High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
---|---|---|---|---|
n/a — n/a
|
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1. | 2025-03-27 | 10 | CVE-2025-2857 |
Fortinet–FortiSwitchManager |
A buffer underwrite (‘buffer underflow’) vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. | 2025-03-24 | 9.8 | CVE-2023-25610 |
n/a–n/a |
SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GEST_LOGIN parameter. | 2025-03-25 | 9.8 | CVE-2024-42533 |
Red Hat–Red Hat |
A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance. | 2025-03-26 | 9.8 | CVE-2024-47516 |
n/a–n/a |
An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to execute arbitrary code. | 2025-03-25 | 9.8 | CVE-2024-48818 |
n/a–n/a |
A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file. | 2025-03-25 | 9.8 | CVE-2024-55028 |
n/a–n/a |
A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands. | 2025-03-25 | 9.8 | CVE-2024-55030 |
n/a–n/a |
An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query. | 2025-03-26 | 9.8 | CVE-2024-55964 |
n/a — n/a
|
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | 2025-03-25 | 9.8 | CVE-2025-1974 |
n/a — n/a
|
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it can be leveraged to completely compromise the operating system. Dell recommends customers to upgrade at the earliest opportunity. | 2025-03-28 | 9.8 | CVE-2025-22398 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0. | 2025-03-28 | 9.3 | CVE-2025-22523 |
n/a — n/a
|
Deserialization of Untrusted Data vulnerability in NotFound PHP/MySQL CPU performance statistics allows Object Injection. This issue affects PHP/MySQL CPU performance statistics: from n/a through 1.2.1. | 2025-03-28 | 9.8 | CVE-2025-22526 |
n/a — n/a
|
The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-03-29 | 9.8 | CVE-2025-2266 |
n/a — n/a
|
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2025-03-28 | 9.8 | CVE-2025-2294 |
n/a — n/a
|
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the ‘returnMetaValueAsCustomerInput’ function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | 2025-03-27 | 9.8 | CVE-2025-2332 |
n/a — n/a
|
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity. | 2025-03-28 | 9.1 | CVE-2025-24383 |
n/a — n/a
|
The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform. | 2025-03-25 | 9.8 | CVE-2025-25373 |
n/a — n/a
|
HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request. | 2025-03-26 | 9.8 | CVE-2025-25535 |
n/a — n/a
|
semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php. | 2025-03-27 | 9.8 | CVE-2025-25686 |
n/a — n/a
|
Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost. | 2025-03-26 | 9.8 | CVE-2025-26002 |
n/a — n/a
|
Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest. | 2025-03-26 | 9.8 | CVE-2025-26003 |
n/a — n/a
|
Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns. | 2025-03-26 | 9.8 | CVE-2025-26004 |
n/a — n/a
|
Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp. | 2025-03-26 | 9.8 | CVE-2025-26005 |
n/a — n/a
|
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest. | 2025-03-26 | 9.8 | CVE-2025-26006 |
n/a — n/a
|
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi. | 2025-03-26 | 9.8 | CVE-2025-26007 |
n/a — n/a
|
In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost. | 2025-03-26 | 9.8 | CVE-2025-26008 |
n/a — n/a
|
Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword. | 2025-03-26 | 9.8 | CVE-2025-26010 |
n/a — n/a
|
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword. | 2025-03-26 | 9.8 | CVE-2025-26011 |
n/a — n/a
|
SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. | 2025-03-24 | 9.9 | CVE-2025-26512 |
n/a — n/a
|
Deserialization of Untrusted Data vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. | 2025-03-27 | 9 | CVE-2025-26873 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. | 2025-03-27 | 9.3 | CVE-2025-26898 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01. | 2025-03-27 | 9.6 | CVE-2025-26909 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Andy Moyle Church Admin allows SQL Injection.This issue affects Church Admin: from n/a through 5.0.18. | 2025-03-26 | 9.3 | CVE-2025-26941 |
n/a — n/a
|
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172. | 2025-03-24 | 9.8 | CVE-2025-2746 |
n/a — n/a
|
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178. | 2025-03-24 | 9.8 | CVE-2025-2747 |
n/a — n/a
|
An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c. | 2025-03-25 | 9.8 | CVE-2025-27831 |
n/a — n/a
|
An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. | 2025-03-25 | 9.8 | CVE-2025-27832 |
n/a — n/a
|
An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. | 2025-03-25 | 9.8 | CVE-2025-27836 |
n/a — n/a
|
An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp. | 2025-03-25 | 9.8 | CVE-2025-27837 |
n/a — n/a
|
TOTOLINK A800R V4.1.2cu.5137_B20200730 contains a remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | 2025-03-27 | 9.8 | CVE-2025-28138 |
n/a — n/a
|
CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access. | 2025-03-26 | 9.8 | CVE-2025-2825 |
n/a — n/a
|
Improper Control of Generation of Code (‘Code Injection’) vulnerability in NotFound Visual Text Editor allows Remote Code Inclusion. This issue affects Visual Text Editor: from n/a through 1.2.1. | 2025-03-26 | 9.9 | CVE-2025-28893 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound WP Multistore Locator allows SQL Injection. This issue affects WP Multistore Locator: from n/a through 2.5.2. | 2025-03-26 | 9.3 | CVE-2025-28898 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Shamalli Web Directory Free allows Blind SQL Injection. This issue affects Web Directory Free: from n/a through 1.7.6. | 2025-03-25 | 9.3 | CVE-2025-28904 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in NotFound Docpro allows PHP Local File Inclusion. This issue affects Docpro: from n/a through 2.0.1. | 2025-03-26 | 9.8 | CVE-2025-28916 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Trust Payments Trust Payments Gateway for WooCommerce allows SQL Injection. This issue affects Trust Payments Gateway for WooCommerce: from n/a through 1.1.4. | 2025-03-26 | 9.3 | CVE-2025-28942 |
n/a — n/a
|
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list. | 2025-03-24 | 9.8 | CVE-2025-29100 |
n/a — n/a
|
A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function. | 2025-03-24 | 9.8 | CVE-2025-29135 |
n/a — n/a
|
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. | 2025-03-27 | 9.8 | CVE-2025-29306 |
n/a — n/a
|
An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information. | 2025-03-24 | 9.8 | CVE-2025-29310 |
n/a — n/a
|
An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct. | 2025-03-24 | 9.1 | CVE-2025-29312 |
n/a — n/a
|
An issue in the Shiro-based RBAC (Role-based Access Control) mechanism of OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request. | 2025-03-24 | 9.8 | CVE-2025-29315 |
n/a — n/a
|
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet’s total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer `p_new_dec_frame`. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f. | 2025-03-25 | 9.4 | CVE-2025-30216 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in origincode Product Catalog allows SQL Injection. This issue affects Product Catalog: from n/a through 1.0.4. | 2025-03-26 | 9.3 | CVE-2025-30524 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Logos allows SQL Injection. This issue affects Awesome Logos: from n/a through 1.2. | 2025-03-24 | 9.3 | CVE-2025-30528 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email allows Code Injection. This issue affects WP e-Commerce Style Email: from n/a through 0.6.2. | 2025-03-24 | 9.6 | CVE-2025-30615 |
Unknown–Booknetic |
The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack | 2025-03-26 | 8.8 | CVE-2024-13146 |
Unknown–aoa-downloadable |
The aoa-downloadable WordPress plugin through 0.1.0 doesn’t validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server | 2025-03-25 | 8.6 | CVE-2024-13617 |
xenioushk–BWL Advanced FAQ Manager |
The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the ‘baf_set_notice_status’ AJAX action in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to ‘1’ on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. | 2025-03-26 | 8.1 | CVE-2024-13801 |
Xiaomi–Xiaomi smarthome application |
An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. | 2025-03-27 | 8.8 | CVE-2024-45352 |
NotFound–PluginPass |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in NotFound PluginPass allows Manipulating Web Input to File System Calls. This issue affects PluginPass: from n/a through 0.9.10. | 2025-03-28 | 8.6 | CVE-2024-54291 |
NotFound–GetShop ecommerce |
Path Traversal vulnerability in NotFound GetShop ecommerce allows Path Traversal. This issue affects GetShop ecommerce: from n/a through 1.3. | 2025-03-28 | 8.1 | CVE-2024-54362 |
n/a — n/a
|
An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting. | 2025-03-27 | 8.7 | CVE-2025-0811 |
n/a — n/a
|
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | 2025-03-25 | 8.8 | CVE-2025-1097 |
n/a — n/a
|
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | 2025-03-25 | 8.8 | CVE-2025-1098 |
n/a — n/a
|
The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. This may be exploitable by unauthenticated attackers when the “Allow guest users without accounts to create topics and replies” setting is enabled. | 2025-03-29 | 8.8 | CVE-2025-2006 |
n/a — n/a
|
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the “admin” or “power” Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the “$SPLUNK_HOME/var/run/splunk/apptemp” directory due to missing authorization checks. | 2025-03-26 | 8 | CVE-2025-20229 |
n/a — n/a
|
The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to compromise the site in various ways depending on the specific function exploited – for example, by retrieving sensitive settings and configuration details, or by altering and deleting them, thereby disclosing sensitive information, disrupting the plugin’s functionality, and potentially impacting overall site performance. | 2025-03-26 | 8.8 | CVE-2025-2110 |
n/a — n/a
|
The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-03-29 | 8.8 | CVE-2025-2249 |
n/a — n/a
|
An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec. | 2025-03-27 | 8.7 | CVE-2025-2255 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.03. | 2025-03-27 | 8.5 | CVE-2025-22783 |
n/a — n/a
|
The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the ‘ELISQLREPORTS_menu’ function. This makes it possible for unauthenticated attackers to execute code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Version 5.25.10 adds a nonce check, which makes this vulnerability exploitable by admins only. | 2025-03-25 | 8.8 | CVE-2025-2319 |
n/a — n/a
|
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ‘dnd_remove_uploaded_files’ function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated attackers to add arbitrary file paths (such as ../../../../wp-config.php) to uploaded files on the server, which can easily lead to remote code execution when an Administrator deletes the message. Exploiting this vulnerability requires the Flamingo plugin to be installed and activated. | 2025-03-28 | 8.8 | CVE-2025-2328 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in NotFound LinkedIn Lite allows PHP Local File Inclusion. This issue affects LinkedIn Lite: from n/a through 1.0. | 2025-03-26 | 8.1 | CVE-2025-23937 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ntm custom-field-list-widget allows PHP Local File Inclusion. This issue affects custom-field-list-widget: from n/a through 1.5.1. | 2025-03-26 | 8.1 | CVE-2025-23952 |
n/a — n/a
|
Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. Exploitation may allow for session theft. | 2025-03-28 | 8.8 | CVE-2025-24381 |
n/a — n/a
|
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | 2025-03-25 | 8.8 | CVE-2025-24514 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Michele Giorgi Formality allows PHP Local File Inclusion. This issue affects Formality: from n/a through 1.5.7. | 2025-03-26 | 8.1 | CVE-2025-24690 |
n/a — n/a
|
Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. | 2025-03-27 | 8.2 | CVE-2025-26733 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in StylemixThemes Pearl – Corporate Business allows PHP Local File Inclusion.This issue affects Pearl – Corporate Business: from n/a before 3.4.8. | 2025-03-26 | 8.1 | CVE-2025-26986 |
n/a — n/a
|
The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 have an improper access control vulnerability. Version 1.5.0 fixes the vulnerability. | 2025-03-25 | 8.2 | CVE-2025-27147 |
n/a — n/a
|
A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 8 | CVE-2025-2725 |
n/a — n/a
|
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 8 | CVE-2025-2726 |
n/a — n/a
|
A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 8 | CVE-2025-2727 |
n/a — n/a
|
A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be approached within the local network. | 2025-03-25 | 8 | CVE-2025-2728 |
n/a — n/a
|
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 8 | CVE-2025-2729 |
n/a — n/a
|
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 8 | CVE-2025-2730 |
n/a — n/a
|
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 8 | CVE-2025-2731 |
n/a — n/a
|
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 8 | CVE-2025-2732 |
google — chrome |
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) | 2025-03-26 | 8.3 | CVE-2025-2783 |
n/a — n/a
|
The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-03-28 | 8.8 | CVE-2025-2815 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Shuffle allows Blind SQL Injection. This issue affects Shuffle: from n/a through 0.5. | 2025-03-26 | 8.5 | CVE-2025-28873 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound WP Google Calendar Manager allows Blind SQL Injection. This issue affects WP Google Calendar Manager: from n/a through 2.1. | 2025-03-26 | 8.5 | CVE-2025-28939 |
n/a — n/a
|
Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack. | 2025-03-24 | 8.1 | CVE-2025-29314 |
n/a — n/a
|
A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution. | 2025-03-25 | 8.8 | CVE-2025-29635 |
n/a — n/a
|
authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage (which is a non-default setting), deleting sessions via the Web Interface or the API would not revoke the session and the session holder would continue to have access to authentik. authentik 2025.2.3 and 2024.12.4 fix this issue. Switching to the cache-based session storage until the authentik instance can be upgraded is recommended. This will however also delete all existing sessions and users will have to re-authenticate. | 2025-03-28 | 8 | CVE-2025-29928 |
n/a — n/a
|
HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before 24.0.6, and 24.6.x before 24.6.1 allows authenticated attackers to bypass authorization restrictions. | 2025-03-27 | 8.1 | CVE-2025-30093 |
n/a — n/a
|
A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. | 2025-03-28 | 8.1 | CVE-2025-30232 |
n/a — n/a
|
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the “Webhook” trigger and the “Data of Last Operation” response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user accountability information, and operational data. This issue poses a significant security risk, as any unintended exposure of this data could lead to potential misuse. Version 11.5.0 fixes the issue. | 2025-03-26 | 8.6 | CVE-2025-30353 |
n/a — n/a
|
Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to a denial of service (DoS) attack against the server. Additionally, it could also result in other severe consequences given the application’s implementation, such as identity confusion, where an attacker could impersonate an assistant or system role within conversations. This impersonation could potentially enable jailbreak attacks when interacting with large language models (LLMs). Just like the Javascript’s prototype pollution, this vulnerability could leave a way for attackers to manipulate the intended data-flow or control-flow of the application at runtime and lead to severe consequences like remote code execution when gadgets are available. Users should upgrade to version 0.14.1 to obtain a fix for the issue. | 2025-03-27 | 8.1 | CVE-2025-30358 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Jahertor WP Featured Entries allows SQL Injection. This issue affects WP Featured Entries: from n/a through 1.0. | 2025-03-24 | 8.5 | CVE-2025-30569 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Dourou Flickr set slideshows allows SQL Injection. This issue affects Flickr set slideshows: from n/a through 0.9. | 2025-03-24 | 8.5 | CVE-2025-30590 |
n/a — n/a
|
Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through 3.0.4. | 2025-03-27 | 8.8 | CVE-2025-30772 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in AmentoTech Private Limited WPGuppy allows SQL Injection. This issue affects WPGuppy: from n/a through 1.1.3. | 2025-03-27 | 8.5 | CVE-2025-30775 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in jgwhite33 WP Google Review Slider allows SQL Injection. This issue affects WP Google Review Slider: from n/a through 16.0. | 2025-03-27 | 8.2 | CVE-2025-30783 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Shuffle WP Subscription Forms allows SQL Injection. This issue affects WP Subscription Forms: from n/a through 1.2.3. | 2025-03-27 | 8.5 | CVE-2025-30784 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup allows SQL Injection. This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through 5.25.08. | 2025-03-27 | 8.2 | CVE-2025-30788 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Constantin Boiangiu Vimeotheque allows SQL Injection. This issue affects Vimeotheque: from n/a through 2.3.4.2. | 2025-03-27 | 8.5 | CVE-2025-30806 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in smackcoders Lead Form Data Collection to CRM allows Blind SQL Injection. This issue affects Lead Form Data Collection to CRM: from n/a through 3.0.1. | 2025-03-27 | 8.5 | CVE-2025-30810 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Igor Benic Simple Giveaways allows SQL Injection. This issue affects Simple Giveaways: from n/a through 2.48.1. | 2025-03-27 | 8.5 | CVE-2025-30819 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in jetmonsters Restaurant Menu by MotoPress allows PHP Local File Inclusion. This issue affects Restaurant Menu by MotoPress: from n/a through 2.4.4. | 2025-03-27 | 8.8 | CVE-2025-30846 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in magepeopleteam WpTravelly allows PHP Local File Inclusion. This issue affects WpTravelly: from n/a through 1.8.7. | 2025-03-27 | 8.8 | CVE-2025-30891 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Falcon Solutions Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 1.0. | 2025-03-28 | 8.5 | CVE-2025-31466 |
Fortinet–FortiMail |
A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials. | 2025-03-24 | 7.5 | CVE-2021-26091 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fix double increment of client_count in dma_chan_get() The first time dma_chan_get() is called for a channel the channel client_count is incorrectly incremented twice for public channels, first in balance_ref_count(), and again prior to returning. This results in an incorrect client count which will lead to the channel resources not being freed when they should be. A simple test of repeated module load and unload of async_tx on a Dell Power Edge R7425 also shows this resulting in a kref underflow warning. [ 124.329662] async_tx: api initialized (async) [ 129.000627] async_tx: api initialized (async) [ 130.047839] ————[ cut here ]———— [ 130.052472] refcount_t: underflow; use-after-free. [ 130.057279] WARNING: CPU: 3 PID: 19364 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110 [ 130.065811] Modules linked in: async_tx(-) rfkill intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd ipmi_ssif kvm_amd dcdbas kvm mgag200 drm_shmem_helper acpi_ipmi irqbypass drm_kms_helper ipmi_si syscopyarea sysfillrect rapl pcspkr ipmi_devintf sysimgblt fb_sys_fops k10temp i2c_piix4 ipmi_msghandler acpi_power_meter acpi_cpufreq vfat fat drm fuse xfs libcrc32c sd_mod t10_pi sg ahci crct10dif_pclmul libahci crc32_pclmul crc32c_intel ghash_clmulni_intel igb megaraid_sas i40e libata i2c_algo_bit ccp sp5100_tco dca dm_mirror dm_region_hash dm_log dm_mod [last unloaded: async_tx] [ 130.117361] CPU: 3 PID: 19364 Comm: modprobe Kdump: loaded Not tainted 5.14.0-185.el9.x86_64 #1 [ 130.126091] Hardware name: Dell Inc. PowerEdge R7425/02MJ3T, BIOS 1.18.0 01/17/2022 [ 130.133806] RIP: 0010:refcount_warn_saturate+0xba/0x110 [ 130.139041] Code: 01 01 e8 6d bd 55 00 0f 0b e9 72 9d 8a 00 80 3d 26 18 9c 01 00 75 85 48 c7 c7 f8 a3 03 9d c6 05 16 18 9c 01 01 e8 4a bd 55 00 <0f> 0b e9 4f 9d 8a 00 80 3d 01 18 9c 01 00 0f 85 5e ff ff ff 48 c7 [ 130.157807] RSP: 0018:ffffbf98898afe68 EFLAGS: 00010286 [ 130.163036] RAX: 0000000000000000 RBX: ffff9da06028e598 RCX: 0000000000000000 [ 130.170172] RDX: ffff9daf9de26480 RSI: ffff9daf9de198a0 RDI: ffff9daf9de198a0 [ 130.177316] RBP: ffff9da7cddf3970 R08: 0000000000000000 R09: 00000000ffff7fff [ 130.184459] R10: ffffbf98898afd00 R11: ffffffff9d9e8c28 R12: ffff9da7cddf1970 [ 130.191596] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 130.198739] FS: 00007f646435c740(0000) GS:ffff9daf9de00000(0000) knlGS:0000000000000000 [ 130.206832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 130.212586] CR2: 00007f6463b214f0 CR3: 00000008ab98c000 CR4: 00000000003506e0 [ 130.219729] Call Trace: [ 130.222192] <TASK> [ 130.224305] dma_chan_put+0x10d/0x110 [ 130.227988] dmaengine_put+0x7a/0xa0 [ 130.231575] __do_sys_delete_module.constprop.0+0x178/0x280 [ 130.237157] ? syscall_trace_enter.constprop.0+0x145/0x1d0 [ 130.242652] do_syscall_64+0x5c/0x90 [ 130.246240] ? exc_page_fault+0x62/0x150 [ 130.250178] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.255243] RIP: 0033:0x7f6463a3f5ab [ 130.258830] Code: 73 01 c3 48 8b 0d 75 a8 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 45 a8 1b 00 f7 d8 64 89 01 48 [ 130.277591] RSP: 002b:00007fff22f972c8 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 [ 130.285164] RAX: ffffffffffffffda RBX: 000055b6786edd40 RCX: 00007f6463a3f5ab [ 130.292303] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 000055b6786edda8 [ 130.299443] RBP: 000055b6786edd40 R08: 0000000000000000 R09: 0000000000000000 [ 130.306584] R10: 00007f6463b9eac0 R11: 0000000000000206 R12: 000055b6786edda8 [ 130.313731] R13: 0000000000000000 R14: 000055b6786edda8 R15: 00007fff22f995f8 [ 130.320875] </TASK> [ 130.323081] —[ end trace eff7156d56b5cf25 ]— cat /sys/class/dma/dma0chan*/in_use would get the wrong result. 2 2 2 Test-by: Jie Hai <haijie1@huawei.com> | 2025-03-27 | 7.8 | CVE-2022-49753 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait While performing fast composition switch, there is a possibility that the process of ffs_ep0_write/ffs_ep0_read get into a race condition due to ep0req being freed up from functionfs_unbind. Consider the scenario that the ffs_ep0_write calls the ffs_ep0_queue_wait by taking a lock &ffs->ev.waitq.lock. However, the functionfs_unbind isn’t bounded so it can go ahead and mark the ep0req to NULL, and since there is no NULL check in ffs_ep0_queue_wait we will end up in use-after-free. Fix this by making a serialized execution between the two functions using a mutex_lock(ffs->mutex). | 2025-03-27 | 7.8 | CVE-2022-49755 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: btrfs: always report error in run_one_delayed_ref() Currently we have a btrfs_debug() for run_one_delayed_ref() failure, but if end users hit such problem, there will be no chance that btrfs_debug() is enabled. This can lead to very little useful info for debugging. This patch will: – Add extra info for error reporting Including: * logical bytenr * num_bytes * type * action * ref_mod – Replace the btrfs_debug() with btrfs_err() – Move the error reporting into run_one_delayed_ref() This is to avoid use-after-free, the @node can be freed in the caller. This error should only be triggered at most once. As if run_one_delayed_ref() failed, we trigger the error message, then causing the call chain to error out: btrfs_run_delayed_refs() `- btrfs_run_delayed_refs() `- btrfs_run_delayed_refs_for_head() `- run_one_delayed_ref() And we will abort the current transaction in btrfs_run_delayed_refs(). If we have to run delayed refs for the abort transaction, run_one_delayed_ref() will just cleanup the refs and do nothing, thus no new error messages would be output. | 2025-03-27 | 7.8 | CVE-2022-49761 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Avoid potential vm use-after-free Adding the vm to the vm_xa table makes it visible to userspace, which could try to race with us to close the vm. So we need to take our extra reference before putting it in the table. (cherry picked from commit 99343c46d4e2b34c285d3d5f68ff04274c2f9fb4) | 2025-03-27 | 7.8 | CVE-2023-52931 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix ->anon_vma race If an ->anon_vma is attached to the VMA, collapse_and_free_pmd() requires it to be locked. Page table traversal is allowed under any one of the mmap lock, the anon_vma lock (if the VMA is associated with an anon_vma), and the mapping lock (if the VMA is associated with a mapping); and so to be able to remove page tables, we must hold all three of them. retract_page_tables() bails out if an ->anon_vma is attached, but does this check before holding the mmap lock (as the comment above the check explains). If we racily merged an existing ->anon_vma (shared with a child process) from a neighboring VMA, subsequent rmap traversals on pages belonging to the child will be able to see the page tables that we are concurrently removing while assuming that nothing else can access them. Repeat the ->anon_vma check once we hold the mmap lock to ensure that there really is no concurrent page table access. Hitting this bug causes a lockdep warning in collapse_and_free_pmd(), in the line “lockdep_assert_held_write(&vma->anon_vma->root->rwsem)”. It can also lead to use-after-free access. | 2025-03-27 | 7.8 | CVE-2023-52935 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF After a call to console_unlock() in vcs_read() the vc_data struct can be freed by vc_deallocate(). Because of that, the struct vc_data pointer load must be done at the top of while loop in vcs_read() to avoid a UAF when vcs_size() is called. Syzkaller reported a UAF in vcs_size(). BUG: KASAN: use-after-free in vcs_size (drivers/tty/vt/vc_screen.c:215) Read of size 4 at addr ffff8881137479a8 by task 4a005ed81e27e65/1537 CPU: 0 PID: 1537 Comm: 4a005ed81e27e65 Not tainted 6.2.0-rc5 #1 Hardware name: Red Hat KVM, BIOS 1.15.0-2.module Call Trace: <TASK> __asan_report_load4_noabort (mm/kasan/report_generic.c:350) vcs_size (drivers/tty/vt/vc_screen.c:215) vcs_read (drivers/tty/vt/vc_screen.c:415) vfs_read (fs/read_write.c:468 fs/read_write.c:450) … </TASK> Allocated by task 1191: … kmalloc_trace (mm/slab_common.c:1069) vc_allocate (./include/linux/slab.h:580 ./include/linux/slab.h:720 drivers/tty/vt/vt.c:1128 drivers/tty/vt/vt.c:1108) con_install (drivers/tty/vt/vt.c:3383) tty_init_dev (drivers/tty/tty_io.c:1301 drivers/tty/tty_io.c:1413 drivers/tty/tty_io.c:1390) tty_open (drivers/tty/tty_io.c:2080 drivers/tty/tty_io.c:2126) chrdev_open (fs/char_dev.c:415) do_dentry_open (fs/open.c:883) vfs_open (fs/open.c:1014) … Freed by task 1548: … kfree (mm/slab_common.c:1021) vc_port_destruct (drivers/tty/vt/vt.c:1094) tty_port_destructor (drivers/tty/tty_port.c:296) tty_port_put (drivers/tty/tty_port.c:312) vt_disallocate_all (drivers/tty/vt/vt_ioctl.c:662 (discriminator 2)) vt_ioctl (drivers/tty/vt/vt_ioctl.c:903) tty_ioctl (drivers/tty/tty_io.c:2776) … The buggy address belongs to the object at ffff888113747800 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 424 bytes inside of 1024-byte region [ffff888113747800, ffff888113747c00) The buggy address belongs to the physical page: page:00000000b3fe6c7c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113740 head:00000000b3fe6c7c order:3 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0 anon flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) raw: 0017ffffc0010200 ffff888100042dc0 0000000000000000 dead000000000001 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888113747880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888113747900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > ffff888113747980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888113747a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888113747a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== Disabling lock debugging due to kernel taint | 2025-03-27 | 7.8 | CVE-2023-52973 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails, userspace could be accessing the host’s ipaddress attr. If we then free the session via iscsi_session_teardown() while userspace is still accessing the session we will hit a use after free bug. Set the tcp_sw_host->session after we have completed session creation and can no longer fail. | 2025-03-27 | 7.8 | CVE-2023-52974 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shost ipaddress attr, we can get a KASAN UAF report like this: [ 276.942144] BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x78/0xe0 [ 276.942535] Write of size 4 at addr ffff8881053b45b8 by task cat/4088 [ 276.943511] CPU: 2 PID: 4088 Comm: cat Tainted: G E 6.1.0-rc8+ #3 [ 276.943997] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 [ 276.944470] Call Trace: [ 276.944943] <TASK> [ 276.945397] dump_stack_lvl+0x34/0x48 [ 276.945887] print_address_description.constprop.0+0x86/0x1e7 [ 276.946421] print_report+0x36/0x4f [ 276.947358] kasan_report+0xad/0x130 [ 276.948234] kasan_check_range+0x35/0x1c0 [ 276.948674] _raw_spin_lock_bh+0x78/0xe0 [ 276.949989] iscsi_sw_tcp_host_get_param+0xad/0x2e0 [iscsi_tcp] [ 276.951765] show_host_param_ISCSI_HOST_PARAM_IPADDRESS+0xe9/0x130 [scsi_transport_iscsi] [ 276.952185] dev_attr_show+0x3f/0x80 [ 276.953005] sysfs_kf_seq_show+0x1fb/0x3e0 [ 276.953401] seq_read_iter+0x402/0x1020 [ 276.954260] vfs_read+0x532/0x7b0 [ 276.955113] ksys_read+0xed/0x1c0 [ 276.955952] do_syscall_64+0x38/0x90 [ 276.956347] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 276.956769] RIP: 0033:0x7f5d3a679222 [ 276.957161] Code: c0 e9 b2 fe ff ff 50 48 8d 3d 32 c0 0b 00 e8 a5 fe 01 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24 [ 276.958009] RSP: 002b:00007ffc864d16a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 276.958431] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f5d3a679222 [ 276.958857] RDX: 0000000000020000 RSI: 00007f5d3a4fe000 RDI: 0000000000000003 [ 276.959281] RBP: 00007f5d3a4fe000 R08: 00000000ffffffff R09: 0000000000000000 [ 276.959682] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000020000 [ 276.960126] R13: 0000000000000003 R14: 0000000000000000 R15: 0000557a26dada58 [ 276.960536] </TASK> [ 276.961357] Allocated by task 2209: [ 276.961756] kasan_save_stack+0x1e/0x40 [ 276.962170] kasan_set_track+0x21/0x30 [ 276.962557] __kasan_kmalloc+0x7e/0x90 [ 276.962923] __kmalloc+0x5b/0x140 [ 276.963308] iscsi_alloc_session+0x28/0x840 [scsi_transport_iscsi] [ 276.963712] iscsi_session_setup+0xda/0xba0 [libiscsi] [ 276.964078] iscsi_sw_tcp_session_create+0x1fd/0x330 [iscsi_tcp] [ 276.964431] iscsi_if_create_session.isra.0+0x50/0x260 [scsi_transport_iscsi] [ 276.964793] iscsi_if_recv_msg+0xc5a/0x2660 [scsi_transport_iscsi] [ 276.965153] iscsi_if_rx+0x198/0x4b0 [scsi_transport_iscsi] [ 276.965546] netlink_unicast+0x4d5/0x7b0 [ 276.965905] netlink_sendmsg+0x78d/0xc30 [ 276.966236] sock_sendmsg+0xe5/0x120 [ 276.966576] ____sys_sendmsg+0x5fe/0x860 [ 276.966923] ___sys_sendmsg+0xe0/0x170 [ 276.967300] __sys_sendmsg+0xc8/0x170 [ 276.967666] do_syscall_64+0x38/0x90 [ 276.968028] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 276.968773] Freed by task 2209: [ 276.969111] kasan_save_stack+0x1e/0x40 [ 276.969449] kasan_set_track+0x21/0x30 [ 276.969789] kasan_save_free_info+0x2a/0x50 [ 276.970146] __kasan_slab_free+0x106/0x190 [ 276.970470] __kmem_cache_free+0x133/0x270 [ 276.970816] device_release+0x98/0x210 [ 276.971145] kobject_cleanup+0x101/0x360 [ 276.971462] iscsi_session_teardown+0x3fb/0x530 [libiscsi] [ 276.971775] iscsi_sw_tcp_session_destroy+0xd8/0x130 [iscsi_tcp] [ 276.972143] iscsi_if_recv_msg+0x1bf1/0x2660 [scsi_transport_iscsi] [ 276.972485] iscsi_if_rx+0x198/0x4b0 [scsi_transport_iscsi] [ 276.972808] netlink_unicast+0x4d5/0x7b0 [ 276.973201] netlink_sendmsg+0x78d/0xc30 [ 276.973544] sock_sendmsg+0xe5/0x120 [ 276.973864] ____sys_sendmsg+0x5fe/0x860 [ 276.974248] ___sys_ —truncated— | 2025-03-27 | 7.8 | CVE-2023-52975 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bic_set_bfqq() After commit 64dc8c732f5c (“block, bfq: fix possible uaf for ‘bfqq->bic'”), bic->bfqq will be accessed in bic_set_bfqq(), however, in some context bic->bfqq will be freed, and bic_set_bfqq() is called with the freed bic->bfqq. Fix the problem by always freeing bfqq after bic_set_bfqq(). | 2025-03-27 | 7.8 | CVE-2023-52983 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net: fix UaF in netns ops registration error path If net_assign_generic() fails, the current error path in ops_init() tries to clear the gen pointer slot. Anyway, in such error path, the gen pointer itself has not been modified yet, and the existing and accessed one is smaller than the accessed index, causing an out-of-bounds error: BUG: KASAN: slab-out-of-bounds in ops_init+0x2de/0x320 Write of size 8 at addr ffff888109124978 by task modprobe/1018 CPU: 2 PID: 1018 Comm: modprobe Not tainted 6.2.0-rc2.mptcp_ae5ac65fbed5+ #1641 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x6a/0x9f print_address_description.constprop.0+0x86/0x2b5 print_report+0x11b/0x1fb kasan_report+0x87/0xc0 ops_init+0x2de/0x320 register_pernet_operations+0x2e4/0x750 register_pernet_subsys+0x24/0x40 tcf_register_action+0x9f/0x560 do_one_initcall+0xf9/0x570 do_init_module+0x190/0x650 load_module+0x1fa5/0x23c0 __do_sys_finit_module+0x10d/0x1b0 do_syscall_64+0x58/0x80 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f42518f778d Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d cb 56 2c 00 f7 d8 64 89 01 48 RSP: 002b:00007fff96869688 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 00005568ef7f7c90 RCX: 00007f42518f778d RDX: 0000000000000000 RSI: 00005568ef41d796 RDI: 0000000000000003 RBP: 00005568ef41d796 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 R13: 00005568ef7f7d30 R14: 0000000000040000 R15: 0000000000000000 </TASK> This change addresses the issue by skipping the gen pointer de-reference in the mentioned error-path. Found by code inspection and verified with explicit error injection on a kasan-enabled kernel. | 2025-03-27 | 7.8 | CVE-2023-52999 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info’s pvt_info The memory for llcc_driv_data is allocated by the LLCC driver. But when it is passed as the private driver info to the EDAC core, it will get freed during the qcom_edac driver release. So when the qcom_edac driver gets probed again, it will try to use the freed data leading to the use-after-free bug. Hence, do not pass llcc_driv_data as pvt_info but rather reference it using the platform_data pointer in the qcom_edac driver. | 2025-03-27 | 7.8 | CVE-2023-53003 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_taprio: fix possible use-after-free syzbot reported a nasty crash [1] in net_tx_action() which made little sense until we got a repro. This repro installs a taprio qdisc, but providing an invalid TCA_RATE attribute. qdisc_create() has to destroy the just initialized taprio qdisc, and taprio_destroy() is called. However, the hrtimer used by taprio had already fired, therefore advance_sched() called __netif_schedule(). Then net_tx_action was trying to use a destroyed qdisc. We can not undo the __netif_schedule(), so we must wait until one cpu serviced the qdisc before we can proceed. Many thanks to Alexander Potapenko for his help. [1] BUG: KMSAN: uninit-value in queued_spin_trylock include/asm-generic/qspinlock.h:94 [inline] BUG: KMSAN: uninit-value in do_raw_spin_trylock include/linux/spinlock.h:191 [inline] BUG: KMSAN: uninit-value in __raw_spin_trylock include/linux/spinlock_api_smp.h:89 [inline] BUG: KMSAN: uninit-value in _raw_spin_trylock+0x92/0xa0 kernel/locking/spinlock.c:138 queued_spin_trylock include/asm-generic/qspinlock.h:94 [inline] do_raw_spin_trylock include/linux/spinlock.h:191 [inline] __raw_spin_trylock include/linux/spinlock_api_smp.h:89 [inline] _raw_spin_trylock+0x92/0xa0 kernel/locking/spinlock.c:138 spin_trylock include/linux/spinlock.h:359 [inline] qdisc_run_begin include/net/sch_generic.h:187 [inline] qdisc_run+0xee/0x540 include/net/pkt_sched.h:125 net_tx_action+0x77c/0x9a0 net/core/dev.c:5086 __do_softirq+0x1cc/0x7fb kernel/softirq.c:571 run_ksoftirqd+0x2c/0x50 kernel/softirq.c:934 smpboot_thread_fn+0x554/0x9f0 kernel/smpboot.c:164 kthread+0x31b/0x430 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 Uninit was created at: slab_post_alloc_hook mm/slab.h:732 [inline] slab_alloc_node mm/slub.c:3258 [inline] __kmalloc_node_track_caller+0x814/0x1250 mm/slub.c:4970 kmalloc_reserve net/core/skbuff.c:358 [inline] __alloc_skb+0x346/0xcf0 net/core/skbuff.c:430 alloc_skb include/linux/skbuff.h:1257 [inline] nlmsg_new include/net/netlink.h:953 [inline] netlink_ack+0x5f3/0x12b0 net/netlink/af_netlink.c:2436 netlink_rcv_skb+0x55d/0x6c0 net/netlink/af_netlink.c:2507 rtnetlink_rcv+0x30/0x40 net/core/rtnetlink.c:6108 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline] ____sys_sendmsg+0xabc/0xe90 net/socket.c:2482 ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2536 __sys_sendmsg net/socket.c:2565 [inline] __do_sys_sendmsg net/socket.c:2574 [inline] __se_sys_sendmsg net/socket.c:2572 [inline] __x64_sys_sendmsg+0x367/0x540 net/socket.c:2572 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd CPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted 6.0.0-rc2-syzkaller-47461-gac3859c02d7f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 | 2025-03-27 | 7.8 | CVE-2023-53021 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fix use-after-free in local_cleanup() Fix a use-after-free that occurs in kfree_skb() called from local_cleanup(). This could happen when killing nfc daemon (e.g. neard) after detaching an nfc device. When detaching an nfc device, local_cleanup() called from nfc_llcp_unregister_device() frees local->rx_pending and decreases local->ref by kref_put() in nfc_llcp_local_put(). In the terminating process, nfc daemon releases all sockets and it leads to decreasing local->ref. After the last release of local->ref, local_cleanup() called from local_release() frees local->rx_pending again, which leads to the bug. Setting local->rx_pending to NULL in local_cleanup() could prevent use-after-free when local_cleanup() is called twice. Found by a modified version of syzkaller. BUG: KASAN: use-after-free in kfree_skb() Call Trace: dump_stack_lvl (lib/dump_stack.c:106) print_address_description.constprop.0.cold (mm/kasan/report.c:306) kasan_check_range (mm/kasan/generic.c:189) kfree_skb (net/core/skbuff.c:955) local_cleanup (net/nfc/llcp_core.c:159) nfc_llcp_local_put.part.0 (net/nfc/llcp_core.c:172) nfc_llcp_local_put (net/nfc/llcp_core.c:181) llcp_sock_destruct (net/nfc/llcp_sock.c:959) __sk_destruct (net/core/sock.c:2133) sk_destruct (net/core/sock.c:2181) __sk_free (net/core/sock.c:2192) sk_free (net/core/sock.c:2203) llcp_sock_release (net/nfc/llcp_sock.c:646) __sock_release (net/socket.c:650) sock_close (net/socket.c:1365) __fput (fs/file_table.c:306) task_work_run (kernel/task_work.c:179) ptrace_notify (kernel/signal.c:2354) syscall_exit_to_user_mode_prepare (kernel/entry/common.c:278) syscall_exit_to_user_mode (kernel/entry/common.c:296) do_syscall_64 (arch/x86/entry/common.c:86) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:106) Allocated by task 4719: kasan_save_stack (mm/kasan/common.c:45) __kasan_slab_alloc (mm/kasan/common.c:325) slab_post_alloc_hook (mm/slab.h:766) kmem_cache_alloc_node (mm/slub.c:3497) __alloc_skb (net/core/skbuff.c:552) pn533_recv_response (drivers/nfc/pn533/usb.c:65) __usb_hcd_giveback_urb (drivers/usb/core/hcd.c:1671) usb_giveback_urb_bh (drivers/usb/core/hcd.c:1704) tasklet_action_common.isra.0 (kernel/softirq.c:797) __do_softirq (kernel/softirq.c:571) Freed by task 1901: kasan_save_stack (mm/kasan/common.c:45) kasan_set_track (mm/kasan/common.c:52) kasan_save_free_info (mm/kasan/genericdd.c:518) __kasan_slab_free (mm/kasan/common.c:236) kmem_cache_free (mm/slub.c:3809) kfree_skbmem (net/core/skbuff.c:874) kfree_skb (net/core/skbuff.c:931) local_cleanup (net/nfc/llcp_core.c:159) nfc_llcp_unregister_device (net/nfc/llcp_core.c:1617) nfc_unregister_device (net/nfc/core.c:1179) pn53x_unregister_nfc (drivers/nfc/pn533/pn533.c:2846) pn533_usb_disconnect (drivers/nfc/pn533/usb.c:579) usb_unbind_interface (drivers/usb/core/driver.c:458) device_release_driver_internal (drivers/base/dd.c:1279) bus_remove_device (drivers/base/bus.c:529) device_del (drivers/base/core.c:3665) usb_disable_device (drivers/usb/core/message.c:1420) usb_disconnect (drivers/usb/core.c:2261) hub_event (drivers/usb/core/hub.c:5833) process_one_work (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:212 include/trace/events/workqueue.h:108 kernel/workqueue.c:2281) worker_thread (include/linux/list.h:282 kernel/workqueue.c:2423) kthread (kernel/kthread.c:319) ret_from_fork (arch/x86/entry/entry_64.S:301) | 2025-03-27 | 7.8 | CVE-2023-53023 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: NFSD: fix use-after-free in nfsd4_ssc_setup_dul() If signal_pending() returns true, schedule_timeout() will not be executed, causing the waiting task to remain in the wait queue. Fixed by adding a call to finish_wait(), which ensures that the waiting task will always be removed from the wait queue. | 2025-03-27 | 7.8 | CVE-2023-53025 |
n/a–n/a |
An Improper Link Resolution Before File Access (“Link Following”) and Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8. | 2025-03-27 | 7.5 | CVE-2024-12905 |
Unknown–aoa-downloadable |
The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. | 2025-03-25 | 7.2 | CVE-2024-13618 |
ashishajani–WP Church Donation |
The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-25 | 7.2 | CVE-2024-13690 |
Unknown–Stylish Google Sheet Reader 4.0 |
The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-03-25 | 7.1 | CVE-2024-13863 |
wordpressdotorg–WordPress Importer |
The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the ‘maybe_unserialize’ function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | 2025-03-26 | 7.2 | CVE-2024-13889 |
FRACTAL–String::Compare::ConstantTime |
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: “If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents).” This is similar to CVE-2020-36829 | 2025-03-28 | 7.5 | CVE-2024-13939 |
SirsiDynix–IPAC20 |
SQL Injection can occur in the SirsiDynix Horizon Information Portal (IPAC20) through 3.25_9382; however, a patch is available from the vendor. This is in ipac.jsp in a SELECT WHERE statement, in a part of the uri= variable in the second part of the full= inner variable. | 2025-03-25 | 7.5 | CVE-2024-44903 |
Xiaomi–Game center application |
A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. | 2025-03-26 | 7.8 | CVE-2024-45351 |
Xiaomi–Xiaomi phone framework has unauthorized access vulnerability |
A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods. | 2025-03-27 | 7.3 | CVE-2024-45356 |
Dell–Unity |
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges. | 2025-03-28 | 7.8 | CVE-2024-49563 |
Dell–Unity |
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges. | 2025-03-28 | 7.8 | CVE-2024-49564 |
Dell–Unity |
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | 2025-03-28 | 7.8 | CVE-2024-49565 |
Dell–Unity |
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | 2025-03-28 | 7.3 | CVE-2024-49601 |
jajapagamentos–J-J Pagamentos for WooCommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in jajapagamentos Já-Já Pagamentos for WooCommerce allows Reflected XSS. This issue affects Já-Já Pagamentos for WooCommerce: from n/a through 1.3.0. | 2025-03-28 | 7.1 | CVE-2024-51624 |
n/a–n/a |
A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household. | 2025-03-27 | 7.6 | CVE-2024-55073 |
n/a — n/a
|
A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2025-03-25 | 7.3 | CVE-2024-58104 |
n/a — n/a
|
A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2025-03-25 | 7.3 | CVE-2024-58105 |
MISP–MISP |
In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses. | 2025-03-28 | 7.2 | CVE-2024-58130 |
n/a — n/a
|
HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. | 2025-03-24 | 7.2 | CVE-2025-0255 |
Imagination Technologies–Graphics DDK |
Software installed and run as a non-privileged user may conduct improper GPU system calls to issue reads and writes to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform, altering their behaviour. | 2025-03-24 | 7.8 | CVE-2025-0478 |
Imagination Technologies–Graphics DDK |
Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. | 2025-03-24 | 7.8 | CVE-2025-0835 |
n/a — n/a
|
A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active. Precondition is that IEC61850 as client or server are configured using TLS on RTU500 device. It affects the CMU the IEC61850 stack is configured on. | 2025-03-25 | 7.5 | CVE-2025-1445 |
n/a — n/a
|
The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on the get_smth() function in all versions up to, and including, 1.0.6.7. This makes it possible for unauthenticated attackers to call arbitrary WordPress filters with a single parameter. | 2025-03-26 | 7.3 | CVE-2025-1514 |
n/a — n/a
|
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validate_file() Function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2025-03-26 | 7.6 | CVE-2025-1912 |
n/a — n/a
|
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the ‘form_data’ parameter This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | 2025-03-26 | 7.2 | CVE-2025-1913 |
n/a — n/a
|
The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logging functionality in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-26 | 7.2 | CVE-2025-2009 |
n/a — n/a
|
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin” or “power” Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information.<br><br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated low-privileged user should not be able to exploit the vulnerability at will. | 2025-03-26 | 7.1 | CVE-2025-20231 |
n/a — n/a
|
In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() KMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The cause of the issue was that eth_skb_pkt_type() accessed skb’s data that didn’t contain an Ethernet header. This occurs when bpf_prog_test_run_xdp() passes an invalid value as the user_data argument to bpf_test_init(). Fix this by returning an error when user_data is less than ETH_HLEN in bpf_test_init(). Additionally, remove the check for “if (user_size > size)” as it is unnecessary. [1] BUG: KMSAN: use-after-free in eth_skb_pkt_type include/linux/etherdevice.h:627 [inline] BUG: KMSAN: use-after-free in eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165 eth_skb_pkt_type include/linux/etherdevice.h:627 [inline] eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165 __xdp_build_skb_from_frame+0x5a8/0xa50 net/core/xdp.c:635 xdp_recv_frames net/bpf/test_run.c:272 [inline] xdp_test_run_batch net/bpf/test_run.c:361 [inline] bpf_test_run_xdp_live+0x2954/0x3330 net/bpf/test_run.c:390 bpf_prog_test_run_xdp+0x148e/0x1b10 net/bpf/test_run.c:1318 bpf_prog_test_run+0x5b7/0xa30 kernel/bpf/syscall.c:4371 __sys_bpf+0x6a6/0xe20 kernel/bpf/syscall.c:5777 __do_sys_bpf kernel/bpf/syscall.c:5866 [inline] __se_sys_bpf kernel/bpf/syscall.c:5864 [inline] __x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:5864 x64_sys_call+0x2ea0/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: free_pages_prepare mm/page_alloc.c:1056 [inline] free_unref_page+0x156/0x1320 mm/page_alloc.c:2657 __free_pages+0xa3/0x1b0 mm/page_alloc.c:4838 bpf_ringbuf_free kernel/bpf/ringbuf.c:226 [inline] ringbuf_map_free+0xff/0x1e0 kernel/bpf/ringbuf.c:235 bpf_map_free kernel/bpf/syscall.c:838 [inline] bpf_map_free_deferred+0x17c/0x310 kernel/bpf/syscall.c:862 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa2b/0x1b60 kernel/workqueue.c:3310 worker_thread+0xedf/0x1550 kernel/workqueue.c:3391 kthread+0x535/0x6b0 kernel/kthread.c:389 ret_from_fork+0x6e/0x90 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 CPU: 1 UID: 0 PID: 17276 Comm: syz.1.16450 Not tainted 6.12.0-05490-g9bb88c659673 #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 | 2025-03-27 | 7.8 | CVE-2025-21867 |
n/a — n/a
|
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free on inode when scanning root during em shrinking At btrfs_scan_root() we are accessing the inode’s root (and fs_info) in a call to btrfs_fs_closing() after we have scheduled the inode for a delayed iput, and that can result in a use-after-free on the inode in case the cleaner kthread does the iput before we dereference the inode in the call to btrfs_fs_closing(). Fix this by using the fs_info stored already in a local variable instead of doing inode->root->fs_info. | 2025-03-27 | 7.8 | CVE-2025-21879 |
n/a — n/a
|
In the Linux kernel, the following vulnerability has been resolved: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up The issue was caused by dput(upper) being called before ovl_dentry_update_reval(), while upper->d_flags was still accessed in ovl_dentry_remote(). Move dput(upper) after its last use to prevent use-after-free. BUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline] BUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 ovl_dentry_remote fs/overlayfs/util.c:162 [inline] ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167 ovl_link_up fs/overlayfs/copy_up.c:610 [inline] ovl_copy_up_one+0x2105/0x3490 fs/overlayfs/copy_up.c:1170 ovl_copy_up_flags+0x18d/0x200 fs/overlayfs/copy_up.c:1223 ovl_rename+0x39e/0x18c0 fs/overlayfs/dir.c:1136 vfs_rename+0xf84/0x20a0 fs/namei.c:4893 … </TASK> | 2025-03-27 | 7.8 | CVE-2025-21887 |
n/a — n/a
|
VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM. | 2025-03-25 | 7.8 | CVE-2025-22230 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Riyaz GetSocial allows Reflected XSS. This issue affects GetSocial: from n/a through 2.0.1. | 2025-03-26 | 7.1 | CVE-2025-22283 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stencies Stencies allows Reflected XSS. This issue affects Stencies: from n/a through 0.58. | 2025-03-28 | 7.1 | CVE-2025-22356 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WP Azure offload allows Reflected XSS. This issue affects WP Azure offload: from n/a through 2.0. | 2025-03-28 | 7.1 | CVE-2025-22360 |
n/a — n/a
|
An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to groups and projects. | 2025-03-27 | 7.5 | CVE-2025-2242 |
n/a — n/a
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Improve My City Improve My City allows Reflected XSS. This issue affects Improve My City: from n/a through 1.6. | 2025-03-28 | 7.1 | CVE-2025-22501 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound ULTIMATE VIDEO GALLERY allows Reflected XSS. This issue affects ULTIMATE VIDEO GALLERY: from n/a through 1.4. | 2025-03-28 | 7.1 | CVE-2025-22566 |
n/a — n/a
|
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. | 2025-03-26 | 7.2 | CVE-2025-2257 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in extendyourweb SUPER RESPONSIVE SLIDER allows Reflected XSS. This issue affects SUPER RESPONSIVE SLIDER: from n/a through 1.4. | 2025-03-28 | 7.1 | CVE-2025-22575 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Foliovision Filled In allows Stored XSS.This issue affects Filled In: from n/a through 1.9.2. | 2025-03-27 | 7.1 | CVE-2025-22628 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in kendysond Payment Forms for Paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through 4.0.1. | 2025-03-27 | 7.6 | CVE-2025-22652 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Appfolio allows Stored XSS.This issue affects Listings for Appfolio: from n/a through 1.2.0. | 2025-03-27 | 7.1 | CVE-2025-22658 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in globalpayments GlobalPayments WooCommerce allows Reflected XSS. This issue affects GlobalPayments WooCommerce: from n/a through 1.13.0. | 2025-03-28 | 7.1 | CVE-2025-22767 |
n/a — n/a
|
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | 2025-03-28 | 7.8 | CVE-2025-23383 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound NS Simple Intro Loader allows Reflected XSS. This issue affects NS Simple Intro Loader: from n/a through 2.2.3. | 2025-03-26 | 7.1 | CVE-2025-23459 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound RWS Enquiry And Lead Follow-up allows Reflected XSS. This issue affects RWS Enquiry And Lead Follow-up: from n/a through 1.0. | 2025-03-26 | 7.1 | CVE-2025-23460 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpsiteeditor Site Editor Google Map allows Reflected XSS. This issue affects Site Editor Google Map: from n/a through 1.0.1. | 2025-03-26 | 7.1 | CVE-2025-23466 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Robert D Payne RDP Linkedin Login allows Reflected XSS. This issue affects RDP Linkedin Login: from n/a through 1.7.0. | 2025-03-26 | 7.1 | CVE-2025-23542 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound FOMO Pay Chinese Payment Solution allows Reflected XSS. This issue affects FOMO Pay Chinese Payment Solution: from n/a through 2.0.4. | 2025-03-26 | 7.1 | CVE-2025-23543 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound RDP inGroups+ allows Reflected XSS. This issue affects RDP inGroups+: from n/a through 1.0.6. | 2025-03-26 | 7.1 | CVE-2025-23546 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Pixobe Cartography allows Reflected XSS. This issue affects Pixobe Cartography: from n/a through 1.0.1. | 2025-03-26 | 7.1 | CVE-2025-23612 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rhizome Networks CG Button allows Reflected XSS. This issue affects CG Button: from n/a through 1.0.5.6. | 2025-03-26 | 7.1 | CVE-2025-23632 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WP Database Audit allows Reflected XSS. This issue affects WP Database Audit: from n/a through 1.0. | 2025-03-26 | 7.1 | CVE-2025-23633 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Frontend Post Submission allows Reflected XSS. This issue affects Frontend Post Submission: from n/a through 1.0. | 2025-03-26 | 7.1 | CVE-2025-23638 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Management-screen-droptiles allows Reflected XSS. This issue affects Management-screen-droptiles: from n/a through 1.0. | 2025-03-26 | 7.1 | CVE-2025-23666 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Narnoo Operator allows Reflected XSS. This issue affects Narnoo Operator: from n/a through 2.0.0. | 2025-03-26 | 7.1 | CVE-2025-23680 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Reuven Karasik Your Lightbox allows Reflected XSS. This issue affects Your Lightbox: from n/a through 1.0. | 2025-03-26 | 7.1 | CVE-2025-23704 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound AppReview allows Reflected XSS. This issue affects AppReview: from n/a through 0.2.9. | 2025-03-26 | 7.1 | CVE-2025-23714 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound AuMenu allows Reflected XSS. This issue affects AuMenu: from n/a through 1.1.5. | 2025-03-26 | 7.1 | CVE-2025-23728 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Cosmin Schiopu Infugrator allows Reflected XSS. This issue affects Infugrator: from n/a through 1.0.3. | 2025-03-26 | 7.1 | CVE-2025-23735 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Google Plus allows Reflected XSS. This issue affects Google Plus: from n/a through 1.0.2. | 2025-03-26 | 7.1 | CVE-2025-23964 |
n/a — n/a
|
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges. | 2025-03-28 | 7.8 | CVE-2025-24377 |
n/a — n/a
|
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | 2025-03-28 | 7.8 | CVE-2025-24378 |
n/a — n/a
|
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | 2025-03-28 | 7.8 | CVE-2025-24379 |
n/a — n/a
|
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | 2025-03-28 | 7.8 | CVE-2025-24380 |
n/a — n/a
|
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | 2025-03-28 | 7.3 | CVE-2025-24382 |
n/a — n/a
|
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges. | 2025-03-28 | 7.8 | CVE-2025-24385 |
n/a — n/a
|
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | 2025-03-28 | 7.8 | CVE-2025-24386 |
n/a — n/a
|
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the ‘dnd_upload_cf7_upload’ function. This makes it possible for attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with the file upload action. The Flamingo plugin must be installed and activated in order to exploit the vulnerability. | 2025-03-28 | 7.5 | CVE-2025-2485 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta allows Reflected XSS.This issue affects Secret Meta: from n/a through 1.2.1. | 2025-03-27 | 7.1 | CVE-2025-25086 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in victoracano Cazamba allows Reflected XSS.This issue affects Cazamba: from n/a through 1.2. | 2025-03-27 | 7.1 | CVE-2025-25100 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Theme Demo Bar allows Reflected XSS. This issue affects Theme Demo Bar: from n/a through 1.6.3. | 2025-03-26 | 7.1 | CVE-2025-25134 |
n/a — n/a
|
NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system. | 2025-03-25 | 7.5 | CVE-2025-25371 |
n/a — n/a
|
NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module. | 2025-03-25 | 7.5 | CVE-2025-25372 |
n/a — n/a
|
In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service. | 2025-03-25 | 7.5 | CVE-2025-25374 |
n/a — n/a
|
Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword. | 2025-03-26 | 7.5 | CVE-2025-26001 |
n/a — n/a
|
Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi. | 2025-03-26 | 7.5 | CVE-2025-26009 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Yendif Player Another Events Calendar allows Reflected XSS. This issue affects Another Events Calendar: from n/a through 1.7.0. | 2025-03-26 | 7.1 | CVE-2025-26536 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce allows Reflected XSS. This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a through 1.7.6. | 2025-03-26 | 7.1 | CVE-2025-26541 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Zalo Live Chat allows Reflected XSS. This issue affects Zalo Live Chat: from n/a through 1.1.0. | 2025-03-26 | 7.1 | CVE-2025-26542 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound UTM tags tracking for Contact Form 7 allows Reflected XSS. This issue affects UTM tags tracking for Contact Form 7: from n/a through 2.1. | 2025-03-26 | 7.1 | CVE-2025-26544 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Cookies Pro allows Reflected XSS. This issue affects Cookies Pro: from n/a through 1.0. | 2025-03-26 | 7.1 | CVE-2025-26546 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WP Contact Form III allows Reflected XSS. This issue affects WP Contact Form III: from n/a through 1.6.2d. | 2025-03-26 | 7.1 | CVE-2025-26560 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in kagla GNUCommerce allows Reflected XSS. This issue affects GNUCommerce: from n/a through 1.5.4. | 2025-03-26 | 7.1 | CVE-2025-26564 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in kagla GNUPress allows Reflected XSS. This issue affects GNUPress: from n/a through 0.2.9. | 2025-03-26 | 7.1 | CVE-2025-26565 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound In Stock Mailer for WooCommerce allows Reflected XSS. This issue affects In Stock Mailer for WooCommerce: from n/a through 2.1.1. | 2025-03-26 | 7.1 | CVE-2025-26566 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Rizzi Guestbook allows Reflected XSS. This issue affects Rizzi Guestbook: from n/a through 4.0.1. | 2025-03-26 | 7.1 | CVE-2025-26573 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kyle Maurer Display Post Meta allows Reflected XSS. This issue affects Display Post Meta: from n/a through 2.4.4. | 2025-03-26 | 7.1 | CVE-2025-26575 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in takumin WP Simple Slideshow allows Reflected XSS. This issue affects WP Simple Slideshow: from n/a through 1.0. | 2025-03-26 | 7.1 | CVE-2025-26576 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in videowhisper MicroPayments allows Reflected XSS. This issue affects MicroPayments: from n/a through 3.1.6. | 2025-03-26 | 7.1 | CVE-2025-26579 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in videowhisper Picture Gallery allows Reflected XSS. This issue affects Picture Gallery: from n/a through 1.6.2. | 2025-03-26 | 7.1 | CVE-2025-26581 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in videowhisper Video Share VOD allows Reflected XSS. This issue affects Video Share VOD: from n/a through 2.7.2. | 2025-03-26 | 7.1 | CVE-2025-26583 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound TBTestimonials allows Reflected XSS. This issue affects TBTestimonials: from n/a through 1.7.3. | 2025-03-26 | 7.1 | CVE-2025-26584 |
phpgurukul — bank_locker_management_system |
A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 7.3 | CVE-2025-2674 |
anujkumar — bank_locker_management_system |
A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. Affected by this issue is some unknown functionality of the file /add-lockertype.php. The manipulation of the argument lockerprice leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 7.3 | CVE-2025-2675 |
anujkumar — bank_locker_management_system |
A vulnerability, which was classified as critical, was found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 7.3 | CVE-2025-2676 |
anujkumar — bank_locker_management_system |
A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /changeidproof.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 7.3 | CVE-2025-2677 |
anujkumar — bank_locker_management_system |
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /changeimage1.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 7.3 | CVE-2025-2678 |
anujkumar — bank_locker_management_system |
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact-us.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 7.3 | CVE-2025-2679 |
anujkumar — bank_locker_management_system |
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit-assign-locker.php?ltid=1. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 7.3 | CVE-2025-2680 |
phpgurukul — bank_locker_management_system |
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /edit-locker.php?ltid=6. The manipulation of the argument lockersize leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 7.3 | CVE-2025-2681 |
phpgurukul — bank_locker_management_system |
A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /edit-subadmin.php?said=3. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 7.3 | CVE-2025-2682 |
phpgurukul — bank_locker_management_system |
A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 7.3 | CVE-2025-2683 |
phpgurukul — bank_locker_management_system |
A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. This issue affects some unknown processing of the file /search-report-details.php. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 7.3 | CVE-2025-2684 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MemberSpace allows Reflected XSS.This issue affects MemberSpace: from n/a through 2.1.13. | 2025-03-27 | 7.1 | CVE-2025-26874 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in PluginUs.Net HUSKY allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through 1.3.6.4. | 2025-03-27 | 7.5 | CVE-2025-26890 |
n/a — n/a
|
Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. | 2025-03-27 | 7.6 | CVE-2025-26956 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in designingmedia Hostiko allows Reflected XSS.This issue affects Hostiko: from n/a before 30.1. | 2025-03-26 | 7.1 | CVE-2025-27014 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in designingmedia Hostiko allows PHP Local File Inclusion.This issue affects Hostiko: from n/a before 30.1. | 2025-03-26 | 7.5 | CVE-2025-27015 |
n/a — n/a
|
A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-24 | 7.3 | CVE-2025-2705 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in srcoley Random Quotes allows Reflected XSS. This issue affects Random Quotes: from n/a through 1.3. | 2025-03-26 | 7.1 | CVE-2025-27267 |
n/a — n/a
|
A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 7.3 | CVE-2025-2734 |
n/a — n/a
|
A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-services.php. The manipulation of the argument sertitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 7.3 | CVE-2025-2735 |
n/a — n/a
|
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-03-25 | 7.3 | CVE-2025-2736 |
n/a — n/a
|
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 7.3 | CVE-2025-2737 |
n/a — n/a
|
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/manage-scdetails.php. The manipulation of the argument namesc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 7.3 | CVE-2025-2738 |
n/a — n/a
|
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-services.php. The manipulation of the argument sertitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 7.3 | CVE-2025-2739 |
n/a — n/a
|
A vulnerability classified as critical has been found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/eligibility.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 7.3 | CVE-2025-2740 |
n/a — n/a
|
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of that user. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. As a workaround, those who have Icinga Web 2.12.2 may enable a content security policy in the application settings. | 2025-03-26 | 7.6 | CVE-2025-27404 |
n/a — n/a
|
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of that user. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. As a workaround, those who have Icinga Web 2.12.2 may enable a content security policy in the application settings. | 2025-03-26 | 7.6 | CVE-2025-27405 |
n/a — n/a
|
Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act on behalf of the user, if the template is being previewed; and act on behalf of the headless browser, if a report using the template is printed to PDF. This issue has been resolved in version 1.0.3 of Icinga Reporting. As a workaround, review all templates and remove suspicious settings. | 2025-03-26 | 7.6 | CVE-2025-27406 |
n/a — n/a
|
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178. | 2025-03-24 | 7.2 | CVE-2025-2749 |
n/a — n/a
|
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c. | 2025-03-25 | 7.8 | CVE-2025-27830 |
n/a — n/a
|
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c. | 2025-03-25 | 7.8 | CVE-2025-27833 |
n/a — n/a
|
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c. | 2025-03-25 | 7.8 | CVE-2025-27834 |
n/a — n/a
|
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. | 2025-03-25 | 7.8 | CVE-2025-27835 |
n/a — n/a
|
The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-03-29 | 7.3 | CVE-2025-2803 |
n/a — n/a
|
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi. | 2025-03-27 | 7.5 | CVE-2025-28135 |
n/a — n/a
|
Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component. | 2025-03-26 | 7.5 | CVE-2025-28361 |
n/a — n/a
|
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects the function registration of the file /oews/classes/Users.php?f=registration of the component Registration. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-27 | 7.3 | CVE-2025-2846 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Teleport allows Reflected XSS. This issue affects Teleport: from n/a through 1.2.4. | 2025-03-26 | 7.1 | CVE-2025-28855 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Arrow Plugins Arrow Maps allows Reflected XSS. This issue affects Arrow Maps: from n/a through 1.0.9. | 2025-03-26 | 7.1 | CVE-2025-28858 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in lionelroux WP Colorful Tag Cloud allows Reflected XSS. This issue affects WP Colorful Tag Cloud: from n/a through 2.0.1. | 2025-03-26 | 7.1 | CVE-2025-28865 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound NextGEN Gallery Voting allows Reflected XSS. This issue affects NextGEN Gallery Voting: from n/a through 2.7.6. | 2025-03-26 | 7.1 | CVE-2025-28869 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Key4ce osTicket Bridge allows Reflected XSS. This issue affects Key4ce osTicket Bridge: from n/a through 1.4.0. | 2025-03-26 | 7.1 | CVE-2025-28877 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Blue Captcha allows Reflected XSS. This issue affects Blue Captcha: from n/a through 1.7.4. | 2025-03-26 | 7.1 | CVE-2025-28880 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Omnify, Inc. Omnify allows Reflected XSS. This issue affects Omnify: from n/a through 2.0.3. | 2025-03-26 | 7.1 | CVE-2025-28882 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Custom Product Stickers for Woocommerce allows Reflected XSS. This issue affects Custom Product Stickers for Woocommerce: from n/a through 1.9.0. | 2025-03-26 | 7.1 | CVE-2025-28889 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Lightview Plus allows Reflected XSS. This issue affects Lightview Plus: from n/a through 3.1.3. | 2025-03-26 | 7.1 | CVE-2025-28890 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WP Event Ticketing allows Reflected XSS. This issue affects WP Event Ticketing: from n/a through 1.3.4. | 2025-03-26 | 7.1 | CVE-2025-28899 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Driving Directions allows Reflected XSS. This issue affects Driving Directions: from n/a through 1.4.4. | 2025-03-26 | 7.1 | CVE-2025-28903 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in gravity2pdf Gravity 2 PDF allows Reflected XSS. This issue affects Gravity 2 PDF: from n/a through 3.1.3. | 2025-03-26 | 7.1 | CVE-2025-28911 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Custom Smilies allows Stored XSS. This issue affects Custom Smilies: from n/a through 2.9.2. | 2025-03-26 | 7.1 | CVE-2025-28917 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound SpatialMatch IDX allows Reflected XSS. This issue affects SpatialMatch IDX: from n/a through 3.0.9. | 2025-03-26 | 7.1 | CVE-2025-28921 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound ZenphotoPress allows Reflected XSS. This issue affects ZenphotoPress: from n/a through 1.8. | 2025-03-26 | 7.1 | CVE-2025-28924 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sureshdsk Are you robot google recaptcha for wordpress allows Reflected XSS. This issue affects Are you robot google recaptcha for wordpress: from n/a through 2.2. | 2025-03-26 | 7.1 | CVE-2025-28928 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Simple Post Series allows Reflected XSS. This issue affects Simple Post Series: from n/a through 2.4.4. | 2025-03-26 | 7.1 | CVE-2025-28934 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in puzich Fancybox Plus allows Reflected XSS. This issue affects Fancybox Plus: from n/a through 1.0.1. | 2025-03-26 | 7.1 | CVE-2025-28935 |
n/a — n/a
|
An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the “cairo-lang-starknet-classes” library could allow remote attackers to trigger an infinite loop (and high CPU usage) by submitting a malicious Declare v2/v3 transaction. This results in a denial-of-service condition for affected Starknet full-node implementations. | 2025-03-27 | 7.5 | CVE-2025-29072 |
n/a — n/a
|
A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-28 | 7.3 | CVE-2025-2927 |
n/a — n/a
|
Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a bruteforce attack. Attackers are able to leverage this vulnerability into creating crafted LLDP packets. | 2025-03-24 | 7.5 | CVE-2025-29311 |
n/a — n/a
|
Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service (DoS). | 2025-03-24 | 7.5 | CVE-2025-29313 |
n/a — n/a
|
An out-of-memory error in the parseABC_NS_SET_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion. | 2025-03-27 | 7.5 | CVE-2025-29484 |
n/a — n/a
|
An out-of-memory error in the parseABC_STRING_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion. | 2025-03-27 | 7.5 | CVE-2025-29487 |
n/a — n/a
|
Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Kylin. If an attacker gets access to Kylin’s system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin’s system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2 or above, which fixes the issue. | 2025-03-27 | 7.2 | CVE-2025-30067 |
n/a — n/a
|
An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transactions can be reused. When completing a payment, the first or all transactions with the same reference are completed, depending on timing. This can be used to transfer more money onto employee cards than is paid. | 2025-03-26 | 7.5 | CVE-2025-30073 |
n/a — n/a
|
On 70mai Dash Cam 1S devices, by connecting directly to the dashcam’s network and accessing the API on port 80 and RTSP on port 554, an attacker can bypass the device authorization mechanism from the official mobile app that requires a user to physically press on the power button during a connection. | 2025-03-24 | 7.1 | CVE-2025-30112 |
n/a — n/a
|
An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by occupying the only available connection. The SSID remains broadcast at all times, increasing exposure to potential attacks. | 2025-03-25 | 7.5 | CVE-2025-30118 |
n/a — n/a
|
kanidim-provision is a helper utility that uses kanidm’s API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the (optional) kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system log. This only impacts users which both use the provided patches and provision their `admin` or `idm_admin` account credentials this way. No other credentials are affected. Users should recompile kanidm with the newest patchset from tag `v1.2.0` or higher. As a workaround, the user can set the log level `KANIDM_LOG_LEVEL` to any level higher than `info`, for example `warn`. | 2025-03-24 | 7.6 | CVE-2025-30205 |
n/a — n/a
|
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. Versions OTP-27.3.1, OTP-26.2.5.10, and OTP-25.3.2.19 fix the issue. Some workarounds are available. One may set option `parallel_login` to `false` and/or reduce the `max_sessions` option. | 2025-03-28 | 7.5 | CVE-2025-30211 |
n/a — n/a
|
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available. | 2025-03-27 | 7.1 | CVE-2025-30355 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in Damian Orzol Contact Form 7 Material Design allows Stored XSS. This issue affects Contact Form 7 Material Design: from n/a through 1.0.0. | 2025-03-24 | 7.1 | CVE-2025-30522 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Marcel-NL Super Simple Subscriptions allows SQL Injection. This issue affects Super Simple Subscriptions: from n/a through 1.1.0. | 2025-03-24 | 7.6 | CVE-2025-30523 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ProfitShare.ro WP Profitshare allows SQL Injection. This issue affects WP Profitshare: from n/a through 1.4.9. | 2025-03-24 | 7.6 | CVE-2025-30525 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in WPShop.ru CallPhone’r allows Stored XSS. This issue affects CallPhone’r: from n/a through 1.1.1. | 2025-03-24 | 7.1 | CVE-2025-30550 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in Donald Gilbert WordPress Admin Bar Improved allows Stored XSS. This issue affects WordPress Admin Bar Improved: from n/a through 3.3.5. | 2025-03-24 | 7.1 | CVE-2025-30552 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in iiiryan WordPres 同步微博 allows Stored XSS. This issue affects WordPres 同步微博: from n/a through 1.1.0. | 2025-03-24 | 7.1 | CVE-2025-30555 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in EnzoCostantini55 ANAC XML Render allows Stored XSS. This issue affects ANAC XML Render: from n/a through 1.5.7. | 2025-03-24 | 7.1 | CVE-2025-30558 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah jQuery Dropdown Menu allows Stored XSS. This issue affects jQuery Dropdown Menu: from n/a through 3.0. | 2025-03-24 | 7.1 | CVE-2025-30560 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in Henrique Mouta CAS Maestro allows Stored XSS. This issue affects CAS Maestro: from n/a through 1.1.3. | 2025-03-24 | 7.1 | CVE-2025-30561 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in wpwox Custom Script Integration allows Stored XSS. This issue affects Custom Script Integration: from n/a through 2.1. | 2025-03-24 | 7.1 | CVE-2025-30564 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in karrikas banner-manager allows Stored XSS. This issue affects banner-manager: from n/a through 16.04.19. | 2025-03-24 | 7.1 | CVE-2025-30565 |
n/a — n/a
|
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in wp01ru WP01 allows Path Traversal. This issue affects WP01: from n/a through 2.6.2. | 2025-03-25 | 7.5 | CVE-2025-30567 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in AliRezaMohammadi دکمه، شبکه اجتماعی خرید allows SQL Injection. This issue affects دکمه، شبکه اجتماعی خرید: from n/a through 2.0.6. | 2025-03-24 | 7.6 | CVE-2025-30570 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in STEdb Corp. STEdb Forms allows SQL Injection. This issue affects STEdb Forms: from n/a through 1.0.4. | 2025-03-24 | 7.6 | CVE-2025-30571 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in Igor Yavych Simple Rating allows Stored XSS. This issue affects Simple Rating: from n/a through 1.4. | 2025-03-24 | 7.1 | CVE-2025-30572 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in mendibass Browser Address Bar Color allows Stored XSS. This issue affects Browser Address Bar Color: from n/a through 3.3. | 2025-03-24 | 7.1 | CVE-2025-30577 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in hotvanrod AdSense Privacy Policy allows Stored XSS. This issue affects AdSense Privacy Policy: from n/a through 1.1.1. | 2025-03-24 | 7.1 | CVE-2025-30578 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in ProRankTracker Pro Rank Tracker allows Stored XSS. This issue affects Pro Rank Tracker: from n/a through 1.0.0. | 2025-03-24 | 7.1 | CVE-2025-30583 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in alphaomegaplugins AlphaOmega Captcha & Anti-Spam Filter allows Stored XSS. This issue affects AlphaOmega Captcha & Anti-Spam Filter: from n/a through 3.3. | 2025-03-24 | 7.1 | CVE-2025-30584 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in bbodine1 cTabs allows Stored XSS. This issue affects cTabs: from n/a through 1.3. | 2025-03-24 | 7.1 | CVE-2025-30586 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in shawfactor LH OGP Meta allows Stored XSS. This issue affects LH OGP Meta: from n/a through 1.73. | 2025-03-24 | 7.1 | CVE-2025-30587 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in ryan_xantoo Map Contact allows Stored XSS. This issue affects Map Contact: from n/a through 3.0.4. | 2025-03-24 | 7.1 | CVE-2025-30588 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in alphasis Related Posts via Categories allows Stored XSS. This issue affects Related Posts via Categories: from n/a through 2.1.2. | 2025-03-24 | 7.1 | CVE-2025-30602 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink allows Stored XSS. This issue affects CopyLink: from n/a through 1.1. | 2025-03-24 | 7.1 | CVE-2025-30603 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in jiangqie JiangQie Official Website Mini Program allows Blind SQL Injection. This issue affects JiangQie Official Website Mini Program: from n/a through 1.8.2. | 2025-03-24 | 7.6 | CVE-2025-30604 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup allows Stored XSS. This issue affects WordPress SQL Backup: from n/a through 3.5.2. | 2025-03-24 | 7.1 | CVE-2025-30608 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb Replace Default Words allows Stored XSS. This issue affects Replace Default Words: from n/a through 1.3. | 2025-03-24 | 7.1 | CVE-2025-30612 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator allows Stored XSS. This issue affects WP Odoo Form Integrator: from n/a through 1.1.0. | 2025-03-24 | 7.1 | CVE-2025-30620 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator allows Stored XSS. This issue affects Translator: from n/a through 0.3. | 2025-03-24 | 7.1 | CVE-2025-30621 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPPOOL FlexStock allows Blind SQL Injection. This issue affects FlexStock: from n/a through 3.13.1. | 2025-03-27 | 7.6 | CVE-2025-30765 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in alexvtn WIP WooCarousel Lite allows Stored XSS. This issue affects WIP WooCarousel Lite: from n/a through 1.1.7. | 2025-03-27 | 7.1 | CVE-2025-30769 |
n/a — n/a
|
Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress allows Object Injection. This issue affects TranslatePress: from n/a through 2.9.6. | 2025-03-27 | 7.2 | CVE-2025-30773 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WP Shuffle Subscribe to Download Lite allows PHP Local File Inclusion. This issue affects Subscribe to Download Lite: from n/a through 1.2.9. | 2025-03-27 | 7.5 | CVE-2025-30785 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup allows Stored XSS. This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through 5.25.08. | 2025-03-27 | 7.1 | CVE-2025-30787 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in wpdever Cart tracking for WooCommerce allows SQL Injection. This issue affects Cart tracking for WooCommerce: from n/a through 1.0.16. | 2025-03-27 | 7.6 | CVE-2025-30791 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in RadiusTheme The Post Grid allows PHP Local File Inclusion. This issue affects The Post Grid: from n/a through 7.7.17. | 2025-03-27 | 7.5 | CVE-2025-30814 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in HT Plugins WishSuite allows PHP Local File Inclusion. This issue affects WishSuite: from n/a through 1.4.4. | 2025-03-27 | 7.5 | CVE-2025-30820 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Themewinter WPCafe allows PHP Local File Inclusion. This issue affects WPCafe: from n/a through 2.2.31. | 2025-03-27 | 7.5 | CVE-2025-30829 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in themifyme Themify Event Post allows PHP Local File Inclusion. This issue affects Themify Event Post: from n/a through 1.3.2. | 2025-03-27 | 7.5 | CVE-2025-30831 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in setriosoft bizcalendar-web allows SQL Injection. This issue affects bizcalendar-web: from n/a through 1.1.0.34. | 2025-03-27 | 7.6 | CVE-2025-30843 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in webangon The Pack Elementor addons allows PHP Local File Inclusion. This issue affects The Pack Elementor addons: from n/a through 2.1.1. | 2025-03-27 | 7.5 | CVE-2025-30845 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in PressMaximum Currency Switcher for WooCommerce allows Stored XSS. This issue affects Currency Switcher for WooCommerce: from n/a through 0.0.7. | 2025-03-27 | 7.1 | CVE-2025-30857 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in DynamicWebLab Team Manager allows PHP Local File Inclusion. This issue affects Team Manager: from n/a through 2.1.23. | 2025-03-27 | 7.5 | CVE-2025-30868 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5. | 2025-03-27 | 7.5 | CVE-2025-30871 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in moreconvert MC Woocommerce Wishlist allows SQL Injection. This issue affects MC Woocommerce Wishlist: from n/a through 1.8.9. | 2025-03-27 | 7.6 | CVE-2025-30879 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in SuitePlugins Login Widget for Ultimate Member allows PHP Local File Inclusion. This issue affects Login Widget for Ultimate Member: from n/a through 1.1.2. | 2025-03-27 | 7.5 | CVE-2025-30890 |
n/a — n/a
|
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in magepeopleteam WpEvently allows PHP Local File Inclusion. This issue affects WpEvently: from n/a through 4.2.9. | 2025-03-27 | 7.5 | CVE-2025-30895 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget allows Stored XSS. This issue affects Store Locator Widget: from n/a through 20200131. | 2025-03-27 | 7.1 | CVE-2025-30919 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tribulant Software Newsletters allows SQL Injection. This issue affects Newsletters: from n/a through 4.9.9.7. | 2025-03-27 | 7.6 | CVE-2025-30921 |
n/a — n/a
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in bestwebsoft Slider by BestWebSoft allows SQL Injection. This issue affects Slider by BestWebSoft: from n/a through 1.1.0. | 2025-03-28 | 7.6 | CVE-2025-31099 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bob Hostel allows Reflected XSS. This issue affects Hostel: from n/a through 1.1.5.5. | 2025-03-28 | 7.1 | CVE-2025-31102 |
n/a — n/a
|
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Chop Chop Pop-Up Chop Chop allows PHP Local File Inclusion. This issue affects Pop-Up Chop Chop: from n/a through 2.1.7. | 2025-03-28 | 7.5 | CVE-2025-31432 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in Efficient Scripts Microblog Poster allows Stored XSS. This issue affects Microblog Poster: from n/a through 2.1.6. | 2025-03-28 | 7.1 | CVE-2025-31435 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Terms of Use allows Stored XSS. This issue affects Terms of Use: from n/a through 2.0. | 2025-03-28 | 7.1 | CVE-2025-31440 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Furtak KK I Like It allows Stored XSS. This issue affects KK I Like It: from n/a through 1.7.5.3. | 2025-03-28 | 7.1 | CVE-2025-31443 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in youtag ShowTime Slideshow allows Stored XSS. This issue affects ShowTime Slideshow: from n/a through 1.6. | 2025-03-28 | 7.1 | CVE-2025-31444 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in EricH The Visitor Counter allows Stored XSS. This issue affects The Visitor Counter: from n/a through 1.4.3. | 2025-03-28 | 7.1 | CVE-2025-31449 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embedder allows Stored XSS. This issue affects Video Embedder: from n/a through 1.7.1. | 2025-03-28 | 7.1 | CVE-2025-31458 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login Alert allows Stored XSS. This issue affects Login Alert: from n/a through 0.2.1. | 2025-03-28 | 7.1 | CVE-2025-31459 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl OmniLeads Scripts and Tags Manager allows Stored XSS. This issue affects OmniLeads Scripts and Tags Manager: from n/a through 1.3. | 2025-03-28 | 7.1 | CVE-2025-31460 |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
---|---|---|---|---|
Fortinet–FortiSandbox |
A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests. | 2025-03-24 | 6.8 | CVE-2021-26105 |
IBM–Cloud Pak System |
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user. | 2025-03-27 | 6.5 | CVE-2023-37405 |
Unknown–Slider by 10Web |
The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-25 | 6.1 | CVE-2024-10565 |
Unknown–Slider by 10Web |
The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-25 | 6.1 | CVE-2024-10566 |
Unknown–Quiz and Survey Master (QSM) |
The Quiz and Survey Master (QSM) WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-25 | 6.1 | CVE-2024-10679 |
Unknown–Registrations for the Events Calendar |
The Registrations for the Events Calendar WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-25 | 6.1 | CVE-2024-10703 |
xpeedstudio–ElementsKit Elementor Addons and Templates |
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-29 | 6.4 | CVE-2024-11180 |
Unknown–Contact Form & SMTP Plugin for WordPress by PirateForms |
The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-25 | 6.1 | CVE-2024-11272 |
Unknown–Contact Form & SMTP Plugin for WordPress by PirateForms |
The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-25 | 6.1 | CVE-2024-11273 |
Unknown–WP Tabs |
The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-25 | 6.1 | CVE-2024-11503 |
Hitachi Energy–RTU500 |
A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3 (TLS) is enabled. | 2025-03-25 | 6.5 | CVE-2024-12169 |
ivmartel–DICOM Support |
The DICOM Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘dcm’ shortcode in all versions up to, and including, 0.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-25 | 6.4 | CVE-2024-12623 |
Unknown–Smart Maintenance Mode |
The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-25 | 6.1 | CVE-2024-12682 |
zapier–Zapier for WordPress |
The Zapier for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5.1 via the updated_user() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. | 2025-03-26 | 6.4 | CVE-2024-13411 |
United Themes–Shortcodes by United Themes |
The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-03-29 | 6.5 | CVE-2024-13557 |
vcita–CRM and Lead Management by vcita |
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘vCitaMeetingScheduler’ and ‘vCitaSchedulingCalendar’ shortcodes in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-26 | 6.4 | CVE-2024-13702 |
bplugins–Alert Box Block Display notice/alerts in the front end. |
The Alert Box Block – Display notice/alerts in the front end. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Alert Box block in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-25 | 6.4 | CVE-2024-13731 |
n/a–n/a |
An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate attacker to execute arbitrary code via the cshell login component. | 2025-03-26 | 6.8 | CVE-2024-41643 |
Xiaomi–Xiaomi Mi Connect Service |
A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information. | 2025-03-27 | 6.5 | CVE-2024-45361 |
Apache Software Foundation–Apache Kylin |
Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke “/kylin/api/xxx/diag” api on another internal host and possibly get leaked information. There are two preconditions: 1) The attacker has got admin access to a kylin server; 2) Another internal host has the “/kylin/api/xxx/diag” api endpoint open for service. This issue affects Apache Kylin: from 5.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2, which fixes the issue. | 2025-03-27 | 6.5 | CVE-2024-48944 |
n/a–n/a |
NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. | 2025-03-25 | 6.1 | CVE-2024-55029 |
n/a–n/a |
An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn’t have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith’s own server only, but there is a denial of service because it can be continually restarted. This is due to incorrect access control checks, which should check for super user permissions on the incoming request. | 2025-03-26 | 6.5 | CVE-2024-55963 |
n/a–n/a |
An issue was discovered in Appsmith before 1.51. Users invited as “App Viewer” incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they’re a member of). This information disclosure does not expose sensitive data in the datasources, such as database passwords and API Keys. | 2025-03-26 | 6.5 | CVE-2024-55965 |
IBM–UrbanCode Deploy |
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | 2025-03-27 | 6.3 | CVE-2024-56469 |
Red Hat–Red Hat Data Grid 8 |
A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API. | 2025-03-28 | 6.5 | CVE-2024-6875 |
n/a — n/a
|
Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security (Blocked Messages module) allows Stored XSS. This issue affects Email Security through 8.5.5. | 2025-03-24 | 6.1 | CVE-2024-9103 |
n/a — n/a
|
The DesignThemes Core Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-25 | 6.4 | CVE-2025-0845 |
n/a — n/a
|
The Jobs for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.7.11 via the ‘job_postings_get_file’ parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-03-26 | 6.5 | CVE-2025-1310 |
n/a — n/a
|
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttonTextColor’ parameter in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-26 | 6.4 | CVE-2025-1312 |
n/a — n/a
|
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘advanced_iframe’ shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-26 | 6.4 | CVE-2025-1437 |
n/a — n/a
|
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘advanced_iframe’ shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes through the ‘src’ attribute when the src supplied returns a header with an injected value . This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-26 | 6.4 | CVE-2025-1439 |
n/a — n/a
|
The Smart Maintenance Mode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘setstatus’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-03-26 | 6.1 | CVE-2025-1490 |
n/a — n/a
|
Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF. | 2025-03-24 | 6.5 | CVE-2025-1558 |
n/a — n/a
|
The Ultimate Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-26 | 6.4 | CVE-2025-1703 |
n/a — n/a
|
The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation within the td_ajax_get_views AJAX action. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-03-28 | 6.1 | CVE-2025-1705 |
n/a — n/a
|
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uagb block in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-26 | 6.4 | CVE-2025-1784 |
n/a — n/a
|
The does not sanitise and escape some parameters when outputting them back in a page, allowing unauthenticated users the ability to perform stored Cross-Site Scripting attacks. | 2025-03-25 | 6.1 | CVE-2025-1798 |
n/a — n/a
|
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the “admin” or “power” Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF). | 2025-03-26 | 6.5 | CVE-2025-20228 |
n/a — n/a
|
The SH Email Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘mid’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-03-26 | 6.1 | CVE-2025-2165 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1.13. | 2025-03-27 | 6.5 | CVE-2025-22278 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in A.H.C. Waasdorp Simple Google Calendar Outlook Events Block Widget allows Stored XSS.This issue affects Simple Google Calendar Outlook Events Block Widget: from n/a through 2.5.0. | 2025-03-27 | 6.5 | CVE-2025-22497 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Acowebs Product Table For WooCommerce allows Stored XSS.This issue affects Product Table For WooCommerce: from n/a through 1.2.3. | 2025-03-27 | 6.5 | CVE-2025-22638 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeHunk Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce allows Stored XSS.This issue affects Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce: from n/a through 1.2.1. | 2025-03-27 | 6.5 | CVE-2025-22644 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in aThemes aThemes Addons for Elementor allows Stored XSS.This issue affects aThemes Addons for Elementor: from n/a through 1.0.8. | 2025-03-27 | 6.5 | CVE-2025-22646 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Plugin Devs Blog, Posts and Category Filter for Elementor allows Stored XSS.This issue affects Blog, Posts and Category Filter for Elementor: from n/a through 2.0.1. | 2025-03-27 | 6.5 | CVE-2025-22648 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through 2.10.44. | 2025-03-27 | 6.5 | CVE-2025-22659 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Wolfgang Include Mastodon Feed allows DOM-Based XSS.This issue affects Include Mastodon Feed: from n/a through 1.9.9. | 2025-03-27 | 6.5 | CVE-2025-22660 |
n/a — n/a
|
Missing Authorization vulnerability in AwesomeTOGI Awesome Event Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Event Booking: from n/a through 2.7.2. | 2025-03-27 | 6.5 | CVE-2025-22668 |
n/a — n/a
|
Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.7.2. | 2025-03-27 | 6.5 | CVE-2025-22670 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodeTrendy Power Mag allows DOM-Based XSS.This issue affects Power Mag: from n/a through 1.1.5. | 2025-03-27 | 6.5 | CVE-2025-22816 |
n/a — n/a
|
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s aws_search_terms shortcode in all versions up to, and including, 3.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-26 | 6.4 | CVE-2025-2302 |
n/a — n/a
|
The MediaView plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-03-27 | 6.1 | CVE-2025-2481 |
n/a — n/a
|
The Your Simple SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-03-25 | 6.4 | CVE-2025-2542 |
n/a — n/a
|
The Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-03-26 | 6.4 | CVE-2025-2573 |
n/a — n/a
|
The Ayyash Studio – The kick-start kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-03-26 | 6.4 | CVE-2025-2576 |
n/a — n/a
|
A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted UE Context Modification response. | 2025-03-27 | 6.5 | CVE-2025-26265 |
n/a — n/a
|
The Digital License Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg() function without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-03-25 | 6.1 | CVE-2025-2635 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound GDPR Tools allows Stored XSS. This issue affects GDPR Tools: from n/a through 1.0.2. | 2025-03-26 | 6.5 | CVE-2025-26537 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Secure Invites allows Reflected XSS. This issue affects Secure Invites: from n/a through 1.3. | 2025-03-26 | 6.5 | CVE-2025-26559 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Repute Infosystems ARPrice allows Stored XSS.This issue affects ARPrice: from n/a through 4.1.3. | 2025-03-27 | 6.5 | CVE-2025-26731 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BurgerThemes StoreBiz allows DOM-Based XSS.This issue affects StoreBiz: from n/a through 1.0.32. | 2025-03-27 | 6.5 | CVE-2025-26732 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in peregrinethemes Hester allows Stored XSS.This issue affects Hester: from n/a through 1.1.10. | 2025-03-27 | 6.5 | CVE-2025-26734 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in viktoras MorningTime Lite allows Stored XSS.This issue affects MorningTime Lite: from n/a through 1.3.2. | 2025-03-27 | 6.5 | CVE-2025-26736 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.5. | 2025-03-27 | 6.5 | CVE-2025-26737 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Graham Quick Interest Slider allows DOM-Based XSS.This issue affects Quick Interest Slider: from n/a through 3.1.3. | 2025-03-27 | 6.5 | CVE-2025-26738 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in themefunction newseqo allows Stored XSS.This issue affects newseqo: from n/a through 2.1.1. | 2025-03-26 | 6.5 | CVE-2025-26739 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through 1.0.0.35. | 2025-03-25 | 6.5 | CVE-2025-26742 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 99colorthemes RainbowNews allows Stored XSS.This issue affects RainbowNews: from n/a through 1.0.7. | 2025-03-26 | 6.5 | CVE-2025-26747 |
n/a — n/a
|
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-27 | 6.4 | CVE-2025-2685 |
mingyuefusu –tushuguanlixitong |
A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 6.5 | CVE-2025-2686 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Build allows Stored XSS.This issue affects Build: from n/a through 1.0.3. | 2025-03-26 | 6.5 | CVE-2025-26869 |
phpgurukul — elearning_system |
A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 6.3 | CVE-2025-2687 |
yiiframework — yii |
A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfonyfinderIteratorSortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 6.3 | CVE-2025-2689 |
yiiframework — yii |
A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunitsrcFrameworkMockObjectMockClass.php. The manipulation leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-24 | 6.3 | CVE-2025-2690 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in techthemes AuraMart allows Stored XSS.This issue affects AuraMart: from n/a through 2.0.7. | 2025-03-26 | 6.5 | CVE-2025-26922 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bastien Ho Event post allows Stored XSS.This issue affects Event post: from n/a through 5.9.8. | 2025-03-26 | 6.5 | CVE-2025-26923 |
n/a — n/a
|
Insertion of Sensitive Information Into Sent Data vulnerability in Shipmondo Shipmondo – A complete shipping solution for WooCommerce allows Retrieve Embedded Sensitive Data.This issue affects Shipmondo – A complete shipping solution for WooCommerce: from n/a through 5.0.3. | 2025-03-28 | 6.5 | CVE-2025-27001 |
AMTT–Hotel Broadband Operation System |
A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. This vulnerability affects the function popen of the file /manager/network/port_setup.php. The manipulation of the argument SwitchVersion/SwitchWrite/SwitchIP/SwitchIndex/SwitchState leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-24 | 6.3 | CVE-2025-2701 |
Softwin–WMX3 |
A vulnerability, which was classified as critical, has been found in Softwin WMX3 3.1. This issue affects the function ImageAdd of the file /ImageAdd.ashx. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-24 | 6.3 | CVE-2025-2702 |
n/a — n/a
|
A vulnerability classified as critical was found in Digiwin ERP 5.0.1. Affected by this vulnerability is an unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-24 | 6.3 | CVE-2025-2706 |
n/a — n/a
|
A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown part of the file app/tool/python_execute.py of the component Prompt Handler. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-25 | 6.3 | CVE-2025-2733 |
n/a — n/a
|
The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178. | 2025-03-24 | 6.5 | CVE-2025-2748 |
n/a — n/a
|
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 6.3 | CVE-2025-2750 |
n/a — n/a
|
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as critical. Affected is the function SceneCombiner::MergeScenes of the file code/AssetLib/LWS/LWSLoader.cpp of the component LWS File Handler. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 6.3 | CVE-2025-2753 |
n/a — n/a
|
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as critical. Affected by this vulnerability is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument it leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 6.3 | CVE-2025-2754 |
n/a — n/a
|
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as critical. Affected by this issue is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument src.entries leads to out-of-bounds read. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 6.3 | CVE-2025-2755 |
n/a — n/a
|
A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 6.3 | CVE-2025-2756 |
n/a — n/a
|
A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AI_MD5_PARSE_STRING_IN_QUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipulation of the argument data leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-25 | 6.3 | CVE-2025-2757 |
n/a — n/a
|
The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website. | 2025-03-25 | 6.5 | CVE-2025-27631 |
n/a — n/a
|
A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning. | 2025-03-25 | 6.1 | CVE-2025-27632 |
n/a — n/a
|
The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system. | 2025-03-25 | 6.1 | CVE-2025-27633 |
n/a — n/a
|
The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the ‘account_id’ and ‘account_username’ parameters in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-03-28 | 6.1 | CVE-2025-2804 |
n/a — n/a
|
There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user. | 2025-03-26 | 6.6 | CVE-2025-2819 |
n/a — n/a
|
An authenticated attacker can compromise the availability of the device via the network | 2025-03-26 | 6.5 | CVE-2025-2820 |
n/a — n/a
|
Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Dashboard v5.3.4 exists in class/class-mainwp-post-handler.php, where unsanitized user input from $_POST[‘sites’], $_POST[‘clients’], and $_POST[‘search’] is passed into the MainWP_User::render_table function. Despite using sanitize_text_field and wp_unslash, the values are not adequately protected against HTML or script injection. This flaw could allow an attacker to inject malicious scripts. | 2025-03-27 | 6.1 | CVE-2025-28253 |
n/a — n/a
|
A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1&limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-27 | 6.3 | CVE-2025-2831 |
n/a — n/a
|
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The manipulation of the argument mm leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-27 | 6.3 | CVE-2025-2847 |
n/a — n/a
|
A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file update_employee.php. The manipulation of the argument emp_type leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-03-27 | 6.3 | CVE-2025-2854 |
n/a — n/a
|
A flaw was found in the Ansible Automation Platform’s Event-Driven Ansible. In configurations where verbosity is set to “debug”, inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any “debug” action in a rulebook and also affects Event Streams. | 2025-03-28 | 6.5 | CVE-2025-2877 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Fiverr.com Official Search Box allows Stored XSS. This issue affects Fiverr.com Official Search Box: from n/a through 1.0.8. | 2025-03-26 | 6.5 | CVE-2025-28885 |
n/a — n/a
|
The Go1 also known as “The World’s First Intelligence Bionic Quadruped Robot Companion of Consumer Level,” contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service. | 2025-03-28 | 6.6 | CVE-2025-2894 |
n/a — n/a
|
A vulnerability, which was classified as critical, has been found in Aishida Call Center System up to 20250314. This issue affects some unknown processing of the file /doscall/weixin/open/amr2mp3. The manipulation of the argument File leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-28 | 6.3 | CVE-2025-2916 |
n/a — n/a
|
A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-28 | 6.8 | CVE-2025-2919 |
n/a — n/a
|
A vulnerability classified as critical has been found in Netis WF-2404 1.1.124EN. Affected is an unknown function of the file /etc/passwd. The manipulation with the input Realtek leads to use of default password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-28 | 6.4 | CVE-2025-2921 |
n/a — n/a
|
libming v0.4.8 was discovered to contain a memory leak via the parseSWF_ENABLEDEBUGGER2 function. | 2025-03-27 | 6.5 | CVE-2025-29483 |
n/a — n/a
|
libming v0.4.8 was discovered to contain a segmentation fault via the decompileRETURN function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file. | 2025-03-27 | 6.5 | CVE-2025-29485 |
n/a — n/a
|
libming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJECT3 function. | 2025-03-27 | 6.5 | CVE-2025-29486 |
n/a — n/a
|
libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTION function. | 2025-03-27 | 6.5 | CVE-2025-29488 |
n/a — n/a
|
libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLINESTYLES function. | 2025-03-27 | 6.5 | CVE-2025-29489 |
n/a — n/a
|
libming v0.4.8 was discovered to contain a segmentation fault via the decompileCALLMETHOD function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file. | 2025-03-27 | 6.5 | CVE-2025-29490 |
n/a — n/a
|
An allocation-size-too-big error in the parseSWF_DEFINEBINARYDATA function of libming v0.48 allows attackers to cause a Denial of Service (DoS) via supplying a crafted SWF file. | 2025-03-27 | 6.5 | CVE-2025-29491 |
n/a — n/a
|
libming v0.4.8 was discovered to contain a segmentation fault via the decompileSETVARIABLE function. | 2025-03-27 | 6.5 | CVE-2025-29492 |
n/a — n/a
|
libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETPROPERTY function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file. | 2025-03-27 | 6.5 | CVE-2025-29493 |
n/a — n/a
|
libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETMEMBER function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file. | 2025-03-27 | 6.5 | CVE-2025-29494 |
n/a — n/a
|
libming v0.4.8 was discovered to contain a segmentation fault via the decompileDUPLICATECLIP function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file. | 2025-03-27 | 6.5 | CVE-2025-29496 |
n/a — n/a
|
libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function. | 2025-03-27 | 6.5 | CVE-2025-29497 |
n/a — n/a
|
A vulnerability classified as critical has been found in Bluestar Micro Mall 1.0. Affected is an unknown function of the file /api/data.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-30 | 6.3 | CVE-2025-2951 |
n/a — n/a
|
A vulnerability classified as critical was found in Bluestar Micro Mall 1.0. Affected by this vulnerability is an unknown functionality of the file /api/api.php?mod=upload&type=1. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-30 | 6.3 | CVE-2025-2952 |
n/a — n/a
|
A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0_ /1.0.8.S0_ and classified as problematic. This issue affects the function plugins_call_handle_uri_raw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-30 | 6.5 | CVE-2025-2956 |
n/a — n/a
|
A vulnerability was found in TRENDnet TEW-411BRP+ 2.07. It has been classified as problematic. Affected is the function sub_401DB0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-30 | 6.5 | CVE-2025-2957 |
n/a — n/a
|
A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-30 | 6.5 | CVE-2025-2958 |
n/a — n/a
|
A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub_4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-30 | 6.5 | CVE-2025-2959 |
n/a — n/a
|
A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-30 | 6.5 | CVE-2025-2960 |
n/a — n/a
|
RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions will display an error message (a notification) in the management UI. The error message includes virtual host name, which was not escaped prior to open source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, 3.13.8. An attack that both makes a virtual host fail to start and creates a new virtual host name with an XSS code snippet or changes the name of an existing virtual host on disk could trigger arbitrary JavaScript code execution in the management UI (the user’s browser). Open source RabbitMQ `4.0.3` and Tanzu RabbitMQ `4.0.3` and `3.13.8` patch the issue. | 2025-03-25 | 6.1 | CVE-2025-30219 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in smartredfox Pretty file links allows Stored XSS. This issue affects Pretty file links: from n/a through 0.9. | 2025-03-24 | 6.5 | CVE-2025-30551 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Z.com byGMO GMO Font Agent allows Stored XSS. This issue affects GMO Font Agent: from n/a through 1.6. | 2025-03-24 | 6.5 | CVE-2025-30553 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aryan Themes Clink allows DOM-Based XSS. This issue affects Clink: from n/a through 1.2.2. | 2025-03-24 | 6.5 | CVE-2025-30566 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in samsk Include URL allows Stored XSS. This issue affects Include URL: from n/a through 0.3.5. | 2025-03-24 | 6.5 | CVE-2025-30593 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in tstafford include-file allows Stored XSS. This issue affects include-file: from n/a through 1. | 2025-03-24 | 6.5 | CVE-2025-30595 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in iografica IG Shortcodes allows DOM-Based XSS. This issue affects IG Shortcodes: from n/a through 3.1. | 2025-03-24 | 6.5 | CVE-2025-30597 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in catchsquare WP Social Widget allows Stored XSS. This issue affects WP Social Widget: from n/a through 2.2.6. | 2025-03-24 | 6.5 | CVE-2025-30610 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Olaf Lederer EO4WP allows Stored XSS. This issue affects EO4WP: from n/a through 1.0.8.4. | 2025-03-27 | 6.5 | CVE-2025-30763 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HappyMonster Happy Addons for Elementor allows DOM-Based XSS. This issue affects Happy Addons for Elementor: from n/a through 3.16.2. | 2025-03-27 | 6.5 | CVE-2025-30766 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mlaza jAlbum Bridge allows Stored XSS. This issue affects jAlbum Bridge: from n/a through 2.0.18. | 2025-03-27 | 6.5 | CVE-2025-30768 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Syed Balkhi Charitable allows DOM-Based XSS. This issue affects Charitable: from n/a through 1.8.4.7. | 2025-03-27 | 6.5 | CVE-2025-30770 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alain-Aymerick FRANCOIS WP Cassify allows DOM-Based XSS. This issue affects WP Cassify: from n/a through 2.3.5. | 2025-03-27 | 6.5 | CVE-2025-30771 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in webvitaly Sitekit allows Stored XSS. This issue affects Sitekit: from n/a through 1.8. | 2025-03-27 | 6.5 | CVE-2025-30776 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nick Doneren met Mollie allows Stored XSS. This issue affects Doneren met Mollie: from n/a through 2.10.7. | 2025-03-27 | 6.5 | CVE-2025-30779 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in cubecolour Audio Album allows Stored XSS. This issue affects Audio Album: from n/a through 1.5.0. | 2025-03-27 | 6.5 | CVE-2025-30780 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in oooorgle Quotes llama allows DOM-Based XSS. This issue affects Quotes llama: from n/a through 3.1.0. | 2025-03-27 | 6.5 | CVE-2025-30786 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Atawai Gum Elementor Addon allows Stored XSS. This issue affects Gum Elementor Addon: from n/a through 1.3.10. | 2025-03-27 | 6.5 | CVE-2025-30800 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sonalsinha21 SKT Addons for Elementor allows Stored XSS. This issue affects SKT Addons for Elementor: from n/a through 3.5. | 2025-03-27 | 6.5 | CVE-2025-30812 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in listamester Listamester allows Stored XSS. This issue affects Listamester: from n/a through 2.3.5. | 2025-03-27 | 6.5 | CVE-2025-30813 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mlaza jAlbum Bridge allows DOM-Based XSS. This issue affects jAlbum Bridge: from n/a through 2.0.17. | 2025-03-27 | 6.5 | CVE-2025-30818 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pierre Lannoy IP Locator allows DOM-Based XSS. This issue affects IP Locator: from n/a through 4.1.0. | 2025-03-27 | 6.5 | CVE-2025-30826 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in themifyme Themify Event Post allows DOM-Based XSS. This issue affects Themify Event Post: from n/a through 1.3.2. | 2025-03-27 | 6.5 | CVE-2025-30832 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LatePoint LatePoint allows Stored XSS. This issue affects LatePoint: from n/a through 5.1.6. | 2025-03-27 | 6.5 | CVE-2025-30836 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CozyThemes Cozy Blocks allows Stored XSS. This issue affects Cozy Blocks: from n/a through 2.1.6. | 2025-03-27 | 6.5 | CVE-2025-30838 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sfaerber Dr. Flex allows Stored XSS. This issue affects Dr. Flex: from n/a through 2.0.0. | 2025-03-27 | 6.5 | CVE-2025-30850 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows DOM-Based XSS. This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.2. | 2025-03-27 | 6.5 | CVE-2025-30860 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SearchIQ SearchIQ allows Stored XSS. This issue affects SearchIQ: from n/a through 4.7. | 2025-03-27 | 6.5 | CVE-2025-30867 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 11.0.2. | 2025-03-27 | 6.5 | CVE-2025-30873 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LeadConnector LeadConnector allows DOM-Based XSS. This issue affects LeadConnector: from n/a through 3.0.2. | 2025-03-27 | 6.5 | CVE-2025-30893 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mahdi Yousefi [MahdiY] افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) allows Stored XSS. This issue affects افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری): from n/a through 4.2.3. | 2025-03-27 | 6.5 | CVE-2025-30898 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho Billing – Embed Payment Form: from n/a through 4.0. | 2025-03-27 | 6.5 | CVE-2025-30900 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alex Mills SyntaxHighlighter Evolved allows DOM-Based XSS. This issue affects SyntaxHighlighter Evolved: from n/a through 3.7.1. | 2025-03-27 | 6.5 | CVE-2025-30903 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3. | 2025-03-27 | 6.5 | CVE-2025-30907 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in codemacher Structured Content allows Stored XSS. This issue affects Structured Content: from n/a through 1.6.3. | 2025-03-27 | 6.5 | CVE-2025-30918 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.7. | 2025-03-27 | 6.5 | CVE-2025-30920 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in simplebooklet Simplebooklet PDF Viewer and Embedder allows Stored XSS. This issue affects Simplebooklet PDF Viewer and Embedder: from n/a through 1.1.1. | 2025-03-27 | 6.5 | CVE-2025-30922 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in webangon The Pack Elementor addons allows Stored XSS. This issue affects The Pack Elementor addons: from n/a through 2.1.1. | 2025-03-27 | 6.5 | CVE-2025-30925 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Compete Themes Unlimited allows Stored XSS. This issue affects Unlimited: from n/a through 1.45. | 2025-03-28 | 6.5 | CVE-2025-31073 |
n/a — n/a
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in videowhisper MicroPayments allows Stored XSS. This issue affects MicroPayments: from n/a through 2.9.29. | 2025-03-28 | 6.5 | CVE-2025-31075 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ultimate Blocks Ultimate Blocks allows DOM-Based XSS. This issue affects Ultimate Blocks: from n/a through 3.2.7. | 2025-03-28 | 6.5 | CVE-2025-31077 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ZEEN101 Leaky Paywall allows Stored XSS. This issue affects Leaky Paywall: from n/a through 4.21.7. | 2025-03-28 | 6.5 | CVE-2025-31083 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Cozmoslabs Paid Member Subscriptions allows Stored XSS. This issue affects Paid Member Subscriptions: from n/a through 2.14.3. | 2025-03-28 | 6.5 | CVE-2025-31088 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in alordiel Dropdown Multisite selector allows Stored XSS. This issue affects Dropdown Multisite selector: from n/a through n/a. | 2025-03-28 | 6.5 | CVE-2025-31090 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS. This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.4. | 2025-03-28 | 6.5 | CVE-2025-31092 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in redpixelstudios RPS Include Content allows DOM-Based XSS. This issue affects RPS Include Content: from n/a through 1.2.1. | 2025-03-28 | 6.5 | CVE-2025-31093 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.8. | 2025-03-28 | 6.5 | CVE-2025-31094 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPXPO PostX allows DOM-Based XSS. This issue affects PostX: from n/a through 4.1.25. | 2025-03-28 | 6.5 | CVE-2025-31096 |
n/a — n/a
|
Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function. | 2025-03-28 | 6.6 | CVE-2025-31162 |
n/a — n/a
|
Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function. | 2025-03-28 | 6.6 | CVE-2025-31163 |
n/a — n/a
|
heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline. | 2025-03-28 | 6.6 | CVE-2025-31164 |
n/a — n/a
|
A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash. | 2025-03-27 | 6.2 | CVE-2025-31176 |
n/a — n/a
|
A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash. | 2025-03-27 | 6.2 | CVE-2025-31178 |
n/a — n/a
|
A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash. | 2025-03-27 | 6.2 | CVE-2025-31179 |
n/a — n/a
|
A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash. | 2025-03-27 | 6.2 | CVE-2025-31180 |
n/a — n/a
|
A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash. | 2025-03-27 | 6.2 | CVE-2025-31181 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Miguel Sirvent Magic Embeds allows Stored XSS. This issue affects Magic Embeds: from n/a through 3.1.2. | 2025-03-28 | 6.5 | CVE-2025-31433 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Stored XSS. This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.19. | 2025-03-28 | 6.5 | CVE-2025-31434 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in phantom.omaga Toggle Box allows Stored XSS. This issue affects Toggle Box: from n/a through 1.6. | 2025-03-28 | 6.5 | CVE-2025-31450 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in kevinweber wBounce allows Stored XSS. This issue affects wBounce: from n/a through 1.8.1. | 2025-03-28 | 6.5 | CVE-2025-31451 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mindshare Labs, Inc. WP Ultimate Search allows Stored XSS. This issue affects WP Ultimate Search: from n/a through 2.0.3. | 2025-03-28 | 6.5 | CVE-2025-31452 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stian Andreassen YouTube SimpleGallery allows Stored XSS. This issue affects YouTube SimpleGallery: from n/a through 2.0.6. | 2025-03-28 | 6.5 | CVE-2025-31453 |
n/a — n/a
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in cornershop Better Section Navigation Widget allows Stored XSS. This issue affects Better Section Navigation Widget: from n/a through 1.6.1. | 2025-03-28 | 6.5 | CVE-2025-31465 |
Fortinet–FortiClientEMS |
An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system. | 2025-03-28 | 5.5 | CVE-2019-16149 |
Fortinet–FortiDDoS |
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file. | 2025-03-28 | 5.3 | CVE-2021-24008 |
Ubuntu–Linux |
accountsservice no longer drops permissions when writting .pam_environment | 2025-03-25 | 5.5 | CVE-2022-1804 |
IBM–Cloud Pak System |
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 could allow a user with access to the network to obtain sensitive information from CLI arguments. | 2025-03-27 | 5.9 | CVE-2023-38272 |
Huawei–YutuFZ-5651S1 |
Huawei PCs have a vulnerability that allows low-privilege users to bypass SDDL permission checks . Successful exploitation this vulnerability could lead to termination of some system processes. | 2025-03-26 | 5.5 | CVE-2023-52972 |
Unknown–Job Postings |
The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-25 | 5.9 | CVE-2024-10105 |
Unknown–Stylish Price List |
The Stylish Price List WordPress plugin before 7.1.12 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-03-25 | 5.9 | CVE-2024-10472 |
GitLab–GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects. | 2025-03-28 | 5.2 | CVE-2024-12619 |
HCL Software–HCL SX |
HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF). | 2025-03-26 | 5.5 | CVE-2024-30155 |
IBM–SPSS Statistics |
IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 2025-03-25 | 5.9 | CVE-2024-31896 |
IBM–InfoSphere Information Server |
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions. | 2025-03-29 | 5.3 | CVE-2024-43186 |
Xiaomi–Xiaomi phone framework |
A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods. | 2025-03-27 | 5.5 | CVE-2024-45355 |
n/a–n/a |
A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household. | 2025-03-27 | 5.4 | CVE-2024-55072 |
MISP–MISP |
In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link. | 2025-03-28 | 5.5 | CVE-2024-58128 |
MISP–MISP |
In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page. | 2025-03-28 | 5.5 | CVE-2024-58129 |
n/a — n/a
|
HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user. | 2025-03-27 | 5.5 | CVE-2025-0273 |
n/a — n/a
|
The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aip_map_url_callback() function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the advancediFrameParameterData option with an excessive amount of unvalidated data. | 2025-03-26 | 5.3 | CVE-2025-1440 |
n/a — n/a
|
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | 2025-03-27 | 5.4 | CVE-2025-1997 |
n/a — n/a
|
IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user. | 2025-03-27 | 5.5 | CVE-2025-1998 |
n/a — n/a
|
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the “admin” or “power” Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the “/services/streams/search” endpoint through its “q” parameter. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. | 2025-03-26 | 5.7 | CVE-2025-20226 |
n/a — n/a
|
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin” or “power” Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the “/app/search/search” endpoint through its “s” parameter. <br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. | 2025-03-26 | 5.7 | CVE-2025-20232 |
n/a — n/a
|
The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to generic SQL Injection via the ‘sSearch’ parameter in all versions up to, and including, 1.29 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries, particularly when the plugin’s settings page hasn’t been visited and its welcome message has not been dismissed. This issue can be used to extract sensitive information from the database. | 2025-03-28 | 5.3 | CVE-2025-2074 |
n/a — n/a
|
The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query information from internal services. | 2025-03-25 | 5.8 | CVE-2025-2109 |
n/a — n/a
|
The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘events_list’ shortcodes in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-03-26 | 5.4 | CVE-2025-2167 |
n/a — n/a
|
Spring Security 6.4.0 – 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods | 2025-03-24 | 5.3 | CVE-2025-22223 |
n/a — n/a
|
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the ‘parse_query’ function in all versions up to, and including, 8.2. This makes it possible for unauthenticated attackers to update the post_status of any post to ‘publish’. | 2025-03-25 | 5.3 | CVE-2025-2224 |
n/a — n/a
|
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the ‘register_user’ function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Edit Login | Registration Form widget, as long as that user opens the email notification for successful registration. | 2025-03-26 | 5.7 | CVE-2025-2228 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MarMar8x Notif Bell allows Stored XSS.This issue affects Notif Bell: from n/a through 0.9.8. | 2025-03-27 | 5.9 | CVE-2025-22496 |
n/a — n/a
|
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal. | 2025-03-25 | 5.3 | CVE-2025-2252 |
n/a — n/a
|
Missing Authorization vulnerability in iNET iNET Webkit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iNET Webkit: from n/a through 1.2.2. | 2025-03-27 | 5.3 | CVE-2025-22629 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPress: from n/a through 2.4.5. | 2025-03-27 | 5.4 | CVE-2025-22634 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Paytm Paytm Payment Donation allows Stored XSS.This issue affects Paytm Payment Donation: from n/a through 2.3.3. | 2025-03-27 | 5.9 | CVE-2025-22640 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project Manager: from n/a through 2.6.22. | 2025-03-27 | 5.9 | CVE-2025-22649 |
n/a — n/a
|
Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through 4.2.7.5. | 2025-03-27 | 5.3 | CVE-2025-22739 |
n/a — n/a
|
Missing Authorization vulnerability in Automattic Sensei LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through 4.24.4. | 2025-03-27 | 5.3 | CVE-2025-22740 |
n/a — n/a
|
Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.6. | 2025-03-27 | 5.4 | CVE-2025-22770 |
n/a — n/a
|
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host’s Kerberos credentials cache. | 2025-03-25 | 5.9 | CVE-2025-2312 |
n/a — n/a
|
Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.3 and 1.11.3 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required (plus api access with regard to the api endpoints). And even though some of these Icinga Director users are restricted from accessing certain objects, are able to retrieve information related to them if their name is known. This makes it possible to change the configuration of these objects by those Icinga Director users restricted from accessing them. This results in further exploitation, data breaches and sensitive information disclosure. Affected endpoints include icingaweb2/director/service, if the host name is left out of the query; icingaweb2/directore/notification; icingaweb2/director/serviceset; and icingaweb2/director/scheduled-downtime. In addition, the endpoint `icingaweb2/director/services?host=filteredHostName` returns a status code 200 even though the services for the host is filtered. This in turn lets the restricted user know that the host `filteredHostName` exists even though the user is restricted from accessing it. This could again result in further exploitation of this information and data breaches. Icinga Director has patches in versions 1.10.3 and 1.11.1. If upgrading is not feasible, disable the director module for the users other than admin role for the time being. | 2025-03-26 | 5.5 | CVE-2025-23203 |
n/a — n/a
|
Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions-specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. | 2025-03-26 | 5.4 | CVE-2025-2499 |
n/a — n/a
|
The Frndzk Expandable Bottom Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘text’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-03-25 | 5.5 | CVE-2025-2510 |
n/a — n/a
|
Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. | 2025-03-26 | 5.4 | CVE-2025-2562 |
n/a — n/a
|
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.19 via the ‘wpAmeliaApiCall’ function. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2025-03-28 | 5.3 | CVE-2025-2578 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic WooCommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 9.7.0. | 2025-03-27 | 5.9 | CVE-2025-26762 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NOUS Ouvert Utile et Simple Accounting for WooCommerce allows Stored XSS.This issue affects Accounting for WooCommerce: from n/a through 1.6.8. | 2025-03-26 | 5.9 | CVE-2025-26929 |
n/a — n/a
|
A vulnerability, which was classified as critical, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this issue is some unknown functionality of the file /app-api/infra/file/upload of the component Front-End Store Interface. The manipulation of the argument path leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-24 | 5.4 | CVE-2025-2707 |
n/a — n/a
|
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. This affects an unknown part of the file /admin-api/infra/file/upload of the component Backend File Upload Interface. The manipulation of the argument path leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-24 | 5.4 | CVE-2025-2708 |
n/a — n/a
|
A vulnerability was found in GNOME libgsf up to 1.14.53. It has been classified as critical. This affects the function gsf_base64_encode_simple. The manipulation of the argument size_t leads to heap-based buffer overflow. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-25 | 5.3 | CVE-2025-2721 |
n/a — n/a
|
A vulnerability was found in GNOME libgsf up to 1.14.53. It has been declared as critical. This vulnerability affects the function gsf_prop_settings_collect_va. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. Local access is required to approach this attack. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-25 | 5.3 | CVE-2025-2722 |
n/a — n/a
|
A vulnerability was found in GNOME libgsf up to 1.14.53. It has been rated as critical. This issue affects the function gsf_property_settings_collec. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. Attacking locally is a requirement. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-25 | 5.3 | CVE-2025-2723 |
n/a — n/a
|
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. This vulnerability affects unknown code of the file /admin-api/mp/material/upload-permanent of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-25 | 5.4 | CVE-2025-2742 |
n/a — n/a
|
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-25 | 5.4 | CVE-2025-2744 |
n/a — n/a
|
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname. | 2025-03-25 | 5.4 | CVE-2025-27809 |
n/a — n/a
|
Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays. | 2025-03-25 | 5.4 | CVE-2025-27810 |
n/a — n/a
|
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-27 | 5.3 | CVE-2025-2833 |
n/a — n/a
|
The DAP to Autoresponders Email Syncing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file. | 2025-03-29 | 5.3 | CVE-2025-2840 |
n/a — n/a
|
A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/ExportIbmsConfig.sh of the component IBMS Configuration File Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-30 | 5.3 | CVE-2025-2955 |
n/a — n/a
|
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact’s sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue. | 2025-03-24 | 5.8 | CVE-2025-29778 |
n/a — n/a
|
Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and returns the file content if it exists. This bypass exists because trailing separators such as `?` are removed in several places, but are not accounted for in query string regexes. The contents of arbitrary files can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network (using `–host` or `server.host` config option) are affected. Versions 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 fix the issue. | 2025-03-24 | 5.3 | CVE-2025-30208 |
n/a — n/a
|
Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a burst of malformed transformations. When making many malformed transformation requests at once, at some point, all assets are served as 403. This causes denial of assets for all policies of Directus, including Admin and Public. Version 12.0.1 of the `@directus/storage-driver-s3` package, corresponding to version 11.5.0 of Directus, fixes the issue. | 2025-03-26 | 5.3 | CVE-2025-30225 |
n/a — n/a
|
Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a burst of HEAD requests. Some tools use Directus to sync content and assets, and some of those tools use the HEAD method to check the existence of files. When making many HEAD requests at once, at some point, all assets are eventually served as 403. This causes denial of assets for all policies of Directus, including Admin and Public. Version 12.0.1 of the `@directus/storage-driver-s3` package, corresponding to version 11.5.0 of Directus, fixes the issue. | 2025-03-26 | 5.3 | CVE-2025-30350 |
n/a — n/a
|
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the `search` query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the enumeration of unknown field contents. The searchable columns (numbers & strings) are not checked against permissions when injecting the `where` clauses for applying the search query. This leads to the possibility of enumerating those un-permitted fields. Version 11.5.0 fixes the issue. | 2025-03-26 | 5.3 | CVE-2025-30352 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in codetoolbox My Bootstrap Menu allows Stored XSS. This issue affects My Bootstrap Menu: from n/a through 1.2.1. | 2025-03-24 | 5.9 | CVE-2025-30527 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Atikul AI Preloader allows Stored XSS. This issue affects AI Preloader: from n/a through 1.0.2. | 2025-03-24 | 5.9 | CVE-2025-30530 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MorganF Weather Layer allows Stored XSS. This issue affects Weather Layer: from n/a through 4.2.1. | 2025-03-24 | 5.9 | CVE-2025-30532 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in gopiplus Message ticker allows Stored XSS. This issue affects Message ticker: from n/a through 9.3. | 2025-03-24 | 5.9 | CVE-2025-30533 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in zeitwesentech Beautiful Link Preview allows Stored XSS. This issue affects Beautiful Link Preview: from n/a through 1.5.0. | 2025-03-24 | 5.9 | CVE-2025-30536 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Cristian Sarov Upload Quota per User allows Stored XSS. This issue affects Upload Quota per User: from n/a through 1.3. | 2025-03-24 | 5.9 | CVE-2025-30537 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Benedikt Mo BMo Expo allows Stored XSS. This issue affects BMo Expo: from n/a through 1.0.15. | 2025-03-24 | 5.9 | CVE-2025-30539 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in avaibook AvaiBook allows Stored XSS. This issue affects AvaiBook: from n/a through 1.2. | 2025-03-24 | 5.9 | CVE-2025-30540 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in pixeline issuuPress allows Stored XSS. This issue affects issuuPress: from n/a through 1.3.2. | 2025-03-24 | 5.9 | CVE-2025-30545 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mrdenny My Default Post Content allows Stored XSS. This issue affects My Default Post Content: from n/a through 0.7.3. | 2025-03-24 | 5.9 | CVE-2025-30573 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jenst Mobile Navigation allows Stored XSS. This issue affects Mobile Navigation: from n/a through 1.5. | 2025-03-24 | 5.9 | CVE-2025-30574 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Arefly Login Redirect allows Stored XSS. This issue affects Login Redirect: from n/a through 1.0.5. | 2025-03-24 | 5.9 | CVE-2025-30575 |
n/a — n/a
|
Missing Authorization vulnerability in PluginOps Top Bar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Top Bar: from n/a through 3.3. | 2025-03-24 | 5.3 | CVE-2025-30581 |
n/a — n/a
|
Missing Authorization vulnerability in tuyennv Music Press Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Music Press Pro: from n/a through 1.4.6. | 2025-03-24 | 5.3 | CVE-2025-30591 |
n/a — n/a
|
Missing Authorization vulnerability in westerndeal Advanced Dewplayer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Dewplayer: from n/a through 1.6. | 2025-03-24 | 5.3 | CVE-2025-30592 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wp-maverick WP Parallax Content Slider allows Stored XSS. This issue affects WP Parallax Content Slider: from n/a through 0.9.8. | 2025-03-24 | 5.9 | CVE-2025-30599 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in thiagogsrwp WP Hotjar allows Stored XSS. This issue affects WP Hotjar: from n/a through 0.0.3. | 2025-03-24 | 5.9 | CVE-2025-30600 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Logan Carlile Easy Page Transition allows Stored XSS. This issue affects Easy Page Transition: from n/a through 1.0.1. | 2025-03-24 | 5.9 | CVE-2025-30606 |
n/a — n/a
|
Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data. This issue affects AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps: from n/a through 1.4.3. | 2025-03-24 | 5.3 | CVE-2025-30609 |
n/a — n/a
|
Cross-Site Request Forgery (CSRF) vulnerability in SpeakPipe SpeakPipe allows Cross Site Request Forgery. This issue affects SpeakPipe: from n/a through 0.2. | 2025-03-24 | 5.4 | CVE-2025-30619 |
n/a — n/a
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rachel Cherry wA11y – The Web Accessibility Toolbox allows Stored XSS. This issue affects wA11y – The Web Accessibility Toolbox: from n/a through 1.0.3. | 2025-03-24 | 5.9 | CVE-2025-30623 |
n/a — n/a
|
httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-of-bounds read because a certain 1024-character req string would not have a final ‘ |