.1 | CVE-2025-32553 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam allows Stored XSS. This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through 3.3. | 2025-04-09 | 7.1 | CVE-2025-32555 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Simple Post Meta Manager allows Reflected XSS. This issue affects Simple Post Meta Manager: from n/a through 1.0.9. | 2025-04-09 | 7.1 | CVE-2025-32556 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in REVE Chat REVE Chat allows Stored XSS. This issue affects REVE Chat: from n/a through 6.2.2. | 2025-04-09 | 7.1 | CVE-2025-32559 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in dangrossman WP Calais Auto Tagger allows Cross Site Request Forgery. This issue affects WP Calais Auto Tagger: from n/a through 2.0. | 2025-04-09 | 7.1 | CVE-2025-32563 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChillPay ChillPay WooCommerce allows Stored XSS. This issue affects ChillPay WooCommerce: from n/a through 2.5.3. | 2025-04-09 | 7.1 | CVE-2025-32570 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB allows Reflected XSS. This issue affects WP w3all phpBB: from n/a through 2.9.2. | 2025-04-09 | 7.1 | CVE-2025-32575 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator allows Stored XSS. This issue affects DeBounce Email Validator: from n/a through 5.7.1. | 2025-04-09 | 7.1 | CVE-2025-32580 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ankit Singla WordPress Spam Blocker allows Stored XSS. This issue affects WordPress Spam Blocker: from n/a through 2.0.4. | 2025-04-09 | 7.1 | CVE-2025-32581 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Chat2 Chat2 allows Cross Site Request Forgery. This issue affects Chat2: from n/a through 3.6.3. | 2025-04-09 | 7.1 | CVE-2025-32584 |
| n/a -- n/a | Path Traversal vulnerability in Trusty Plugins Shop Products Filter allows PHP Local File Inclusion. This issue affects Shop Products Filter: from n/a through 1.2. | 2025-04-11 | 7.5 | CVE-2025-32585 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABA Bank ABA PayWay Payment Gateway for WooCommerce allows Reflected XSS. This issue affects ABA PayWay Payment Gateway for WooCommerce: from n/a through 2.1.3. | 2025-04-11 | 7.1 | CVE-2025-32586 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts allows Cross Site Request Forgery. This issue affects WP Abstracts: from n/a through 2.7.4. | 2025-04-09 | 7.1 | CVE-2025-32591 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in George Sexton WordPress Events Calendar Plugin - connectDaily allows Cross-Site Scripting (XSS). This issue affects WordPress Events Calendar Plugin - connectDaily: from n/a through 1.4.8. | 2025-04-09 | 7.1 | CVE-2025-32597 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Reflected XSS. This issue affects WP Table Builder: from n/a through 2.0.4. | 2025-04-11 | 7.1 | CVE-2025-32598 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miunosoft Task Scheduler allows Reflected XSS. This issue affects Task Scheduler: from n/a through 1.6.3. | 2025-04-11 | 7.1 | CVE-2025-32599 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tournamatch Tournamatch allows Reflected XSS. This issue affects Tournamatch: from n/a through 4.6.1. | 2025-04-11 | 7.1 | CVE-2025-32600 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twispay Twispay Credit Card Payments allows Reflected XSS. This issue affects Twispay Credit Card Payments: from n/a through 2.1.2. | 2025-04-11 | 7.1 | CVE-2025-32601 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Foliovision: Making the web work for you Foliopress WYSIWYG allows Cross Site Request Forgery. This issue affects Foliopress WYSIWYG: from n/a through 2.6.18. | 2025-04-09 | 7.1 | CVE-2025-32610 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in rafasashi User Session Synchronizer allows Stored XSS. This issue affects User Session Synchronizer: from n/a through 1.4.0. | 2025-04-09 | 7.1 | CVE-2025-32612 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in nimbata Nimbata Call Tracking allows Stored XSS. This issue affects Nimbata Call Tracking: from n/a through 1.7.1. | 2025-04-09 | 7.1 | CVE-2025-32616 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Ydesignservices Multiple Location Google Map allows Stored XSS. This issue affects Multiple Location Google Map: from n/a through 1.1. | 2025-04-09 | 7.1 | CVE-2025-32617 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in KeyCAPTCHA KeyCAPTCHA allows Stored XSS. This issue affects KeyCAPTCHA: from n/a through 2.5.1. | 2025-04-09 | 7.1 | CVE-2025-32619 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital WP Map Route Planner allows Cross Site Request Forgery. This issue affects WP Map Route Planner: from n/a through 1.0.0. | 2025-04-09 | 7.1 | CVE-2025-32621 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in plainware PlainInventory allows Stored XSS. This issue affects PlainInventory: from n/a through 3.1.9. | 2025-04-09 | 7.1 | CVE-2025-32623 |
| n/a -- n/a | Missing Authorization vulnerability in czater Czater.pl - live chat i telefon allows Cross Site Request Forgery. This issue affects Czater.pl - live chat i telefon: from n/a through 1.0.5. | 2025-04-09 | 7.1 | CVE-2025-32624 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Automatic Ban IP allows Reflected XSS. This issue affects Automatic Ban IP: from n/a through 1.0.7. | 2025-04-11 | 7.1 | CVE-2025-32632 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location World Clock allows Stored XSS. This issue affects IP2Location World Clock: from n/a through 1.1.9. | 2025-04-09 | 7.1 | CVE-2025-32644 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Hiren Patel Custom Posts Order allows Stored XSS. This issue affects Custom Posts Order: from n/a through 4.4. | 2025-04-09 | 7.1 | CVE-2025-32645 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro for WooCommerce allows Stored XSS. This issue affects FraudLabs Pro for WooCommerce: from n/a through 2.22.7. | 2025-04-09 | 7.1 | CVE-2025-32659 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive US Map allows Stored XSS. This issue affects Interactive US Map: from n/a through 2.7. | 2025-04-09 | 7.1 | CVE-2025-32661 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in ashokbasnet Nepali Date Utilities allows Stored XSS. This issue affects Nepali Date Utilities: from n/a through 1.0.13. | 2025-04-09 | 7.1 | CVE-2025-32664 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in fromdoppler Doppler Forms allows Stored XSS. This issue affects Doppler Forms: from n/a through 2.4.5. | 2025-04-09 | 7.1 | CVE-2025-32667 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack allows Stored XSS. This issue affects Mergado Pack: from n/a through 4.1.1. | 2025-04-09 | 7.1 | CVE-2025-32669 |
| n/a -- n/a | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John Weissberg Print Science Designer allows Path Traversal. This issue affects Print Science Designer: from n/a through 1.3.155. | 2025-04-11 | 7.5 | CVE-2025-32671 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in epeken Epeken All Kurir allows Stored XSS. This issue affects Epeken All Kurir: from n/a through 1.4.6.2. | 2025-04-09 | 7.1 | CVE-2025-32673 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect allows Blind SQL Injection. This issue affects Verowa Connect: from n/a through 3.0.5. | 2025-04-09 | 7.6 | CVE-2025-32676 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer allows Blind SQL Injection. This issue affects WP Social Stream Designer: from n/a through 1.3. | 2025-04-09 | 7.6 | CVE-2025-32677 |
| n/a -- n/a | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries allows SQL Injection. This issue affects WP Inquiries: from n/a through 0.2.1. | 2025-04-09 | 7.6 | CVE-2025-32685 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms allows PHP Local File Inclusion. This issue affects WP Subscription Forms: from n/a through 1.2.4. | 2025-04-09 | 7.5 | CVE-2025-32692 |
| n/a -- n/a | W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists. | 2025-04-11 | 7.7 | CVE-2025-32808 |
| code-projects -- online_restaurant_management_system | A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. This vulnerability affects unknown code of the file /reservation_save.php. The manipulation of the argument first leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-07 | 7.3 | CVE-2025-3330 |
| code-projects -- online_restaurant_management_system | A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0. This issue affects some unknown processing of the file /payment_save.php. The manipulation of the argument mode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3331 |
| code-projects -- online_restaurant_management_system | A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0. Affected is an unknown function of the file /admin/menu_save.php. The manipulation of the argument menu leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3332 |
| codeprojects--Online Restaurant Management System | A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/menu_update.php. The manipulation of the argument menu leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3333 |
| codeprojects--Online Restaurant Management System | A vulnerability was found in codeprojects Online Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/category_save.php. The manipulation of the argument Category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3334 |
| adonesevangelista -- online_restaurant_management_system | A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/category_update.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3335 |
| adonesevangelista -- online_restaurant_management_system | A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/member_save.php. The manipulation of the argument last leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-07 | 7.3 | CVE-2025-3336 |
| adonesevangelista -- online_restaurant_management_system | A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/member_update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3337 |
| codeprojects--Online Restaurant Management System | A vulnerability classified as critical has been found in codeprojects Online Restaurant Management System 1.0. Affected is an unknown function of the file /admin/user_save.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-07 | 7.3 | CVE-2025-3338 |
| codeprojects--Online Restaurant Management System | A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user_update.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3339 |
| codeprojects--Online Restaurant Management System | A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/combo_update.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3340 |
| codeprojects--Online Restaurant Management System | A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0. This affects an unknown part of the file /admin/reservation_view.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3341 |
| codeprojects--Online Restaurant Management System | A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/payment_save.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3342 |
| codeprojects--Online Restaurant Management System | A vulnerability was found in codeprojects Online Restaurant Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/reservation_update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3343 |
| codeprojects--Online Restaurant Management System | A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/assign_save.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3344 |
| codeprojects--Online Restaurant Management System | A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/combo.php. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3345 |
| PCMan--FTP Server | A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SYST Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3349 |
| PHPGurukul--Old Age Home Management System | A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/view-enquiry.php. The manipulation of the argument viewid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3350 |
| PHPGurukul--Old Age Home Management System | A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3351 |
| PHPGurukul--Old Age Home Management System | A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-scdetails.php. The manipulation of the argument contnum leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3352 |
| phpgurukul -- men_salon_management_system | A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument cost leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3353 |
| n/a -- n/a | A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-07 | 7.3 | CVE-2025-3370 |
| n/a -- n/a | A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component DELETE Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3371 |
| n/a -- n/a | A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component MKDIR Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3372 |
| n/a -- n/a | A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SITE CHMOD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3373 |
| n/a -- n/a | A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component CCC Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3374 |
| n/a -- n/a | A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. This affects an unknown part of the component CDUP Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3375 |
| n/a -- n/a | A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. This vulnerability affects unknown code of the component CONF Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3376 |
| n/a -- n/a | A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. This issue affects some unknown processing of the component ENC Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3377 |
| n/a -- n/a | A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component EPRT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3378 |
| n/a -- n/a | A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. Affected by this vulnerability is an unknown functionality of the component EPSV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3379 |
| n/a -- n/a | A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Affected by this issue is some unknown functionality of the component FEAT Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3380 |
| senior-walter -- web-based_pharmacy_product_management_system | A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search/search_sales.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3383 |
| 1000projects -- human_resource_management_system | A vulnerability was found in 1000 Projects Human Resource Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /controller/employee.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 7.3 | CVE-2025-3384 |
| esafenet -- cdg | A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5.6.3.154.205_20250114. Affected by this issue is some unknown functionality of the file /pubinfo/updateNotice.jsp. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 7.3 | CVE-2025-3399 |
| esafenet -- cdg | A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. This affects an unknown part of the file /client/UnChkMailApplication.jsp. The manipulation of the argument typename leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 7.3 | CVE-2025-3400 |
| esafenet -- cdg | A vulnerability has been found in ESAFENET CDG 5.6.3.154.205_20250114 and classified as critical. This vulnerability affects unknown code of the file /parameter/getLimitIPList.jsp. The manipulation of the argument noticeId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 7.3 | CVE-2025-3401 |
| n/a -- n/a | The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsap_download' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-04-08 | 7.5 | CVE-2025-3431 |
| n/a -- n/a | The SMTP for Amazon SES - YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-11 | 7.2 | CVE-2025-3434 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| IBM--Maximo Application Suite | IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. | 2025-04-10 | 6.5 | CVE-2023-43037 |
| kendysond--Payment Forms for Paystack | The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-10 | 6.4 | CVE-2024-10894 |
| GitLab--GitLab | An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term." | 2025-04-10 | 6.3 | CVE-2024-11129 |
| Unknown--WP-GeSHi-Highlight rock-solid syntax highlighting for 259 languages | The WP-GeSHi-Highlight - rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wp_geshi_filter_replace_code() function, which could lead to Regular Expression Denial of Service (ReDoS) issue | 2025-04-10 | 6.5 | CVE-2024-13896 |
| n/a -- n/a | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device administrator to click on a malicious link. | 2025-04-08 | 6.5 | CVE-2024-41795 |
| n/a -- n/a | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack (CVE-2024-41795) an unauthenticated attacker could be able to set the password to an attacker-controlled value. | 2025-04-08 | 6.5 | CVE-2024-41796 |
| Qualcomm, Inc.--Snapdragon | Memory corruption while invoking IOCTL map buffer request from userspace. | 2025-04-07 | 6.6 | CVE-2024-45540 |
| Qualcomm, Inc.--Snapdragon | Memory corruption while accessing MSM channel map and mixer functions. | 2025-04-07 | 6.6 | CVE-2024-45543 |
| Qualcomm, Inc.--Snapdragon | Memory corruption while processing IOCTL calls to add route entry in the HW. | 2025-04-07 | 6.6 | CVE-2024-45544 |
| Qualcomm, Inc.--Snapdragon | Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. | 2025-04-07 | 6.2 | CVE-2024-45551 |
| Qualcomm, Inc.--Snapdragon | Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR. | 2025-04-07 | 6.5 | CVE-2024-45556 |
| n/a -- n/a | An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests. | 2025-04-08 | 6.2 | CVE-2024-46671 |
| Qualcomm, Inc.--Snapdragon | Memory corruption while processing multiple IOCTL calls from HLOS to DSP. | 2025-04-07 | 6.7 | CVE-2024-49848 |
| n/a -- n/a | A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps' values. Additionally, the same information leaks into auditing logs when the audit level is set to equal or above 2. This issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4. | 2025-04-11 | 6.2 | CVE-2024-52282 |
| n/a -- n/a | An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them. | 2025-04-08 | 6.5 | CVE-2024-52974 |
| n/a -- n/a | A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them. | 2025-04-08 | 6.5 | CVE-2024-52980 |
| n/a -- n/a | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests. | 2025-04-08 | 6.7 | CVE-2024-54025 |
| n/a -- n/a | The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2025-04-09 | 6.3 | CVE-2024-8243 |
| n/a -- n/a | An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf. | 2025-04-10 | 6.4 | CVE-2025-0362 |
| n/a -- n/a | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-12 | 6.4 | CVE-2025-1455 |
| n/a -- n/a | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-12 | 6.4 | CVE-2025-1456 |
| n/a -- n/a | A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversized payloads into CI pipeline exports. | 2025-04-10 | 6.5 | CVE-2025-1677 |
| linuxfoundation -- yocto | In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033. | 2025-04-07 | 6.8 | CVE-2025-20656 |
| MediaTek, Inc.--MT6765, MT6768, MT6781, MT6789, MT6833, MT6853, MT6877, MT6885, MT8768, MT8771, MT8781, MT8786, MT8791T | In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609. | 2025-04-07 | 6.7 | CVE-2025-20657 |
| google -- android | In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09474894; Issue ID: MSV-2597. | 2025-04-07 | 6 | CVE-2025-20658 |
| MediaTek, Inc.--MT9972 | In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186. | 2025-04-07 | 6.7 | CVE-2025-20660 |
| MediaTek, Inc.--MT9972 | In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3185. | 2025-04-07 | 6.7 | CVE-2025-20661 |
| MediaTek, Inc.--MT9972 | In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04428276; Issue ID: MSV-3184. | 2025-04-07 | 6.7 | CVE-2025-20662 |
| n/a -- n/a | Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device. | 2025-04-08 | 6.2 | CVE-2025-20941 |
| n/a -- n/a | Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption. | 2025-04-08 | 6.4 | CVE-2025-20943 |
| n/a -- n/a | Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory. | 2025-04-08 | 6.2 | CVE-2025-20944 |
| n/a -- n/a | Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. | 2025-04-08 | 6.5 | CVE-2025-21197 |
| n/a -- n/a | Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-04-08 | 6.5 | CVE-2025-21203 |
| n/a -- n/a | The Cost Calculator Builder plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_ids' parameter in all versions up to, and including, 3.2.67 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-04-11 | 6.5 | CVE-2025-2128 |
| n/a -- n/a | A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart. This issue does not affect MX Series platforms. Heap size growth on FPC can be seen using below command. user@host> show chassis fpc Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%) Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer 0 Online 45 3 0 2 2 2 32768 19 0 <<<<<<< Heap increase in all fPCs This issue affects Junos OS: * All versions before 21.2R3-S7, * 21.4 versions before 21.4R3-S4, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3-S1, * 22.4 versions before 22.4R2-S2, 22.4R3. and Junos OS Evolved: * All versions before 21.2R3-S7-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-S1-EVO, * 22.4-EVO versions before 22.4R3-EVO. | 2025-04-09 | 6.5 | CVE-2025-21595 |
| n/a -- n/a | An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition. | 2025-04-08 | 6.1 | CVE-2025-22464 |
| n/a -- n/a | Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required. | 2025-04-08 | 6.1 | CVE-2025-22465 |
| n/a -- n/a | Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | 2025-04-10 | 6.5 | CVE-2025-22471 |
| n/a -- n/a | A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication. | 2025-04-07 | 6.2 | CVE-2025-2251 |
| n/a -- n/a | The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'image_id' parameter in all versions up to, and including, 1.8.34 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link. | 2025-04-12 | 6.1 | CVE-2025-2269 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. | 2025-04-07 | 6.5 | CVE-2025-22851 |
| n/a -- n/a | An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths. | 2025-04-10 | 6.5 | CVE-2025-23010 |
| n/a -- n/a | CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could potentially lead to unauthorized access which could result in the loss of confidentially, integrity and availability when a malicious user, having physical access, sets the radio to the factory default mode. | 2025-04-09 | 6.8 | CVE-2025-2442 |
| n/a -- n/a | Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network. | 2025-04-08 | 6.8 | CVE-2025-25002 |
| n/a -- n/a | Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack. | 2025-04-08 | 6.5 | CVE-2025-25013 |
| n/a -- n/a | The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. This is due to insufficient file validation in the 'st_send_download_file' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download arbitrary files. | 2025-04-08 | 6.5 | CVE-2025-2519 |
| n/a -- n/a | Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed. | 2025-04-09 | 6.5 | CVE-2025-25213 |
| n/a -- n/a | The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-04-11 | 6.4 | CVE-2025-2541 |
| n/a -- n/a | The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. Note: This requires Royal Shop theme to be installed. | 2025-04-11 | 6.4 | CVE-2025-2575 |
| n/a -- n/a | Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. | 2025-04-08 | 6.5 | CVE-2025-26635 |
| n/a -- n/a | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | 2025-04-08 | 6.8 | CVE-2025-26637 |
| n/a -- n/a | Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | 2025-04-08 | 6.5 | CVE-2025-26651 |
| n/a -- n/a | SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request before the redirect may be impacted if the client is configured to use HTTP and sends confidential data on the first request before the redirect. | 2025-04-08 | 6.8 | CVE-2025-26654 |
| n/a -- n/a | Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-04-08 | 6.5 | CVE-2025-26664 |
| n/a -- n/a | Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-04-08 | 6.5 | CVE-2025-26667 |
| n/a -- n/a | Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-04-08 | 6.5 | CVE-2025-26672 |
| n/a -- n/a | Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-04-08 | 6.5 | CVE-2025-26676 |
| n/a -- n/a | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | 2025-04-08 | 6.7 | CVE-2025-26681 |
| n/a -- n/a | A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to inject commands into the underlying operating system while using the CLI. Successful exploitation could lead to complete system compromise. | 2025-04-08 | 6.5 | CVE-2025-27078 |
| n/a -- n/a | A vulnerability in the file creation process on the command line interface of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to perform remote code execution (RCE). Successful exploitation could allow an attacker to execute arbitrary operating system commands on the underlying operating system leading to potential system compromise. | 2025-04-08 | 6 | CVE-2025-27079 |
| n/a -- n/a | A potential security vulnerability in HPE NonStop OSM Service Connection Suite could potentially be exploited to allow a local Denial of Service. | 2025-04-10 | 6.8 | CVE-2025-27081 |
| n/a -- n/a | The Swatchly - WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions 1.2.8 to 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration. | 2025-04-10 | 6.5 | CVE-2025-2719 |
| n/a -- n/a | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-04-08 | 6.5 | CVE-2025-27474 |
| n/a -- n/a | Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | 2025-04-08 | 6 | CVE-2025-27735 |
| n/a -- n/a | Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. | 2025-04-08 | 6.5 | CVE-2025-27738 |
| ruoyi -- ruoyi | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method | 2025-04-07 | 6.7 | CVE-2025-28400 |
| ruoyi -- ruoyi | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter | 2025-04-07 | 6.7 | CVE-2025-28401 |
| n/a -- n/a | PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2#tab=t2. | 2025-04-09 | 6.1 | CVE-2025-29389 |
| n/a -- n/a | Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. | 2025-04-07 | 6.2 | CVE-2025-29481 |
| n/a -- n/a | Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265. | 2025-04-07 | 6.2 | CVE-2025-29482 |
| n/a -- n/a | A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed. Specifically, the $_GET['errorcode'] parameter can be manipulated to access unauthorized error codes, leading to Cross-Site Scripting (XSS) attacks and information disclosure. | 2025-04-07 | 6.1 | CVE-2025-29594 |
| n/a -- n/a | External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. | 2025-04-08 | 6.2 | CVE-2025-29819 |
| n/a -- n/a | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9. | 2025-04-10 | 6.2 | CVE-2025-29916 |
| n/a -- n/a | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decode_base64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per thread. This vulnerability is fixed in 7.0.9. | 2025-04-10 | 6.2 | CVE-2025-29917 |
| n/a -- n/a | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability in inline mode. This vulnerability is fixed in 7.0.9. | 2025-04-10 | 6.2 | CVE-2025-29918 |
| n/a -- n/a | Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | 2025-04-08 | 6.5 | CVE-2025-29985 |
| n/a -- n/a | Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution. | 2025-04-09 | 6.9 | CVE-2025-29988 |
| n/a -- n/a | A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affected application searches for executable files in the application folder without proper validation. This could allow an attacker to execute arbitrary code with administrative privileges by placing a malicious executable in the same directory. | 2025-04-08 | 6.7 | CVE-2025-29999 |
| n/a -- n/a | A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affected application does not properly restrict permissions of the users. This could allow a lowly-privileged attacker to escalate their privileges. | 2025-04-08 | 6.7 | CVE-2025-30000 |
| n/a -- n/a | SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules. These function modules, when executed with elevated privileges, improperly handle user input, allowing attacker to inject arbitrary OS commands. This vulnerability allows the execution of unintended commands on the underlying system, posing a significant security risk to the confidentiality, integrity and availability of the application. | 2025-04-08 | 6.7 | CVE-2025-30013 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to gain access to sensitive information which could be used to further compromise the system or bypass security mechanisms. Exploitation of this issue does not require user interaction. | 2025-04-08 | 6.2 | CVE-2025-30291 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2025-04-08 | 6.1 | CVE-2025-30292 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 6.8 | CVE-2025-30293 |
| n/a -- n/a | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 6.5 | CVE-2025-30294 |
| n/a -- n/a | Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP response (401) is returned, the message will be ingested nonetheless. To mitigate the vulnerability, disable http-based inputs and allow only authenticated pull-based inputs. This vulnerability is fixed in 6.1.9. | 2025-04-07 | 6.5 | CVE-2025-30373 |
| n/a -- n/a | A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. When an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart. This issue affects: Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S10, * from 22.2 before 22.2R3-S6, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2; Junos OS Evolved: * All versions before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO, * from 22.4-EVO before 22.4R3-S6-EVO, * from 23.2-EVO before 23.2R2-S3-EVO, * from 23.4-EVO before 23.4R2-S4-EVO, * from 24.2-EVO before 24.2R2-EVO. | 2025-04-09 | 6.5 | CVE-2025-30646 |
| n/a -- n/a | A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash. user@host> show chassis fpc Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%) Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer 2 Online 36 10 0 9 8 9 32768 26 0 This issue affects Junos OS on MX Series: * All versions before 21.2R3-S9 * from 21.4 before 21.4R3-S10 * from 22.2 before 22.2R3-S6 * from 22.4 before 22.4R3-S5 * from 23.2 before 23.2R2-S3 * from 23.4 before 23.4R2-S3 * from 24.2 before 24.2R2. | 2025-04-09 | 6.5 | CVE-2025-30647 |
| n/a -- n/a | An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-class, and an LSP flaps, rpd crashes and restarts. Continuous flapping of LSP can cause a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * All versions before 22.2R3-S4, * 22.4 versions before 22.4R3-S2, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2. Junos OS Evolved: * All versions before 22.2R3-S4-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R2-EVO. | 2025-04-09 | 6.5 | CVE-2025-30653 |
| n/a -- n/a | Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | 2025-04-08 | 6.5 | CVE-2025-30670 |
| n/a -- n/a | Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | 2025-04-08 | 6.5 | CVE-2025-30671 |
| n/a -- n/a | The WP Project Manager - Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping in tasks discussion. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-04-09 | 6.4 | CVE-2025-3100 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Noakes Nav Menu Manager allows Stored XSS. This issue affects Nav Menu Manager: from n/a through 3.2.5. | 2025-04-09 | 6.5 | CVE-2025-31017 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS. This issue affects Simple Spoiler: from n/a through 1.4. | 2025-04-09 | 6.5 | CVE-2025-31020 |
| Huawei--HarmonyOS | File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-04-07 | 6.8 | CVE-2025-31171 |
| Huawei--HarmonyOS | Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-04-07 | 6.8 | CVE-2025-31174 |
| n/a -- n/a | Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause service downtime hence leading to a high impact on integrity and availability. However, this vulnerability does not disclose any sensitive data. | 2025-04-08 | 6.6 | CVE-2025-31332 |
| n/a -- n/a | Subnet Solutions PowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the API may trigger an exception, resulting in a denial-of-service condition. | 2025-04-11 | 6.2 | CVE-2025-31935 |
| n/a -- n/a | Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher. | 2025-04-10 | 6.1 | CVE-2025-32027 |
| n/a -- n/a | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in maennchen1.de m1.DownloadList. This issue affects m1.DownloadList: from n/a through 0.21. | 2025-04-08 | 6.5 | CVE-2025-32164 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefusecom Brizy. This issue affects Brizy: from n/a through 2.6.14. | 2025-04-10 | 6.5 | CVE-2025-32198 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyale-vc Contact Form Builder by vcita. This issue affects Contact Form Builder by vcita: from n/a through 4.10.2. | 2025-04-10 | 6.5 | CVE-2025-32199 |
| n/a -- n/a | Missing Authorization vulnerability in Hive Support Hive Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hive Support: from n/a through 1.2.2. | 2025-04-10 | 6.5 | CVE-2025-32208 |
| n/a -- n/a | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Total processing card payments for WooCommerce allows Path Traversal. This issue affects Total processing card payments for WooCommerce: from n/a through 7.1.5. | 2025-04-10 | 6.5 | CVE-2025-32209 |
| n/a -- n/a | Missing Authorization vulnerability in CreativeMindsSolutions CM Registration and Invitation Codes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CM Registration and Invitation Codes: from n/a through 2.5.2. | 2025-04-10 | 6.5 | CVE-2025-32210 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet allows Stored XSS. This issue affects Broadstreet: from n/a through 1.51.2. | 2025-04-08 | 6.5 | CVE-2025-32211 |
| n/a -- n/a | Missing Authorization vulnerability in Specia Theme Specia Companion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Specia Companion: from n/a through 4.6. | 2025-04-10 | 6.5 | CVE-2025-32212 |
| n/a -- n/a | Missing Authorization vulnerability in flothemesplugins Flo Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Flo Forms: from n/a through 1.0.43. | 2025-04-10 | 6.5 | CVE-2025-32213 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support allows Stored XSS. This issue affects Hive Support: from n/a through 1.2.2. | 2025-04-10 | 6.5 | CVE-2025-32214 |
| n/a -- n/a | Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite by Online ADA allows Stored XSS. This issue affects Accessibility Suite by Online ADA: from n/a through 4.18. | 2025-04-10 | 6.5 | CVE-2025-32215 |
| n/a -- n/a | Missing Authorization vulnerability in Spider Themes Spider Elements - Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Spider Elements - Addons for Elementor: from n/a through 1.6.2. | 2025-04-10 | 6.4 | CVE-2025-32216 |
| n/a -- n/a | Missing Authorization vulnerability in NotFound Site Notify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Site Notify: from n/a through 1.0. | 2025-04-10 | 6.5 | CVE-2025-32240 |
| n/a -- n/a | Missing Authorization vulnerability in Hive Support Hive Support allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hive Support: from n/a through 1.2.2. | 2025-04-10 | 6.5 | CVE-2025-32242 |
| n/a -- n/a | Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Link Optimiser: from n/a through 5.1.2. | 2025-04-10 | 6.5 | CVE-2025-32243 |
| n/a -- n/a | Missing Authorization vulnerability in QuantumCloud SEO Help allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SEO Help: from n/a through 6.6.1. | 2025-04-10 | 6.5 | CVE-2025-32244 |
| n/a -- n/a | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls. This vulnerability is fixed in 9.13.8. | 2025-04-09 | 6.5 | CVE-2025-32372 |
| n/a -- n/a | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8. | 2025-04-09 | 6.5 | CVE-2025-32373 |
| n/a -- n/a | XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system making use of xgrammar can be abused to fill up a host's memory and case a denial of service. For example, sending many small requests to an LLM inference server with unique JSON schemas would eventually cause this denial of service to occur. This vulnerability is fixed in 0.1.18. | 2025-04-09 | 6.5 | CVE-2025-32381 |
| n/a -- n/a | Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3. | 2025-04-09 | 6.5 | CVE-2025-32386 |
| n/a -- n/a | Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3. | 2025-04-09 | 6.5 | CVE-2025-32387 |
| n/a -- n/a | HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub Gist embeddings. Only instances with the local filesystem upload backend or special configurations, where the uploads are served from the same domain as HedgeDoc, are vulnerable. This vulnerability is fixed in 1.10.3. When upgrading to HedgeDoc 1.10.3 is not possible, instance owners could add the following headers for all routes under /uploads as a first-countermeasure: Content-Disposition: attachment and Content-Security-Policy: default-src 'none'. Additionally, the external URLs in the script-src attribute of the Content-Security-Policy header should be removed. | 2025-04-10 | 6.4 | CVE-2025-32391 |
| n/a -- n/a | Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py. | 2025-04-08 | 6.4 | CVE-2025-32413 |
| n/a -- n/a | HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one. | 2025-04-09 | 6.8 | CVE-2025-32464 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark allows Stored XSS. This issue affects Waymark: from n/a through 1.5.2. | 2025-04-09 | 6.5 | CVE-2025-32495 |
| n/a -- n/a | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Logo Showcase Ultimate allows PHP Local File Inclusion. This issue affects Logo Showcase Ultimate: from n/a through 1.4.4. | 2025-04-09 | 6.5 | CVE-2025-32499 |
| n/a -- n/a | Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help allows Server Side Request Forgery. This issue affects SEO Help: from n/a through 6.6.0. | 2025-04-09 | 6.8 | CVE-2025-32675 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG Lite allows DOM-Based XSS. This issue affects MapSVG Lite: from n/a through 8.5.32. | 2025-04-09 | 6.5 | CVE-2025-32683 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato PowerPress Podcasting allows DOM-Based XSS. This issue affects PowerPress Podcasting: from n/a through 11.12.4. | 2025-04-09 | 6.5 | CVE-2025-32690 |
| n/a -- n/a | Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. | 2025-04-12 | 6.8 | CVE-2025-32726 |
| n/a -- n/a | The SKT Blocks - Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Carousel block in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-12 | 6.4 | CVE-2025-3276 |
| n/a -- n/a | W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choice_fb[], or question_id. | 2025-04-11 | 6.4 | CVE-2025-32809 |
| code-projects--Patient Record Management System | A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /dental_pending.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 6.3 | CVE-2025-3347 |
| code-projects--Patient Record Management System | A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. This vulnerability affects unknown code of the file /edit_dpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 6.3 | CVE-2025-3348 |
| Red Hat--Red Hat Enterprise Linux 6 | A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment. | 2025-04-07 | 6.2 | CVE-2025-3359 |
| n/a -- n/a | The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system. | 2025-04-08 | 6.7 | CVE-2025-3364 |
| n/a -- n/a | A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /novel/friendLink/list. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 6.3 | CVE-2025-3369 |
| n/a -- n/a | A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 6.3 | CVE-2025-3381 |
| n/a -- n/a | A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. This vulnerability affects the function update of the file /api/user/update. The manipulation of the argument state leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | 2025-04-07 | 6.3 | CVE-2025-3382 |
| n/a -- n/a | A vulnerability classified as critical was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function configure of the file blogserver/src/main/java/org/sang/config/WebSecurityConfig.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 6.3 | CVE-2025-3398 |
| n/a -- n/a | A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical. This issue affects some unknown processing of the file /sysform/042/check.js%70. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 6.3 | CVE-2025-3402 |
| n/a -- n/a | A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 6.3 | CVE-2025-3407 |
| n/a -- n/a | A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 6.3 | CVE-2025-3408 |
| n/a -- n/a | A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 6.3 | CVE-2025-3409 |
| n/a -- n/a | A vulnerability classified as critical was found in mymagicpower AIAS 20250308. This vulnerability affects unknown code of the file training_platform/train-platform/src/main/java/top/aias/training/controller/LocalStorageController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 6.3 | CVE-2025-3410 |
| n/a -- n/a | A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308. This issue affects some unknown processing of the file 3_api_platform/api-platform/src/main/java/top/aias/platform/controller/AsrController.java. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 6.3 | CVE-2025-3411 |
| n/a -- n/a | A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Affected is an unknown function of the file 2_training_platform/train-platform/src/main/java/top/aias/training/controller/InferController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 6.3 | CVE-2025-3412 |
| n/a -- n/a | A vulnerability has been found in opplus springboot-admin up to a2d5310f44fd46780a8686456cf2f9001ab8f024 and classified as critical. Affected by this vulnerability is the function code of the file SysGeneratorController.java. The manipulation of the argument Tables leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 6.3 | CVE-2025-3413 |
| n/a -- n/a | The Everest Forms - Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-04-11 | 6.1 | CVE-2025-3421 |
| n/a -- n/a | The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-aawp-web' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-08 | 6.4 | CVE-2025-3432 |
| n/a -- n/a | The Advanced Advertising System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1. This is due to insufficient validation on the redirect url supplied via the 'redir' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | 2025-04-08 | 6.1 | CVE-2025-3433 |
| n/a -- n/a | The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'order' and 'orderby' parameters in all versions up to, and including, 2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-04-08 | 6.5 | CVE-2025-3436 |
| n/a -- n/a | Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panels: from 0.0.0 before 4.9.0. | 2025-04-09 | 6.5 | CVE-2025-3474 |
| n/a -- n/a | Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.This issue affects WEB-T: from 0.0.0 before 1.1.0. | 2025-04-09 | 6.5 | CVE-2025-3475 |
| n/a -- n/a | A vulnerability, which was classified as critical, was found in PowerCreator CMS 1.0. Affected is an unknown function of the file /OpenPublicCourse.aspx. The manipulation of the argument cid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-13 | 6.3 | CVE-2025-3534 |
| n/a -- n/a | A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete-user.php. The manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-13 | 6.5 | CVE-2025-3536 |
| IBM--Security Verify Governance | IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-04-09 | 5.4 | CVE-2023-33844 |
| IBM--Sterling Control Center | IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-04-10 | 5.4 | CVE-2023-42007 |
| Apple--macOS | Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks. | 2025-04-11 | 5.4 | CVE-2023-42981 |
| creativemotion--Clearfy Cache WordPress optimization plugin, Minify HTML, CSS & JS, Defer | The Clearfy Cache - WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfy_cache_delete functionality . This makes it possible for unauthenticated attackers to clear the cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-04-12 | 5.3 | CVE-2024-13338 |
| melhorenvio--Melhor Envio | The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.9 via the 'run' function, which uses a hardcoded hash. This makes it possible for unauthenticated attackers to extract sensitive data including environment information, plugin tokens, shipping configurations, and limited vendor information. | 2025-04-08 | 5.3 | CVE-2024-13820 |
| Qualcomm, Inc.--Snapdragon | There may be information disclosure during memory re-allocation in TZ Secure OS. | 2025-04-07 | 5.5 | CVE-2024-43046 |
| n/a -- n/a | A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article. | 2025-04-07 | 5.4 | CVE-2024-46494 |
| n/a -- n/a | An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and FortiManager version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.12 and below may allow an unauthenticated remote attacker to pollute the logs via crafted login requests. | 2025-04-08 | 5.3 | CVE-2024-52962 |
| Huawei--HarmonyOS | Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-04-07 | 5.3 | CVE-2024-58113 |
| Arm Ltd--Valhall GPU Userspace Driver | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to make valid GPU processing operations, including via WebGL or WebGPU, to access a limited amount outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r0p0 through r49p2, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r19p0 through r49p2, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p2, from r50p0 through r53p0. | 2025-04-07 | 5.9 | CVE-2025-0050 |
| google -- android | In keymaster, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04427687; Issue ID: MSV-3183. | 2025-04-07 | 5.3 | CVE-2025-20655 |
| n/a -- n/a | Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege. | 2025-04-08 | 5.5 | CVE-2025-20934 |
| n/a -- n/a | Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access files with system privilege. User interaction is required for triggering this vulnerability. | 2025-04-08 | 5.5 | CVE-2025-20935 |
| n/a -- n/a | Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts. | 2025-04-08 | 5.5 | CVE-2025-20938 |
| n/a -- n/a | Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical attackers to update device unique identifier of Watch devices. | 2025-04-08 | 5.4 | CVE-2025-20939 |
| n/a -- n/a | Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. User interaction is required for triggering this vulnerability. | 2025-04-08 | 5.5 | CVE-2025-20947 |
| n/a -- n/a | Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. | 2025-04-08 | 5.5 | CVE-2025-20948 |
| n/a -- n/a | Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store. | 2025-04-08 | 5.1 | CVE-2025-20951 |
| n/a -- n/a | Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege. | 2025-04-09 | 5.5 | CVE-2025-20952 |
| Qualcomm, Inc.--Snapdragon | Information disclosure may be there when a guest VM is connected. | 2025-04-07 | 5.5 | CVE-2025-21431 |
| n/a -- n/a | An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, and a BGP peer flap is done with specific timing, rpd crashes and restarts. Continuous peer flapping at specific time intervals will result in a sustained Denial of Service (DoS) condition. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. The issue can occur with or without logical-systems enabled. This issue affects: Junos OS: * All versions before 20.4R3-S8, * 21.2 versions before 21.2R3-S6, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3, * 22.4 versions before 22.4R3. Junos OS Evolved: * All versions before 21.2R3-S6-EVO, * 21.3-EVO versions before 21.3R3-S5-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.1-EVO versions before 22.1R3-S3-EVO, * 22.2-EVO versions before :22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R3-EVO. | 2025-04-09 | 5.3 | CVE-2025-21597 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: regulator: dummy: force synchronous probing Sometimes I get a NULL pointer dereference at boot time in kobject_get() with the following call stack: anatop_regulator_probe() devm_regulator_register() regulator_register() regulator_resolve_supply() kobject_get() By placing some extra BUG_ON() statements I could verify that this is raised because probing of the 'dummy' regulator driver is not completed ('dummy_regulator_rdev' is still NULL). In the JTAG debugger I can see that dummy_regulator_probe() and anatop_regulator_probe() can be run by different kernel threads (kworker/u4:*). I haven't further investigated whether this can be changed or if there are other possibilities to force synchronization between these two probe routines. On the other hand I don't expect much boot time penalty by probing the 'dummy' regulator synchronously. | 2025-04-08 | 5.5 | CVE-2025-22009 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup during bt pages loop Driver runs a for-loop when allocating bt pages and mapping them with buffer pages. When a large buffer (e.g. MR over 100GB) is being allocated, it may require a considerable loop count. This will lead to soft lockup: watchdog: BUG: soft lockup - CPU#27 stuck for 22s! ... Call trace: hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2] hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2] hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2] alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2] hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x118/0x290 watchdog: BUG: soft lockup - CPU#35 stuck for 23s! ... Call trace: hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2] mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2] hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2] alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2] hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x120/0x2bc Add a cond_resched() to fix soft lockup during these loops. In order not to affect the allocation performance of normal-size buffer, set the loop count of a 100GB MR as the threshold to call cond_resched(). | 2025-04-08 | 5.5 | CVE-2025-22010 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: ARM: dts: bcm2711: Fix xHCI power-domain During s2idle tests on the Raspberry CM4 the VPU firmware always crashes on xHCI power-domain resume: root@raspberrypi:/sys/power# echo freeze > state [ 70.724347] xhci_suspend finished [ 70.727730] xhci_plat_suspend finished [ 70.755624] bcm2835-power bcm2835-power: Power grafx off [ 70.761127] USB: Set power to 0 [ 74.653040] USB: Failed to set power to 1 (-110) This seems to be caused because of the mixed usage of raspberrypi-power and bcm2835-power at the same time. So avoid the usage of the VPU firmware power-domain driver, which prevents the VPU crash. | 2025-04-08 | 5.5 | CVE-2025-22011 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu" There are reports that the pagetable walker cache coherency is not a given across the spectrum of SDM845/850 devices, leading to lock-ups and resets. It works fine on some devices (like the Dragonboard 845c, but not so much on the Lenovo Yoga C630). This unfortunately looks like a fluke in firmware development, where likely somewhere in the vast hypervisor stack, a change to accommodate for this was only introduced after the initial software release (which often serves as a baseline for products). Revert the change to avoid additional guesswork around crashes. This reverts commit 6b31a9744b8726c69bb0af290f8475a368a4b805. | 2025-04-08 | 5.5 | CVE-2025-22012 |
| linux -- linux_kernel | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdr_add_lookup() to add the look up for the service and does schedule locator work, later a process B got a new server packet indicating locator is up and call pdr_locator_new_server() which eventually sets pdr->locator_init_complete to true which process A sees and takes list lock and queries domain list but it will timeout due to deadlock as the response will queued to the same qmi->wq and it is ordered workqueue and process B is not able to complete new server request work due to deadlock on list lock. Fix it by removing the unnecessary list iteration as the list iteration is already being done inside locator work, so avoid it here and just call schedule_work() here. Process A Process B process_scheduled_works() pdr_add_lookup() qmi_data_ready_work() process_scheduled_works() pdr_locator_new_server() pdr->locator_init_complete=true; pdr_locator_work() mutex_lock(&pdr->list_lock); pdr_locate_service() mutex_lock(&pdr->list_lock); pdr_get_domain_list() pr_err("PDR: %s get domain list txn wait failed: %d\n", req->service_name, ret); Timeout error log due to deadlock: " PDR: tms/servreg get domain list txn wait failed: -110 PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110 " Thanks to Bjorn and Johan for letting me know that this commit also fixes an audio regression when using the in-kernel pd-mapper as that makes it easier to hit this race. [1] | 2025-04-08 | 5.5 | CVE-2025-22014 |
| n/a -- n/a | Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Your application may be affected by this if the following are true: * You have Spring Vault on the classpath of your Spring Cloud Config Server and * You are using the X-CONFIG-TOKEN header to send a Vault token to the Spring Cloud Config Server for the Config Server to use when making requests to Vault and * You are using the default Spring Vault SessionManager implementation LifecycleAwareSessionManager or a SessionManager implementation that persists the Vault token such as SimpleSessionManager. In this case the SessionManager persists the first token it retrieves and will continue to use that token even if client requests to the Spring Cloud Config Server include a X-CONFIG-TOKEN header with a different value. Affected Spring Products and Versions Spring Cloud Config: * 2.2.1.RELEASE - 4.2.1 Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected version(s)Fix versionAvailability4.2.x4.2.2OSS4.1.x4.1.6OSS4.0.x4.0.10Commercial3.1.x3.1.10Commercial3.0.x4.1.6OSS2.2.x4.1.6OSS NOTE: Spring Cloud Config 3.0.x and 2.2.x are no longer under open source or commercial support. Users of these versions are encouraged to upgrade to a supported version. No other mitigation steps are necessary. | 2025-04-10 | 5.3 | CVE-2025-22232 |
| n/a -- n/a | A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. | 2025-04-10 | 5.9 | CVE-2025-23009 |
| n/a -- n/a | A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. | 2025-04-11 | 5.3 | CVE-2025-23387 |
| n/a -- n/a | An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information. | 2025-04-10 | 5.3 | CVE-2025-2408 |
| n/a -- n/a | Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users credentials. The method mysql-operator calls mysql-shell application rely on writing to a temporary script file containing the full URI, with user and password. The file can be read by a unprivileged user during the operator runtime, due it being created with read permissions (0x644). On other cases, when calling mysql cli, for one specific case when creating the operator users, the DDL contains said users credentials, which can be leak through the same mechanism of a temporary file. All versions prior to revision 221 for kubernetes and revision 338 for machine operators. | 2025-04-09 | 5 | CVE-2025-24375 |
| n/a -- n/a | Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability is specific to that report and is a result of failure to cast input prior to including it in the grid field. This vulnerability is fixed in 5.3.12. | 2025-04-10 | 5.4 | CVE-2025-25197 |
| n/a -- n/a | The Vayu Blocks - Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' function in versions 1.0.4 to 1.2.1. This makes it possible for unauthenticated attackers to read plugin options and update any option with a key name ending in '_value'. | 2025-04-08 | 5.3 | CVE-2025-2568 |
| n/a -- n/a | Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive Information Into Sent Data vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | 2025-04-11 | 5.8 | CVE-2025-26335 |
| n/a -- n/a | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | 2025-04-10 | 5.3 | CVE-2025-26480 |
| n/a -- n/a | Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally. | 2025-04-08 | 5.1 | CVE-2025-26644 |
| n/a -- n/a | SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability. | 2025-04-08 | 5.3 | CVE-2025-26657 |
| n/a -- n/a | Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.8. | 2025-04-09 | 5.3 | CVE-2025-26888 |
| n/a -- n/a | A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the context of the affected interface. | 2025-04-08 | 5.4 | CVE-2025-27084 |
| n/a -- n/a | After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-27184 |
| n/a -- n/a | After Effects versions 25.1, 24.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-27185 |
| n/a -- n/a | After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-27186 |
| n/a -- n/a | After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-27187 |
| n/a -- n/a | Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | 2025-04-08 | 5.3 | CVE-2025-27190 |
| n/a -- n/a | Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | 2025-04-08 | 5.3 | CVE-2025-27191 |
| n/a -- n/a | Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-27201 |
| n/a -- n/a | Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-27202 |
| n/a -- n/a | After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-27204 |
| n/a -- n/a | Adobe Experience Manager Screens versions FP11.3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must open a malicious link. | 2025-04-08 | 5.4 | CVE-2025-27205 |
| n/a -- n/a | Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network. | 2025-04-08 | 5.9 | CVE-2025-27471 |
| n/a -- n/a | Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. | 2025-04-08 | 5.4 | CVE-2025-27472 |
| n/a -- n/a | Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information. | 2025-04-09 | 5.9 | CVE-2025-27722 |
| n/a -- n/a | Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. | 2025-04-08 | 5.5 | CVE-2025-27736 |
| n/a -- n/a | Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally. | 2025-04-08 | 5.5 | CVE-2025-27742 |
| n/a -- n/a | The Motors - Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-08 | 5.4 | CVE-2025-2808 |
| n/a -- n/a | The Cart66 Cloud plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.7 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file. | 2025-04-12 | 5.3 | CVE-2025-2841 |
| n/a -- n/a | The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user. | 2025-04-08 | 5.3 | CVE-2025-2876 |
| n/a -- n/a | The Developer Toolbar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file. | 2025-04-12 | 5.3 | CVE-2025-2881 |
| n/a -- n/a | The GreenPay(tm) by Green.Money plugin for WordPress is vulnerable to Sensitive Information Exposure in versions between 3.0.0 and 3.0.9 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file. | 2025-04-08 | 5.3 | CVE-2025-2882 |
| n/a -- n/a | The Accept SagePay Payments Using Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file. | 2025-04-08 | 5.3 | CVE-2025-2883 |
| n/a -- n/a | An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165. | 2025-04-07 | 5.5 | CVE-2025-29478 |
| n/a -- n/a | Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. | 2025-04-07 | 5.5 | CVE-2025-29480 |
| n/a -- n/a | Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. | 2025-04-08 | 5.5 | CVE-2025-29808 |
| n/a -- n/a | Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally. | 2025-04-08 | 5.5 | CVE-2025-29821 |
| n/a -- n/a | Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23. | 2025-04-10 | 5.4 | CVE-2025-30148 |
| n/a -- n/a | A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V10.6 (All versions < V10.6.22), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application. | 2025-04-08 | 5.3 | CVE-2025-30280 |
| adobe -- framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-30300 |
| adobe -- framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-30301 |
| adobe -- framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-30302 |
| adobe -- framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-30303 |
| n/a -- n/a | XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-30305 |
| n/a -- n/a | XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-30306 |
| n/a -- n/a | XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-30307 |
| n/a -- n/a | XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-30308 |
| n/a -- n/a | XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-04-08 | 5.5 | CVE-2025-30309 |
| n/a -- n/a | An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS). When asregex-optimized is configured and a specific "show route as-path" CLI command is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S10, * from 22.2 before 22.2R3-S6, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2. and Junos OS Evolved: * All versions before 21.2R3-S9-EVO, * from 21.4-EVO before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO, * from 22.4-EVO before 22.4R3-S6-EVO, * from 23.2-EVO before 23.2R2-S3-EVO, * from 23.4-EVO before 23.4R2-S4-EVO, * from 24.2-EVO before 24.2R2-EVO. | 2025-04-09 | 5.5 | CVE-2025-30652 |
| n/a -- n/a | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information. Through the execution of a specific show mgd command, a user with limited permissions (e.g., a low-privileged login class user) can access sensitive information such as hashed passwords, that can be used to further impact the system. This issue affects Junos OS: * All versions before 21.4R3-S10, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S3. Junos OS Evolved: * All versions before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO, * from 22.4-EVO before 22.4R3-S5-EVO, * from 23.2-EVO before 23.2R2-S3-EVO, * from 23.4-EVO before 23.4R2-S3-EVO. | 2025-04-09 | 5.5 | CVE-2025-30654 |
| n/a -- n/a | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific "show bgp neighbor" CLI command is run, the rpd cpu utilization rises and eventually causes a crash and restart. Repeated use of this command will cause a sustained DoS condition. The device is only affected if BGP RIB sharding and update-threading is enabled. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S6, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2. and Junos OS Evolved: * All versions before 21.2R3-S9-EVO, * from 21.4-EVO before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S6-EVO, * from 22.4-EVO before 22.4R3-S2-EVO, * from 23.2-EVO before 23.2R2-S3-EVO, * from 23.4-EVO before 23.4R2-EVO. | 2025-04-09 | 5.5 | CVE-2025-30655 |
| n/a -- n/a | An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it's sent to SRRD it's encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts. This issue does not affect traffic forwarding itself. This issue affects Junos OS: * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R1-S2, 23.2R2. This issue does not affected Junos OS Evolved. | 2025-04-09 | 5.3 | CVE-2025-30657 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YouTube Embed Plugin Support YouTube Embed allows Stored XSS. This issue affects YouTube Embed: from n/a through 5.3.1. | 2025-04-09 | 5.9 | CVE-2025-31008 |
| n/a -- n/a | Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks allows Server Side Request Forgery. This issue affects IndieBlocks: from n/a through 0.13.1. | 2025-04-09 | 5.4 | CVE-2025-31009 |
| n/a -- n/a | Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Age Gate: from n/a through 3.5.4. | 2025-04-09 | 5.3 | CVE-2025-31012 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Chris WP Editor.md – The Perfect WordPress Markdown Editor allows Stored XSS. This issue affects WP Editor.md – The Perfect WordPress Markdown Editor: from n/a through 10.2.1. | 2025-04-09 | 5.9 | CVE-2025-31035 |
| n/a -- n/a | Missing Authorization vulnerability in rtakao Sandwich Adsense allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sandwich Adsense: from n/a through 4.0.2. | 2025-04-09 | 5.3 | CVE-2025-31042 |
| n/a -- n/a | tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions (width and height) were not properly validated. This allowed an attacker with direct access to the site's source code or a CMS plugin to set values like 100%;height:100%;position:fixed;, potentially covering the entire viewport and facilitating clickjacking attacks. An attacker with high privileges could exploit this vulnerability to overlay malicious UI elements on top of legitimate content, trick users into interacting with hidden elements (clickjacking), or disrupt the intended functionality and accessibility of the website. This vulnerability is fixed in 1.20.1. | 2025-04-07 | 5.5 | CVE-2025-31138 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before 2.0.16, from 2.1.0 before 2.1.7, from 0.0.0 before 1.2.*. | 2025-04-09 | 5.4 | CVE-2025-3131 |
| n/a -- n/a | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Aribhour Linet ERP-Woocommerce Integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.12. | 2025-04-10 | 5.9 | CVE-2025-31411 |
| n/a -- n/a | tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code or a CMS plugin to manipulate JavaScript object prototypes, leading to potential security risks such as data corruption or unintended code execution. An attacker with high privileges could exploit this vulnerability to modify object prototypes, affecting core JavaScript behavior, cause application crashes or unexpected behavior, or potentially introduce further security vulnerabilities depending on the application's architecture. This vulnerability is fixed in 1.20.1. | 2025-04-07 | 5.5 | CVE-2025-31475 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bradvin FooBox Image Lightbox . This issue affects FooBox Image Lightbox : from n/a through 2.7.33. | 2025-04-10 | 5.9 | CVE-2025-32139 |
| n/a -- n/a | Missing Authorization vulnerability in Spider Themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EazyDocs: from n/a through 2.6.4. | 2025-04-10 | 5.4 | CVE-2025-32221 |
| n/a -- n/a | Missing Authorization vulnerability in Alimir WP ULike. This issue affects WP ULike: from n/a through 4.7.9.1. | 2025-04-10 | 5.3 | CVE-2025-32259 |
| n/a -- n/a | Missing Authorization vulnerability in Detheme DethemeKit For Elementor. This issue affects DethemeKit For Elementor: from n/a through 2.1.10. | 2025-04-10 | 5.3 | CVE-2025-32260 |
| n/a -- n/a | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8. | 2025-04-09 | 5.9 | CVE-2025-32374 |
| n/a -- n/a | Koa is expressive middleware for Node.js using ES2017 async functions. In koa < 2.16.1 and < 3.0.0-alpha.5, passing untrusted user input to ctx.redirect() even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5. | 2025-04-09 | 5 | CVE-2025-32379 |
| n/a -- n/a | In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. | 2025-04-08 | 5.6 | CVE-2025-32414 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Salisbury Request Call Back allows Stored XSS. This issue affects Request Call Back: from n/a through 1.4.1. | 2025-04-09 | 5.9 | CVE-2025-32483 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in آریا وردپرس Aria Font allows Stored XSS. This issue affects Aria Font: from n/a through 1.4. | 2025-04-09 | 5.9 | CVE-2025-32488 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Wetterwarner allows Stored XSS. This issue affects Wetterwarner: from n/a through 2.7.2. | 2025-04-09 | 5.9 | CVE-2025-32489 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eliot Akira Admin Menu Post List allows Stored XSS. This issue affects Admin Menu Post List: from n/a through 2.0.7. | 2025-04-09 | 5.9 | CVE-2025-32492 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes BP Social Connect allows Stored XSS. This issue affects BP Social Connect: from n/a through 1.6.2. | 2025-04-09 | 5.9 | CVE-2025-32493 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor One Click Accessibility allows Stored XSS. This issue affects One Click Accessibility: from n/a through 3.1.0. | 2025-04-09 | 5.9 | CVE-2025-32640 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in ZealousWeb User Registration Using Contact Form 7 allows Cross Site Request Forgery. This issue affects User Registration Using Contact Form 7: from n/a through 2.2. | 2025-04-09 | 5.4 | CVE-2025-32679 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Grade Us, Inc. Review Stream allows Stored XSS. This issue affects Review Stream: from n/a through 1.6.7. | 2025-04-09 | 5.9 | CVE-2025-32680 |
| n/a -- n/a | Missing Authorization vulnerability in RomanCode MapSVG Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MapSVG Lite: from n/a through 8.5.32. | 2025-04-09 | 5 | CVE-2025-32684 |
| n/a -- n/a | A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php. | 2025-04-11 | 5.3 | CVE-2025-32807 |
| n/a -- n/a | The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the 'membership_id' user controlled key. This makes it possible for unauthenticated attackers to update any user's membership to any other active or non-active membership type. | 2025-04-12 | 5.3 | CVE-2025-3282 |
| n/a -- n/a | The The Everest Forms - Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | 2025-04-11 | 5.4 | CVE-2025-3422 |
| n/a -- n/a | IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-04-13 | 5.4 | CVE-2025-3423 |
| n/a -- n/a | A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-13 | 5.3 | CVE-2025-3537 |
| nik00726--Team Circle Image Slider With Lightbox | The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-04-08 | 4.9 | CVE-2019-25223 |
| Apple--iOS and iPadOS | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive user data. | 2025-04-11 | 4.3 | CVE-2023-38614 |
| Apple--iOS and iPadOS | Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and iPadOS 17. The issue was addressed with improved UI. | 2025-04-11 | 4 | CVE-2023-42973 |
| IBM--Sterling Control Center | IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system. | 2025-04-10 | 4 | CVE-2023-43035 |
| Lenovo--System x3550 M5 | An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory. | 2025-04-11 | 4.4 | CVE-2024-11679 |
| creativemotion--Clearfy Cache WordPress optimization plugin, Minify HTML, CSS & JS, Defer | The Clearfy Cache - WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcr_clearfy' page. This makes it possible for unauthenticated attackers to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-04-12 | 4.3 | CVE-2024-13337 |
| accredible--Accredible Certificates & Open Badges | The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-04-10 | 4.9 | CVE-2024-13909 |
| n/a -- n/a | EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability. | 2025-04-07 | 4.6 | CVE-2024-38797 |
| n/a -- n/a | 51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device. | 2025-04-08 | 4.3 | CVE-2024-47261 |
| n/a -- n/a | IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources. | 2025-04-11 | 4.3 | CVE-2024-51461 |
| n/a -- n/a | An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow. | 2025-04-08 | 4.9 | CVE-2024-52981 |
| Huawei--HarmonyOS | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-04-07 | 4.6 | CVE-2024-58106 |
| Huawei--HarmonyOS | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-04-07 | 4.6 | CVE-2024-58108 |
| Huawei--HarmonyOS | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-04-07 | 4.6 | CVE-2024-58109 |
| Huawei--HarmonyOS | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-04-07 | 4.6 | CVE-2024-58110 |
| Huawei--HarmonyOS | Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | 2025-04-07 | 4 | CVE-2024-58115 |
| Huawei--HarmonyOS | Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | 2025-04-07 | 4 | CVE-2024-58116 |
| n/a -- n/a | The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack | 2025-04-09 | 4.3 | CVE-2024-6857 |
| n/a -- n/a | The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack | 2025-04-09 | 4.3 | CVE-2024-6860 |
| n/a -- n/a | During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API. | 2025-04-08 | 4.3 | CVE-2025-0361 |
| n/a -- n/a | Improper handling of insufficient permission in Samsung Device Health Manager Service prior to SMR Apr-2025 Release 1 allows local attackers to access provider in SDMHS. | 2025-04-08 | 4 | CVE-2025-20940 |
| n/a -- n/a | Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID. | 2025-04-08 | 4.4 | CVE-2025-20942 |
| n/a -- n/a | Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch. | 2025-04-08 | 4 | CVE-2025-20945 |
| n/a -- n/a | Use of implicit intent for sensitive communication in SamsungNotes prior to version 4.4.26.45 allows local attackers to access sensitive information. | 2025-04-08 | 4 | CVE-2025-20950 |
| n/a -- n/a | Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers. | 2025-04-08 | 4.8 | CVE-2025-22459 |
| n/a -- n/a | Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges. | 2025-04-09 | 4.3 | CVE-2025-23407 |
| n/a -- n/a | CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in factory default mode. | 2025-04-09 | 4.2 | CVE-2025-2440 |
| n/a -- n/a | CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory default mode where the product does not correctly initialize all data. | 2025-04-09 | 4.6 | CVE-2025-2441 |
| n/a -- n/a | IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment. | 2025-04-09 | 4.9 | CVE-2025-25023 |
| n/a -- n/a | Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed. | 2025-04-09 | 4.3 | CVE-2025-25056 |
| n/a -- n/a | SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an attacker, without requiring any privileges, to inject malicious JavaScript into a website. When a user visits the compromised page, the injected script gets executed, potentially compromising the confidentiality and integrity within the scope of the victim�s browser. Availability is not impacted. | 2025-04-08 | 4.7 | CVE-2025-26653 |
| n/a -- n/a | Missing Authorization vulnerability in Brizy Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy Pro: from n/a through 2.6.1. | 2025-04-09 | 4.3 | CVE-2025-26901 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1. | 2025-04-09 | 4.3 | CVE-2025-26902 |
| n/a -- n/a | Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. | 2025-04-08 | 4.9 | CVE-2025-27085 |
| n/a -- n/a | Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | 2025-04-08 | 4.3 | CVE-2025-27188 |
| n/a -- n/a | Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website. | 2025-04-08 | 4.3 | CVE-2025-27189 |
| n/a -- n/a | Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on confidentiality and integrity of the application. | 2025-04-08 | 4.2 | CVE-2025-27435 |
| n/a -- n/a | A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further authorization and with no effect on availability. | 2025-04-08 | 4.3 | CVE-2025-27437 |
| n/a -- n/a | Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. | 2025-04-08 | 4.6 | CVE-2025-27441 |
| n/a -- n/a | Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. | 2025-04-08 | 4.6 | CVE-2025-27442 |
| n/a -- n/a | The WordPress Mega Menu - QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it possible for unauthenticated attackers to update any user meta to a value of one, including wp_capabilities which could result in a privilege deescalation of an administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-04-12 | 4.3 | CVE-2025-2871 |
| n/a -- n/a | A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0. | 2025-04-09 | 4.8 | CVE-2025-29018 |
| n/a -- n/a | BlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter in an /publish.php?act=del request. | 2025-04-10 | 4.3 | CVE-2025-29150 |
| n/a -- n/a | Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application. | 2025-04-08 | 4.1 | CVE-2025-30015 |
| n/a -- n/a | Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application. | 2025-04-08 | 4.4 | CVE-2025-30017 |
| n/a -- n/a | Missing Authorization vulnerability in Croover.inc Rich Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rich Table of Contents: from n/a through 1.4.0. | 2025-04-09 | 4.3 | CVE-2025-31004 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Uzair Easyfonts allows Cross Site Request Forgery. This issue affects Easyfonts: from n/a through 1.1.2. | 2025-04-09 | 4.3 | CVE-2025-31005 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in AboZain Albanna Customize Login Page allows Cross Site Request Forgery. This issue affects Customize Login Page: from n/a through 1.1. | 2025-04-09 | 4.3 | CVE-2025-31034 |
| n/a -- n/a | SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality. | 2025-04-08 | 4.3 | CVE-2025-31331 |
| n/a -- n/a | SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted. | 2025-04-08 | 4.3 | CVE-2025-31333 |
| n/a -- n/a | Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters. | 2025-04-11 | 4.3 | CVE-2025-31354 |
| n/a -- n/a | tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges (access to the site's source code or a CMS plugin) to enter a URL containing an insecure scheme such as javascript:alert(). Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript execution if a user clicked on a malicious link. An attacker with high privileges could insert a link exploiting an insecure URL scheme, leading to execution of arbitrary JavaScript code, theft of sensitive data through phishing attacks, or modification of the user interface behavior. This vulnerability is fixed in 1.20.1. | 2025-04-07 | 4.8 | CVE-2025-31476 |
| n/a -- n/a | Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform (formerly Azure AD v2.0 endpoint) and AAD B2C. This vulnerability affects confidential client applications, including daemons, web apps, and web APIs. Under specific circumstances, sensitive information such as client secrets or certificate details may be exposed in the service logs of these applications. Service logs are intended to be handled securely. Service logs generated at the information level or credential descriptions containing local file paths with passwords, Base64 encoded values, or Client secret. Additionally, logs of services using Base64 encoded certificates or certificate paths with password credential descriptions are also affected if the certificates are invalid or expired, regardless of the log level. Note that these credentials are not usable due to their invalid or expired status. To mitigate this vulnerability, update to Microsoft.Identity.Web 3.8.2 or Microsoft.Identity.Abstractions 9.0.0. | 2025-04-09 | 4.7 | CVE-2025-32016 |
| n/a -- n/a | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8. | 2025-04-08 | 4.2 | CVE-2025-32036 |
| n/a -- n/a | Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum allows Identity Spoofing. This issue affects Asgaros Forum: from n/a through 3.0.0. | 2025-04-10 | 4.3 | CVE-2025-32227 |
| n/a -- n/a | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8. | 2025-04-10 | 4.3 | CVE-2025-32228 |
| n/a -- n/a | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS. This issue affects Tutor LMS: from n/a through 3.4.0. | 2025-04-10 | 4.3 | CVE-2025-32230 |
| n/a -- n/a | Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort - Sortable, Rearrange Products Vagonic. This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort - Sortable, Rearrange Products Vagonic: from n/a through 1.9. | 2025-04-10 | 4.3 | CVE-2025-32236 |
| ays-pro -- survey_maker | Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker allows Identity Spoofing. This issue affects Survey Maker: from n/a through 5.1.5.4. | 2025-04-10 | 4.3 | CVE-2025-32275 |
| n/a -- n/a | Missing Authorization vulnerability in Shahjada Live Forms. This issue affects Live Forms: from n/a through 4.8.5. | 2025-04-08 | 4.3 | CVE-2025-32279 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics. This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.2.2. | 2025-04-10 | 4.3 | CVE-2025-32282 |
| n/a -- n/a | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4. | 2025-04-09 | 4.3 | CVE-2025-32371 |
| n/a -- n/a | MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). A reverse shell vulnerability exists in the module of function library. The vulnerability allow privileged users to create a reverse shell. This vulnerability is fixed in v1.10.4-lts. | 2025-04-10 | 4.3 | CVE-2025-32383 |
| n/a -- n/a | Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means (a delivered email). This would require access to the form's email notification settings. This has been fixed in Formie 2.1.44. | 2025-04-11 | 4.6 | CVE-2025-32426 |
| n/a -- n/a | GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. | 2025-04-09 | 4 | CVE-2025-32460 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Bjoern WP Performance Pack allows Cross Site Request Forgery. This issue affects WP Performance Pack: from n/a through 2.5.4. | 2025-04-09 | 4.3 | CVE-2025-32485 |
| n/a -- n/a | Server-Side Request Forgery (SSRF) vulnerability in Joe Waymark allows Server Side Request Forgery. This issue affects Waymark: from n/a through 1.5.2. | 2025-04-09 | 4.9 | CVE-2025-32487 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Jetpack allows Cross Site Request Forgery. This issue affects reCAPTCHA Jetpack: from n/a through 0.2.2. | 2025-04-09 | 4.3 | CVE-2025-32494 |
| n/a -- n/a | Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Show Stats allows Cross Site Request Forgery. This issue affects WP Show Stats: from n/a through 1.5. | 2025-04-09 | 4.3 | CVE-2025-32678 |
| n/a -- n/a | Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.4. | 2025-04-09 | 4.9 | CVE-2025-32691 |
| n/a -- n/a | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress allows Phishing. This issue affects WebinarPress: from n/a through 1.33.27. | 2025-04-09 | 4.7 | CVE-2025-32693 |
| n/a -- n/a | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Rustaurius Ultimate WP Mail allows Phishing. This issue affects Ultimate WP Mail: from n/a through 1.3.2. | 2025-04-09 | 4.7 | CVE-2025-32694 |
| n/a -- n/a | In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. | 2025-04-10 | 4.3 | CVE-2025-32728 |
| n/a -- n/a | The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_update_profile_details() due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to update other user's passwords, if they have access to the user ID and email. | 2025-04-12 | 4.3 | CVE-2025-3292 |
| n/a -- n/a | A vulnerability classified as problematic was found in hailey888 oa_system up to 2025.01.01. This vulnerability affects the function loginCheck of the file cn/gson/oasys/controller/login/LoginsController.java of the component Frontend. The manipulation of the argument Username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | 2025-04-07 | 4.3 | CVE-2025-3388 |
| yzmcms -- yzmcms | A vulnerability classified as problematic has been found in YzmCMS 7.1. Affected is an unknown function of the file message.tpl. The manipulation of the argument gourl leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 4.3 | CVE-2025-3397 |
| n/a -- n/a | A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /rest/cliente/ObterPedido/ of the component HTTP GET Request Handler. The manipulation of the argument ORDER_ID leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 4.3 | CVE-2025-3405 |
| n/a -- n/a | A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 4.3 | CVE-2025-3406 |
| n/a -- n/a | The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-04-08 | 4.9 | CVE-2025-3427 |
| n/a -- n/a | The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-04-08 | 4.9 | CVE-2025-3428 |
| n/a -- n/a | The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-04-08 | 4.9 | CVE-2025-3429 |
| n/a -- n/a | The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printer_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-04-08 | 4.9 | CVE-2025-3430 |
| n/a -- n/a | The Motors - Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajax_actions.php file in all versions up to, and including, 1.4.66. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute several initial set-up actions. | 2025-04-08 | 4.3 | CVE-2025-3437 |
| n/a -- n/a | A vulnerability was found in Nababur Simple-User-Management-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument name/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-10 | 4.3 | CVE-2025-3489 |
| n/a -- n/a | A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-13 | 4.3 | CVE-2025-3531 |
| n/a -- n/a | A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-13 | 4.3 | CVE-2025-3532 |
| n/a -- n/a | A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-13 | 4.3 | CVE-2025-3533 |
| n/a -- n/a | A vulnerability has been found in shuanx BurpAPIFinder up to 2.0.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file BurpApiFinder.db. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-13 | 4.3 | CVE-2025-3535 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Apple--iOS and iPadOS | An app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. The issue was addressed with improved handling of caches. | 2025-04-11 | 3.3 | CVE-2023-42969 |
| n/a -- n/a | A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device | 2025-04-08 | 3.1 | CVE-2024-50565 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | 2025-04-07 | 3.3 | CVE-2025-20102 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | 2025-04-07 | 3.3 | CVE-2025-22452 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | 2025-04-07 | 3.3 | CVE-2025-22842 |
| n/a -- n/a | Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. | 2025-04-10 | 3.3 | CVE-2025-23378 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write. | 2025-04-07 | 3.3 | CVE-2025-24304 |
| n/a -- n/a | An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users. | 2025-04-10 | 3.7 | CVE-2025-2469 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. | 2025-04-07 | 3.3 | CVE-2025-25057 |
| n/a -- n/a | Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues. | 2025-04-10 | 3.1 | CVE-2025-26479 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. | 2025-04-07 | 3.3 | CVE-2025-27534 |
| n/a -- n/a | Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to BIOS upgrade denial. | 2025-04-10 | 3.1 | CVE-2025-29989 |
| n/a -- n/a | Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used for an Element Call call. Version 1.11.97 fixes the problem. | 2025-04-08 | 3.8 | CVE-2025-32026 |
| n/a -- n/a | CodeLit CourseLit before 0.57.5 allows Parameter Tampering via a payment plan associated with the wrong entity. | 2025-04-11 | 3.1 | CVE-2025-32816 |
| iteaj -- iboot | A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 3.5 | CVE-2025-3326 |
| iteaj -- iboot | A vulnerability was found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This issue affects some unknown processing of the file /common/upload/batch of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 3.5 | CVE-2025-3327 |
| consumer -- comanda_mobile | A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmission of sensitive information. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 3.1 | CVE-2025-3329 |
| Red Hat--Red Hat Enterprise Linux 6 | A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. | 2025-04-07 | 3.7 | CVE-2025-3360 |
| n/a -- n/a | A vulnerability classified as problematic has been found in renrenio renren-security up to 5.4.0. This affects an unknown part of the component JSON Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 3.5 | CVE-2025-3387 |
| n/a -- n/a | A vulnerability, which was classified as problematic, has been found in hailey888 oa_system up to 2025.01.01. This issue affects the function testMess of the file cn/gson/oasys/controller/inform/InformManageController.java of the component Backend. The manipulation of the argument menu leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | 2025-04-08 | 3.5 | CVE-2025-3389 |
| n/a -- n/a | A vulnerability, which was classified as problematic, was found in hailey888 oa_system up to 2025.01.01. Affected is the function addandchangeday of the file cn/gson/oass/controller/daymanager/DaymanageController.java of the component Backend. The manipulation of the argument scheduleList leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | 2025-04-08 | 3.5 | CVE-2025-3390 |
| n/a -- n/a | A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this vulnerability is the function outAddress of the file cn/gson/oass/controller/address/AddrController. java of the component Backend. The manipulation of the argument outtype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | 2025-04-08 | 3.5 | CVE-2025-3391 |
| n/a -- n/a | A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this issue is the function Save of the file cn/gson/oasys/controller/mail/MailController.java of the component Backend. The manipulation of the argument MailNumberId leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | 2025-04-08 | 3.5 | CVE-2025-3392 |
| n/a -- n/a | A vulnerability was found in mrcen springboot-ucan-admin up to 5f35162032cbe9288a04e429ef35301545143509. It has been classified as problematic. This affects an unknown part of the file /ucan-admin/index of the component Personal Settings Interface. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | 2025-04-08 | 3.5 | CVE-2025-3393 |
| n/a -- n/a | A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string. | 2025-04-08 | 3.7 | CVE-2025-3416 |
| n/a -- n/a | A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server. | 2025-04-08 | 2.3 | CVE-2024-32122 |
| n/a -- n/a | An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code. | 2025-04-08 | 2.7 | CVE-2025-22855 |
| n/a -- n/a | Mattermost versions 9.11.x <= 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs. | 2025-04-10 | 2.7 | CVE-2025-24866 |
| n/a -- n/a | Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction. | 2025-04-08 | 2.7 | CVE-2025-27192 |
| n/a -- n/a | Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access. | 2025-04-08 | 2.8 | CVE-2025-27443 |
| n/a -- n/a | Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | 2025-04-07 | 2.7 | CVE-2025-27686 |
| n/a -- n/a | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze allows Retrieve Embedded Sensitive Data. This issue affects Squeeze: from n/a through 1.6. | 2025-04-09 | 2.7 | CVE-2025-31003 |
| n/a -- n/a | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2. | 2025-04-08 | 2.6 | CVE-2025-32035 |
| n/a -- n/a | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms. This issue affects Piotnet Forms: from n/a through 1.0.30. | 2025-04-10 | 2.7 | CVE-2025-32205 |
| n/a -- n/a | A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Classification Management Page. The manipulation of the argument Classification name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 2.4 | CVE-2025-3385 |
| n/a -- n/a | A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin#links of the component Friendship Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-07 | 2.4 | CVE-2025-3386 |
| n/a -- n/a | A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101. It has been classified as problematic. Affected is an unknown function of the component HTML Form Handler. The manipulation leads to inclusion of sensitive information in source code. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-04-08 | 2.7 | CVE-2025-3403 |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Apple--iOS and iPadOS | A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandboxed process may be able to circumvent sandbox restrictions. | 2025-04-11 | not yet calculated | CVE-2023-42961 |
| Apple--macOS | Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks. | 2025-04-11 | not yet calculated | CVE-2023-42982 |
| Apple--macOS | Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks. | 2025-04-11 | not yet calculated | CVE-2023-42983 |
| ESET, spol. s r.o.--ESET NOD32 Antivirus | DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code. | 2025-04-07 | not yet calculated | CVE-2024-11859 |
| n/a -- n/a | Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host. | 2025-04-10 | not yet calculated | CVE-2024-38865 |
| n/a -- n/a | A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses. | 2025-04-13 | not yet calculated | CVE-2024-56406 |
| n/a -- n/a | A command injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system running Broker VM. | 2025-04-11 | not yet calculated | CVE-2025-0119 |
| n/a -- n/a | A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit. | 2025-04-11 | not yet calculated | CVE-2025-0120 |
| n/a -- n/a | A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it. | 2025-04-11 | not yet calculated | CVE-2025-0121 |
| n/a -- n/a | A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet processing capabilities of the device by sending a burst of crafted packets to that device. | 2025-04-11 | not yet calculated | CVE-2025-0122 |
| n/a -- n/a | A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted. In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to configure decryption port mirroring https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring . The administrator must obtain network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. Risk of this issue can be greatly reduced by restricting access to the management interface to only trusted administrators and from only internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Customer firewall administrators do not have access to the packet capture feature in Cloud NGFW. This feature is available only to authorized Palo Alto Networks personnel permitted to perform troubleshooting. Prisma® Access is not impacted by this vulnerability. | 2025-04-11 | not yet calculated | CVE-2025-0123 |
| n/a -- n/a | An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the "nobody" user; this includes limited logs and configuration files but does not include system files. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue affects Cloud NGFW. However, this issue does not affect Prisma® Access software. | 2025-04-11 | not yet calculated | CVE-2025-0124 |
| n/a -- n/a | An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW and all Prisma® Access instances. | 2025-04-11 | not yet calculated | CVE-2025-0125 |
| n/a -- n/a | When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched. | 2025-04-11 | not yet calculated | CVE-2025-0126 |
| n/a -- n/a | A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | 2025-04-11 | not yet calculated | CVE-2025-0127 |
| n/a -- n/a | A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Cloud NGFW is not affected by this vulnerability. Prisma® Access software is proactively patched and protected from this issue. | 2025-04-11 | not yet calculated | CVE-2025-0128 |
| n/a -- n/a | Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser | 2025-04-11 | not yet calculated | CVE-2025-0129 |
| n/a -- n/a | In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself. | 2025-04-10 | not yet calculated | CVE-2025-0539 |
| n/a -- n/a | When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream. | 2025-04-11 | not yet calculated | CVE-2025-1386 |
| n/a -- n/a | In the Linux kernel, the following vulnerability has been resolved: regulator: check that dummy regulator has been probed before using it Due to asynchronous driver probing there is a chance that the dummy regulator hasn't already been probed when first accessing it. | 2025-04-08 | not yet calculated | CVE-2025-22008 |
| n/a -- n/a | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several problems with the way hyp code lazily saves the host's FPSIMD/SVE state, including: * Host SVE being discarded unexpectedly due to inconsistent configuration of TIF_SVE and CPACR_ELx.ZEN. This has been seen to result in QEMU crashes where SVE is used by memmove(), as reported by Eric Auger: https://issues.redhat.com/browse/RHEL-68997 * Host SVE state is discarded *after* modification by ptrace, which was an unintentional ptrace ABI change introduced with lazy discarding of SVE state. * The host FPMR value can be discarded when running a non-protected VM, where FPMR support is not exposed to a VM, and that VM uses FPSIMD/SVE. In these cases the hyp code does not save the host's FPMR before unbinding the host's FPSIMD/SVE/SME state, leaving a stale value in memory. Avoid these by eagerly saving and "flushing" the host's FPSIMD/SVE/SME state when loading a vCPU such that KVM does not need to save any of the host's FPSIMD/SVE/SME state. For clarity, fpsimd_kvm_prepare() is removed and the necessary call to fpsimd_save_and_flush_cpu_state() is placed in kvm_arch_vcpu_load_fp(). As 'fpsimd_state' and 'fpmr_ptr' should not be used, they are set to NULL; all uses of these will be removed in subsequent patches. Historical problems go back at least as far as v5.17, e.g. erroneous assumptions about TIF_SVE being clear in commit: 8383741ab2e773a9 ("KVM: arm64: Get rid of host SVE tracking/saving") ... and so this eager save+flush probably needs to be backported to ALL stable trees. | 2025-04-08 | not yet calculated | CVE-2025-22013 |
| n/a -- n/a | In the Linux kernel, the following vulnerability has been resolved: mm/migrate: fix shmem xarray update during migration A shmem folio can be either in page cache or in swap cache, but not at the same time. Namely, once it is in swap cache, folio->mapping should be NULL, and the folio is no longer in a shmem mapping. In __folio_migrate_mapping(), to determine the number of xarray entries to update, folio_test_swapbacked() is used, but that conflates shmem in page cache case and shmem in swap cache case. It leads to xarray multi-index entry corruption, since it turns a sibling entry to a normal entry during xas_store() (see [1] for a userspace reproduction). Fix it by only using folio_test_swapcache() to determine whether xarray is storing swap cache entries or not to choose the right number of xarray entries to update. [1] https://lore.kernel.org/linux-mm/Z8idPCkaJW1IChjT@casper.infradead.org/ Note: In __split_huge_page(), folio_test_anon() && folio_test_swapcache() is used to get swap_cache address space, but that ignores the shmem folio in swap cache case. It could lead to NULL pointer dereferencing when a in-swap-cache shmem folio is split at __xa_store(), since !folio_test_anon() is true and folio->mapping is NULL. But fortunately, its caller split_huge_page_to_list_to_order() bails out early with EBUSY when folio->mapping is NULL. So no need to take care of it here. | 2025-04-08 | not yet calculated | CVE-2025-22015 |
| n/a -- n/a | In the Linux kernel, the following vulnerability has been resolved: dpll: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false. Which can lead to dereference not allocated pointer (pin). Fix it by checking if err is lower than zero. This wasn't found in real usecase, only noticed. Credit to Pierre. | 2025-04-08 | not yet calculated | CVE-2025-22016 |
| n/a -- n/a | In the Linux kernel, the following vulnerability has been resolved: devlink: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false. Which can lead to dereference not allocated pointer (rel). Fix it by checking if err is lower than zero. This wasn't found in real usecase, only noticed. Credit to Pierre. | 2025-04-08 | not yet calculated | CVE-2025-22017 |
| n/a -- n/a | A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx's CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched in versions after 1.1.3. Leaving this vulnerability unpatched could lead to unauthorized access to the underlying infrastructure. | 2025-04-10 | not yet calculated | CVE-2025-22374 |
| n/a -- n/a | An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a patch has been made available to all instances of CyberAudit-Web, including the versions that are End of Maintenance (EOM). Anyone that requires support with the resolution of this issue can contact support@videx.com for assistance. | 2025-04-10 | not yet calculated | CVE-2025-22375 |
| n/a -- n/a | A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | 2025-04-08 | not yet calculated | CVE-2025-2285 |
| n/a -- n/a | A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | 2025-04-08 | not yet calculated | CVE-2025-2286 |
| n/a -- n/a | A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | 2025-04-08 | not yet calculated | CVE-2025-2287 |
| n/a -- n/a | The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. | 2025-04-08 | not yet calculated | CVE-2025-22871 |
| n/a -- n/a | A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | 2025-04-08 | not yet calculated | CVE-2025-2288 |
| n/a -- n/a | A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | 2025-04-08 | not yet calculated | CVE-2025-2293 |
| n/a -- n/a | Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can be mitigated by restricting log access to only trusted users. Users are recommended to upgrade to version 2.40.0, which fixes the issue. | 2025-04-09 | not yet calculated | CVE-2025-27391 |
| n/a -- n/a | Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to use the insecure rand() function. | 2025-04-13 | not yet calculated | CVE-2025-2814 |
| n/a -- n/a | A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | 2025-04-08 | not yet calculated | CVE-2025-2829 |
| n/a -- n/a | An insecure permissions vulnerability in verydows v2.0 allows a remote attacker to execute arbitrary code by uploading a file type. | 2025-04-09 | not yet calculated | CVE-2025-29394 |
| n/a -- n/a | libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't many ways to create a "multiband" input, but it is possible with a well-crafted TIFF image. If a "multiband" TIFF input image had 4 channels and HEIF-based output was requested, this led to libvips creating a 3 channel HEIF image without an alpha channel but then attempting to write 4 channels of data. This caused a heap buffer overflow, which could crash the process. This vulnerability is fixed in 8.16.1. | 2025-04-07 | not yet calculated | CVE-2025-29769 |
| n/a -- n/a | Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates clearly that there is no account for this customer. In contrast you get a success response if the account was found. This vulnerability is fixed in Shopware 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. | 2025-04-08 | not yet calculated | CVE-2025-30150 |
| n/a -- n/a | Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6. | 2025-04-08 | not yet calculated | CVE-2025-30166 |
| n/a -- n/a | Apache Pulsar contains multiple connectors for integrating with Apache Kafka. The Pulsar IO Apache Kafka Source Connector, Sink Connector, and Kafka Connect Adaptor Sink Connector log sensitive configuration properties in plain text in application logs. This vulnerability can lead to unintended exposure of credentials in log files, potentially allowing attackers with access to these logs to obtain Apache Kafka credentials. The vulnerability's impact is limited by the fact that an attacker would need access to the application logs to exploit this issue. This issue affects Apache Pulsar IO's Apache Kafka connectors in all versions before 3.0.11, 3.3.6, and 4.0.4. 3.0.x version users should upgrade to at least 3.0.11. 3.3.x version users should upgrade to at least 3.3.6. 4.0.x version users should upgrade to at least 4.0.4. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. | 2025-04-09 | not yet calculated | CVE-2025-30677 |
| n/a -- n/a | Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls. | 2025-04-09 | not yet calculated | CVE-2025-3114 |
| n/a -- n/a | Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution | 2025-04-09 | not yet calculated | CVE-2025-3115 |
| n/a -- n/a | Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available. The vendor provides the workaround information and recommends to apply it to the deployment environment. | 2025-04-11 | not yet calculated | CVE-2025-31362 |
| n/a -- n/a | c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5. | 2025-04-08 | not yet calculated | CVE-2025-31498 |
| n/a -- n/a | Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry. This issue affects Apache POI poi-ooxml before 5.4.0. poi-ooxml 5.4.0 has a check that throws an exception if zip entries with duplicate file names are found in the input file. Users are recommended to upgrade to version poi-ooxml 5.4.0, which fixes the issue. Please read https://poi.apache.org/security.html for recommendations about how to use the POI libraries securely. | 2025-04-09 | not yet calculated | CVE-2025-31672 |
| n/a -- n/a | Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console. The vendor provides the workaround information and recommends to apply it to the deployment environment. | 2025-04-11 | not yet calculated | CVE-2025-31932 |
| n/a -- n/a | estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named __proto__, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3. | 2025-04-07 | not yet calculated | CVE-2025-32014 |
| n/a -- n/a | The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Improper neutralization of the order/sort parameter in the TypeORM adapter, which allows SQL injection. You are impacted by this vulnerability if you are using the TypeORM adapter, ordering is enabled and you have not set-up a property filter. This vulnerability is fixed in 0.1.0. | 2025-04-08 | not yet calculated | CVE-2025-32020 |
| n/a -- n/a | bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to construct denial-of-service attacks. v0.10.0 added LimitNumTags (default 5000) and LimitTagSize (default 10000) options. | 2025-04-08 | not yet calculated | CVE-2025-32024 |
| n/a -- n/a | bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably high for image metadata. Before v0.11.0, If you didn't trust the input images, this could be abused to construct denial-of-service attacks. v0.11.0 added a 10 MB upper limit. | 2025-04-08 | not yet calculated | CVE-2025-32025 |
| n/a -- n/a | ts-asn1-der is a collection of utility classes to encode ASN.1 data following DER rule. Incorrect number DER encoding can lead to denial on service for absolute values in the range 2**31 -- 2**32 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a negative result upon applying the >> operator, leading to an infinite loop. The issue is patched in version 1.0.4. If upgrading is not an option, the issue can be mitigated by validating inputs to Asn1Integer to ensure that they are not smaller than -2**31 + 1 and no larger than 2**31 - 1. | 2025-04-07 | not yet calculated | CVE-2025-32029 |
| n/a -- n/a | Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Growth Experiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Growth Experiments Extension: from 1.39 through 1.43. | 2025-04-11 | not yet calculated | CVE-2025-32067 |
| n/a -- n/a | Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43. | 2025-04-11 | not yet calculated | CVE-2025-32068 |
| n/a -- n/a | Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43. | 2025-04-11 | not yet calculated | CVE-2025-32069 |
| n/a -- n/a | Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - AJAX Poll Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - AJAX Poll Extension: from 1.39 through 1.43. | 2025-04-11 | not yet calculated | CVE-2025-32070 |
| n/a -- n/a | Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting (XSS) from widthheight message via ImageHandler::getDimensionsString()This issue affects Mediawiki - Wikidata Extension: from 1.39 through 1.43. | 2025-04-11 | not yet calculated | CVE-2025-32071 |
| n/a -- n/a | Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43. | 2025-04-11 | not yet calculated | CVE-2025-32072 |
| n/a -- n/a | Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43. | 2025-04-11 | not yet calculated | CVE-2025-32073 |
| n/a -- n/a | Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43. | 2025-04-11 | not yet calculated | CVE-2025-32074 |
| n/a -- n/a | Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Tabs Extension allows Code Injection.This issue affects Mediawiki - Tabs Extension: from 1.39 through 1.43. | 2025-04-11 | not yet calculated | CVE-2025-32075 |
| n/a -- n/a | Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Visual Data Extension allows HTTP DoS.This issue affects Mediawiki - Visual Data Extension: from 1.39 through 1.43. | 2025-04-11 | not yet calculated | CVE-2025-32076 |
| n/a -- n/a | Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Extension:SimpleCalendar allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Extension:SimpleCalendar: from 1.39 through 1.43. | 2025-04-11 | not yet calculated | CVE-2025-32077 |
| n/a -- n/a | Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43. | 2025-04-11 | not yet calculated | CVE-2025-32078 |
| n/a -- n/a | Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43. | 2025-04-11 | not yet calculated | CVE-2025-32079 |
| n/a -- n/a | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Mobile Frontend Extension allows Shared Resource Manipulation.This issue affects Mediawiki - Mobile Frontend Extension: from 1.39 through 1.43. | 2025-04-11 | not yet calculated | CVE-2025-32080 |
| n/a -- n/a | OS command injection vulnerability exists in Deco BE65 Pro firmware versions prior to "Deco BE65 Pro(JP)_V1_1.1.2 Build 20250123". If this vulnerability is exploited, an arbitrary OS command may be executed by the user who can log in to the device. | 2025-04-11 | not yet calculated | CVE-2025-32107 |
| n/a -- n/a | Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registered customers set to disabled, and Log-in & sign-up: Double opt-in on sign-up set to disabled. With these settings, anyone can register an account on the shop using any e-mail-address and then check the check-box in the account page to sign up for the newsletter. The recipient will receive two mails confirming registering and signing up for the newsletter, no confirmation link needed to be clicked for either. In the backend the recipient is set to "instantly active". This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. | 2025-04-09 | not yet calculated | CVE-2025-32378 |
| n/a -- n/a | Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase (either updating a password or changing password to private key or vice versa), Metabase would not always purge older Snowflake connection details from the application database. In order to remove older and stale connection details, Metabase would try one connection method at a time and purge all the other connection methods from the application database. When Metabase found a connection that worked, it would log (log/infof "Successfully connected, migrating to: %s" (pr-str test-details)) which would then print the username and password to the logger. This is fixed in 52.17.1, 53.9.5 and 54.1.5 in both the OSS and enterprise editions. Versions 51 and lower are not impacted. | 2025-04-10 | not yet calculated | CVE-2025-32382 |
| n/a -- n/a | Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec (RFC 9112) does not allow # in request-target. Although an attacker can send such a request. For those requests with an invalid request-line (it includes request-target), the spec recommends to reject them with 400 or 301. The same can be said for HTTP 2. On Node and Bun, those requests are not rejected internally and is passed to the user land. For those requests, the value of http.IncomingMessage.url contains #. Vite assumed req.url won't contain # when checking server.fs.deny, allowing those kinds of requests to bypass the check. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) and running the Vite dev server on runtimes that are not Deno (e.g. Node, Bun) are affected. This vulnerability is fixed in 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13. | 2025-04-10 | not yet calculated | CVE-2025-32395 |
| n/a -- n/a | Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who have themselves exported the form from one environment to another, and would require direct manipulation of the JSON export, this is marked as moderate. This vulnerability will not occur unless someone deliberately tampers with the export. This vulnerability is fixed in 2.1.44. | 2025-04-11 | not yet calculated | CVE-2025-32427 |
| n/a -- n/a | Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1. | 2025-04-10 | not yet calculated | CVE-2025-32696 |
| n/a -- n/a | Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki: before 1.42.6, 1.43.1. | 2025-04-10 | not yet calculated | CVE-2025-32697 |
| n/a -- n/a | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1. | 2025-04-10 | not yet calculated | CVE-2025-32698 |
| n/a -- n/a | Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2. | 2025-04-10 | not yet calculated | CVE-2025-32699 |
| n/a -- n/a | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php, includes/View/AbuseFilterViewExamine.Php. This issue affects AbuseFilter: from >= 1.43.0 before 1.43.1. | 2025-04-10 | not yet calculated | CVE-2025-32700 |
| n/a -- n/a | A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | 2025-04-08 | not yet calculated | CVE-2025-3285 |
| n/a -- n/a | A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | 2025-04-08 | not yet calculated | CVE-2025-3286 |
| n/a -- n/a | A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | 2025-04-08 | not yet calculated | CVE-2025-3287 |
| n/a -- n/a | A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | 2025-04-08 | not yet calculated | CVE-2025-3288 |
| n/a -- n/a | A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | 2025-04-08 | not yet calculated | CVE-2025-3289 |
| n/a -- n/a | The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the "Object Marshalling" technique, which allows an attacker to read internal files without any authentication. This is possible by crafting specific .NET Remoting URLs derived from information enumerated in the client-side configuration files. This issue affects IntelliSpace Portal: 12 and prior. | 2025-04-07 | not yet calculated | CVE-2025-3424 |
| n/a -- n/a | The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the deserialization vulnerability. After analyzing the configuration files, we observed that the server had set the TypeFilterLevel to Full which is dangerous as it can potentially lead to remote code execution using deserialization. This issue affects IntelliSpace Portal: 12 and prior. | 2025-04-07 | not yet calculated | CVE-2025-3425 |
| n/a -- n/a | We observed that Intellispace Portal binaries doesn't have any protection mechanisms to prevent reverse engineering. Specifically, the app's code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-engineer the application to gain insights into its internal workings, which can potentially lead to the discovery of sensitive information, business logic flaws, and other vulnerabilities. Utilizing this flaw, the attacker was able to identify the Hardcoded credentials from PortalUsersDatabase.dll, which contains .NET remoting definition. Inside the namespace PortalUsersDatabase, the class Users contains the functions CreateAdmin and CreateService that are used to initialize accounts in the Portal service. Both CreateAdmin and CreateService functions contain a hardcoded encrypted password along with its respective salt that are set with the function SetInitialPasswordAndSalt. This issue affects IntelliSpace Portal: 12 and prior; Advanced Visualization Workspace: 15. | 2025-04-07 | not yet calculated | CVE-2025-3426 |
| n/a -- n/a | This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. | 2025-04-09 | not yet calculated | CVE-2025-3442 |
| n/a -- n/a | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1. | 2025-04-10 | not yet calculated | CVE-2025-3469 |
| n/a -- n/a | There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later. | 2025-04-11 | not yet calculated | CVE-2025-3512 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.