Patch Tuesday — April 2025

2025-04-08 · 945 CVEs

CVEs published or modified the week of 2025-04-08, partitioned by vendor.

Microsoft (149 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0539High8.82025-04-10In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Se…
CVE-2025-29794High8.82025-04-08Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-27740High8.82025-04-08Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.
CVE-2025-27481High8.82025-04-08Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-27477High8.82025-04-08Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-26669High8.82025-04-08Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-26647High8.82025-04-08Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
CVE-2025-21222High8.82025-04-08Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-21221High8.82025-04-08Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-21205High8.82025-04-08Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-1095High8.82025-04-08IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE).
CVE-2025-27737High8.62025-04-08Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-26678High8.42025-04-08Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-27482High8.12025-04-08Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2025-27480High8.12025-04-08Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2025-26671High8.12025-04-08Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2025-26670High8.12025-04-08Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
CVE-2025-26663High8.12025-04-08Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
CVE-2025-27487High8.02025-04-08Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.
CVE-2025-30304High7.82025-04-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-30299High7.82025-04-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-30298High7.82025-04-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-30297High7.82025-04-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-30296High7.82025-04-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-30295High7.82025-04-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-29824High7.8KEV2025-04-08Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-29823High7.82025-04-08Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29822High7.82025-04-08Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-29820High7.82025-04-08Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-29812High7.82025-04-08Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.
CVE-2025-29811High7.82025-04-08Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.
CVE-2025-29801High7.82025-04-08Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
CVE-2025-29800High7.82025-04-08Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
CVE-2025-29791High7.82025-04-08Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-27752High7.82025-04-08Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-27751High7.82025-04-08Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-27750High7.82025-04-08Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-27749High7.82025-04-08Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-27748High7.82025-04-08Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-27747High7.82025-04-08Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-27746High7.82025-04-08Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-27745High7.82025-04-08Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-27744High7.82025-04-08Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2025-27743High7.82025-04-08Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.
CVE-2025-27741High7.82025-04-08Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
CVE-2025-27739High7.82025-04-08Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-27733High7.82025-04-08Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
CVE-2025-27731High7.82025-04-08Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.
CVE-2025-27730High7.82025-04-08Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-27729High7.82025-04-08Use after free in Windows Shell allows an unauthorized attacker to execute code locally.
CVE-2025-27728High7.82025-04-08Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2025-27727High7.82025-04-08Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-27490High7.82025-04-08Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-27489High7.82025-04-08Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally.
CVE-2025-27483High7.82025-04-08Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
CVE-2025-27476High7.82025-04-08Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-27467High7.82025-04-08Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-27200High7.82025-04-08Animate versions 24.0.7, 23.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27199High7.82025-04-08Animate versions 24.0.7, 23.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27198High7.82025-04-08Photoshop Desktop versions 25.12.1, 26.4.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27196High7.82025-04-08Premiere Pro versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27195High7.82025-04-08Media Encoder versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27194High7.82025-04-08Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27193High7.82025-04-08Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27183High7.82025-04-08After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27182High7.82025-04-08After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-26688High7.82025-04-08Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.
CVE-2025-26679High7.82025-04-08Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.
CVE-2025-26675High7.82025-04-08Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2025-26674High7.82025-04-08Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
CVE-2025-26666High7.82025-04-08Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
CVE-2025-26648High7.82025-04-08Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-26642High7.82025-04-08Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-26639High7.82025-04-08Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-24074High7.82025-04-08Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-24073High7.82025-04-08Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-24062High7.82025-04-08Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-24060High7.82025-04-08Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-24058High7.82025-04-08Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-21204High7.82025-04-08Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
CVE-2025-29816High7.52025-04-08Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-29810High7.52025-04-08Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
CVE-2025-29805High7.52025-04-08Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.
CVE-2025-27486High7.52025-04-08Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-27485High7.52025-04-08Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-27484High7.52025-04-08Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network.
CVE-2025-27479High7.52025-04-08Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network.
CVE-2025-27473High7.52025-04-08Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
CVE-2025-27470High7.52025-04-08Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-27469High7.52025-04-08Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
CVE-2025-26687High7.52025-04-08Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-26686High7.52025-04-08Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2025-26682High7.52025-04-08Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2025-26680High7.52025-04-08Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-26673High7.52025-04-08Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
CVE-2025-26668High7.52025-04-08Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-26652High7.52025-04-08Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-26641High7.52025-04-08Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.
CVE-2025-21174High7.52025-04-08Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-29804High7.32025-04-08Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-29802High7.32025-04-08Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-29792High7.32025-04-08Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2025-26628High7.32025-04-08Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally.
CVE-2025-29793High7.22025-04-08Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-29809High7.12025-04-08Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
CVE-2025-27491High7.12025-04-08Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network.
CVE-2025-27732High7.02025-04-08Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-27492High7.02025-04-08Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.
CVE-2025-27478High7.02025-04-08Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
CVE-2025-27475High7.02025-04-08Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.
CVE-2025-26665High7.02025-04-08Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.
CVE-2025-26649High7.02025-04-08Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.
CVE-2025-26640High7.02025-04-08Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-21191High7.02025-04-08Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
CVE-2025-26637Medium6.82025-04-08Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-25002Medium6.82025-04-08Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network.
CVE-2025-26681Medium6.72025-04-08Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-27738Medium6.52025-04-08Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.
CVE-2025-27474Medium6.52025-04-08Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-26676Medium6.52025-04-08Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-26672Medium6.52025-04-08Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-26667Medium6.52025-04-08Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-26664Medium6.52025-04-08Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-26651Medium6.52025-04-08Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
CVE-2025-26635Medium6.52025-04-08Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.
CVE-2025-21203Medium6.52025-04-08Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-21197Medium6.52025-04-08Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.
CVE-2025-29819Medium6.22025-04-08External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.
CVE-2025-27735Medium6.02025-04-08Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
CVE-2025-27471Medium5.92025-04-08Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network.
CVE-2025-30303Medium5.52025-04-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-30302Medium5.52025-04-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-30301Medium5.52025-04-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2025-30300Medium5.52025-04-08Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2025-29821Medium5.52025-04-08Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.
CVE-2025-29808Medium5.52025-04-08Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVE-2025-27742Medium5.52025-04-08Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.
CVE-2025-27736Medium5.52025-04-08Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.
CVE-2025-27204Medium5.52025-04-08After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-27202Medium5.52025-04-08Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-27201Medium5.52025-04-08Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-27187Medium5.52025-04-08After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-27186Medium5.52025-04-08After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-27185Medium5.52025-04-08After Effects versions 25.1, 24.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2025-27184Medium5.52025-04-08After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2023-42007Medium5.42025-04-10IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting.
CVE-2025-27472Medium5.42025-04-08Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-26644Medium5.12025-04-08Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.
CVE-2023-43035Medium4.02025-04-10IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.

Other vendors (796 CVEs across 371 vendors)

Qualcomm · 34 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45552High8.22025-04-07Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards.
CVE-2025-21447High7.82025-04-07Memory corruption may occur while processing device IO control call for session control.
CVE-2025-21443High7.82025-04-07Memory corruption while processing message content in eAVB.
CVE-2025-21442High7.82025-04-07Memory corruption while transmitting packet mapping information with invalid header payload size.
CVE-2025-21441High7.82025-04-07Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
CVE-2025-21440High7.82025-04-07Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
CVE-2025-21439High7.82025-04-07Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer.
CVE-2025-21438High7.82025-04-07Memory corruption while IOCTL call is invoked from user-space to read board data.
CVE-2025-21437High7.82025-04-07Memory corruption while processing memory map or unmap IOCTL operations simultaneously.
CVE-2025-21436High7.82025-04-07Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads.
CVE-2025-21423High7.82025-04-07Memory corruption occurs when handling client calls to EnableTestMode through an Escape call.
CVE-2025-21421High7.82025-04-07Memory corruption while processing escape code in API.
CVE-2024-45557High7.82025-04-07Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.
CVE-2024-43067High7.82025-04-07Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.
CVE-2024-43066High7.82025-04-07Memory corruption while handling file descriptor during listener registration/de-registration.
CVE-2024-43058High7.82025-04-07Memory corruption while processing IOCTL calls.
CVE-2024-45549High7.72025-04-07Information disclosure while creating MQ channels.
CVE-2025-21448High7.52025-04-07Transient DOS may occur while parsing SSID in action frames.
CVE-2025-21435High7.52025-04-07Transient DOS may occur while parsing extended IE in beacon.
CVE-2025-21434High7.52025-04-07Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
CVE-2025-21430High7.52025-04-07Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.
CVE-2025-21429High7.52025-04-07Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
CVE-2025-21428High7.52025-04-07Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.
CVE-2024-33058High7.52025-04-07Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP.
CVE-2025-21425High7.32025-04-07Memory corruption may occur due top improper access control in HAB process.
CVE-2024-43065High7.12025-04-07Cryptographic issues while generating an asymmetric key pair for RKP use cases.
CVE-2024-49848Medium6.72025-04-07Memory corruption while processing multiple IOCTL calls from HLOS to DSP.
CVE-2024-45544Medium6.62025-04-07Memory corruption while processing IOCTL calls to add route entry in the HW.
CVE-2024-45543Medium6.62025-04-07Memory corruption while accessing MSM channel map and mixer functions.
CVE-2024-45540Medium6.62025-04-07Memory corruption while invoking IOCTL map buffer request from userspace.
CVE-2024-45556Medium6.52025-04-07Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.
CVE-2024-45551Medium6.22025-04-07Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass.
CVE-2025-21431Medium5.52025-04-07Information disclosure may be there when a guest VM is connected.
CVE-2024-43046Medium5.52025-04-07There may be information disclosure during memory re-allocation in TZ Secure OS.

Adobe · 26 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30282Critical9.12025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-30281Critical9.12025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution.
CVE-2025-24447Critical9.12025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user resulting in a High impact to Confi…
CVE-2025-24446Critical9.12025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution.
CVE-2025-30290High8.72025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass.
CVE-2025-30286High8.42025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker.
CVE-2025-30285High8.42025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-30284High8.42025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-30289High8.22025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker.
CVE-2025-30288High8.22025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2025-30287High8.22025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-30294Medium6.82025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass.
CVE-2025-30293Medium6.82025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass.
CVE-2025-30292Medium6.12025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2025-30291Medium5.52025-04-08ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass.
CVE-2025-30309Medium5.52025-04-08XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-30308Medium5.52025-04-08XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-30307Medium5.52025-04-08XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-30306Medium5.52025-04-08XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-30305Medium5.52025-04-08XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-27205Medium5.42025-04-08Adobe Experience Manager Screens versions FP11.3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-27191Medium5.32025-04-08Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2025-27190Medium5.32025-04-08Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2025-27189Medium4.32025-04-08Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition.
CVE-2025-27188Medium4.32025-04-08Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation.
CVE-2025-27192Low2.72025-04-08Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass.

N/a · 22 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55210Critical9.82025-04-09An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websocket message.
CVE-2025-28413Critical9.82025-04-07An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component
CVE-2025-28412Critical9.82025-04-07An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController
CVE-2025-28411Critical9.82025-04-07An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave
CVE-2025-28410Critical9.82025-04-07An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges
CVE-2025-28408Critical9.82025-04-07An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter
CVE-2025-28406Critical9.82025-04-07An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter
CVE-2025-28405Critical9.82025-04-07An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method
CVE-2025-28402Critical9.82025-04-07An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter
CVE-2025-28409High8.82025-04-07An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified paren…
CVE-2025-28407High8.82025-04-07An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId
CVE-2025-29394High8.12025-04-09An insecure permissions vulnerability in verydows v2.0 allows a remote attacker to execute arbitrary code by uploading a file type.
CVE-2025-28403High7.22025-04-07An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration se…
CVE-2025-28401Medium6.72025-04-07An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter
CVE-2025-28400Medium6.72025-04-07An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method
CVE-2025-29482Medium6.22025-04-07Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265.
CVE-2025-29389Medium6.12025-04-09PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2#tab=t2.
CVE-2025-29594Medium6.12025-04-07A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed.
CVE-2025-29480Medium5.52025-04-07Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function.
CVE-2025-29478Medium5.52025-04-07An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.
CVE-2024-46494Medium5.42025-04-07A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article.
CVE-2025-3397Medium4.32025-04-08A vulnerability classified as problematic has been found in YzmCMS 7.1.

Juniper · 21 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30660High7.52025-04-09An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When…
CVE-2025-30659High7.52025-04-09An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
CVE-2025-30658High7.52025-04-09A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
CVE-2025-30656High7.52025-04-09An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacke…
CVE-2025-30651High7.52025-04-09A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
CVE-2025-30649High7.52025-04-09An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send spe…
CVE-2025-30645High7.52025-04-09A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd pr…
CVE-2025-30644High7.52025-04-09A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific…
CVE-2025-21601High7.52025-04-09An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allow…
CVE-2025-21594High7.52025-04-09An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS).
CVE-2025-30648High7.42025-04-09An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Ser…
CVE-2025-21591High7.42025-04-09A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to…
CVE-2025-30653Medium6.52025-04-09An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evol…
CVE-2025-30647Medium6.52025-04-09A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).
CVE-2025-30646Medium6.52025-04-09A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malfor…
CVE-2025-21595Medium6.52025-04-09A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to De…
CVE-2025-30655Medium5.52025-04-09An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).
CVE-2025-30654Medium5.52025-04-09An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to acces…
CVE-2025-30652Medium5.52025-04-09An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (D…
CVE-2025-30657Medium5.32025-04-09An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
CVE-2025-21597Medium5.32025-04-09An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS…

Huawei · 20 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31173High8.82025-04-07Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-31175High8.42025-04-07Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2025-31170High8.42025-04-07Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-58127High8.42025-04-07Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-58126High8.42025-04-07Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-58125High8.42025-04-07Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-58124High8.42025-04-07Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2025-31172High7.82025-04-07Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-58112High7.52025-04-07Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58111High7.52025-04-07Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58107High7.52025-04-07Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-31174Medium6.82025-04-07Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-31171Medium6.82025-04-07File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-58113Medium5.32025-04-07Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58110Medium4.62025-04-07Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58109Medium4.62025-04-07Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58108Medium4.62025-04-07Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58106Medium4.62025-04-07Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58116Medium4.02025-04-07Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58115Medium4.02025-04-07Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

Sap_se · 16 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31330Critical9.92025-04-08SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC.
CVE-2025-27429Critical9.92025-04-08SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC.
CVE-2025-30016Critical9.82025-04-08SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account.
CVE-2025-23186High8.52025-04-08In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service.
CVE-2025-30014High7.72025-04-08SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation.
CVE-2025-27428High7.72025-04-08Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module.
CVE-2025-26654Medium6.82025-04-08SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS).
CVE-2025-30013Medium6.72025-04-08SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules.
CVE-2025-26657Medium5.32025-04-08SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application.
CVE-2025-26653Medium4.72025-04-08SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability.
CVE-2025-30017Medium4.42025-04-08Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1.
CVE-2025-31333Medium4.32025-04-08SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application.
CVE-2025-31331Medium4.32025-04-08SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation.
CVE-2025-27437Medium4.32025-04-08A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP.
CVE-2025-27435Medium4.22025-04-08Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce.
CVE-2025-30015Medium4.12025-04-08Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content…

Code-projects · 15 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3345High7.32025-04-07A vulnerability was found in codeprojects Online Restaurant Management System 1.0.
CVE-2025-3344High7.32025-04-07A vulnerability was found in codeprojects Online Restaurant Management System 1.0.
CVE-2025-3343High7.32025-04-07A vulnerability was found in codeprojects Online Restaurant Management System 1.0 and classified as critical.
CVE-2025-3342High7.32025-04-07A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical.
CVE-2025-3341High7.32025-04-07A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0.
CVE-2025-3340High7.32025-04-07A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0.
CVE-2025-3339High7.32025-04-07A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0.
CVE-2025-3338High7.32025-04-07A vulnerability classified as critical has been found in codeprojects Online Restaurant Management System 1.0.
CVE-2025-3334High7.32025-04-07A vulnerability was found in codeprojects Online Restaurant Management System 1.0 and classified as critical.
CVE-2025-3333High7.32025-04-07A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical.
CVE-2025-3332High7.32025-04-07A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0.
CVE-2025-3331High7.32025-04-07A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0.
CVE-2025-3330High7.32025-04-07A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0.
CVE-2025-3348Medium6.32025-04-07A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0.
CVE-2025-3347Medium6.32025-04-07A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0.

Samsung · 15 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-20946High8.82025-04-08Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to pair with specific bluetooth devices without user interaction.
CVE-2025-20936High8.82025-04-08Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root.
CVE-2025-20943Medium6.42025-04-08Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption.
CVE-2025-20944Medium6.22025-04-08Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory.
CVE-2025-20941Medium6.22025-04-08Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device.
CVE-2025-20952Medium5.52025-04-09Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege.
CVE-2025-20948Medium5.52025-04-08Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.
CVE-2025-20947Medium5.52025-04-08Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users.
CVE-2025-20938Medium5.52025-04-08Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts.
CVE-2025-20934Medium5.52025-04-08Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.
CVE-2025-20939Medium5.42025-04-08Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical attackers to update device unique identifier of Watch devices.
CVE-2025-20951Medium5.12025-04-08Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.
CVE-2025-20942Medium4.42025-04-08Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID.
CVE-2025-20950Medium4.02025-04-08Use of implicit intent for sensitive communication in SamsungNotes prior to version 4.4.26.45 allows local attackers to access sensitive information.
CVE-2025-20945Medium4.02025-04-08Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch.

The Wikimedia Foundation · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32079Medium6.52025-04-11Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43.
CVE-2025-32074Medium5.42025-04-11Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43.
CVE-2025-32073Medium5.42025-04-11Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43.
CVE-2025-32071Medium5.42025-04-11Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting (XSS) from widthheight message via ImageHandler::getDimensionsString()This issue affects Mediawiki - Wikidata Ex…
CVE-2025-32070Medium5.42025-04-11Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - AJAX Poll Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - AJAX Poll Extension: from 1.39 through 1.43.
CVE-2025-32069Medium5.42025-04-11Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43.
CVE-2025-32068Medium5.42025-04-11Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43.
CVE-2025-32067Medium5.42025-04-11Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Growth Experiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Growth Experiments Extension: from 1.39 through 1.43.
CVE-2025-320802025-04-11Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Mobile Frontend Extension allows Shared Resource Manipulation.This issue affects Mediawiki - Mobile Frontend Extension: from 1…
CVE-2025-320782025-04-11Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43.
CVE-2025-320772025-04-11Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Extension:SimpleCalendar allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Extension:SimpleCalendar: from 1.39 through 1.43.
CVE-2025-320762025-04-11Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Visual Data Extension allows HTTP DoS.This issue affects Mediawiki - Visual Data Extension: from 1.39 through 1.43.
CVE-2025-320752025-04-11Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Tabs Extension allows Code Injection.This issue affects Mediawiki - Tabs Extension: from 1.39 through 1.43.
CVE-2025-320722025-04-11Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43.

Siemens · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-41794Critical10.02025-04-08A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
CVE-2024-54092Critical9.82025-04-08A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit -…
CVE-2024-41790Critical9.12025-04-08A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
CVE-2024-41789Critical9.12025-04-08A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
CVE-2024-41788Critical9.12025-04-08A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
CVE-2024-41793High8.62025-04-08A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
CVE-2024-41792High8.62025-04-08A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
CVE-2024-41791High7.32025-04-08A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
CVE-2025-30000Medium6.72025-04-08A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3).
CVE-2025-29999Medium6.72025-04-08A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3).
CVE-2024-41796Medium6.52025-04-08A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
CVE-2024-41795Medium6.52025-04-08A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
CVE-2025-30280Medium5.32025-04-08A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V10.6 (All versions < V10.6.22), Mendix…

Dell · 12 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27690Critical9.82025-04-10Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability.
CVE-2025-29986High8.32025-04-08Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA).
CVE-2025-26330High7.02025-04-10Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability.
CVE-2025-29988Medium6.92025-04-09Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability.
CVE-2025-22471Medium6.52025-04-10Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability.
CVE-2025-29985Medium6.52025-04-08Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA).
CVE-2025-26335Medium5.82025-04-11Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive Information Into Sent Data vulnerability.
CVE-2025-26480Medium5.32025-04-10Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability.
CVE-2025-23378Low3.32025-04-10Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability.
CVE-2025-26479Low3.12025-04-10Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability.
CVE-2025-29989Low3.12025-04-10Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability.
CVE-2025-27686Low2.72025-04-07Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability.

Apple · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-42970High8.82025-04-11A use-after-free issue was addressed with improved memory management.
CVE-2023-42977High7.82025-04-11A path handling issue was addressed with improved validation.
CVE-2023-42875High7.32025-04-11Processing web content may lead to arbitrary code execution.
CVE-2023-41076High7.32025-04-11An app may be able to elevate privileges.
CVE-2023-42983Medium6.42025-04-11Processing a file may lead to a denial-of-service or potentially disclose memory contents.
CVE-2023-42982Medium6.42025-04-11Processing a file may lead to a denial-of-service or potentially disclose memory contents.
CVE-2023-42961Medium6.32025-04-11A path handling issue was addressed with improved validation.
CVE-2023-42981Medium5.42025-04-11Processing a file may lead to a denial-of-service or potentially disclose memory contents.
CVE-2023-38614Medium4.32025-04-11A permissions issue was addressed with additional restrictions.
CVE-2023-42973Medium4.02025-04-11Private Browsing tabs may be accessed without authentication.
CVE-2023-42969Low3.32025-04-11An app may be able to break out of its sandbox.

Fortinet · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-48887Critical9.82025-04-08A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request
CVE-2024-26013High7.52025-04-08A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet Fort…
CVE-2023-37930High7.52025-04-08Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities vulnerability in Fortinet allows a VPN user to corrupt memory potentially leading to code or commands execution via…
CVE-2025-25254High7.22025-04-08An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated a…
CVE-2024-54024High7.22025-04-08An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to exe…
CVE-2024-54025Medium6.72025-04-08An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands v…
CVE-2024-46671Medium6.22025-04-08An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-…
CVE-2024-52962Medium5.32025-04-08An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and FortiManager version 7.6.1 and below, version 7.4.5…
CVE-2024-50565Low3.12025-04-08A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortin…
CVE-2025-22855Low2.72025-04-08An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.
CVE-2024-32122Low2.32025-04-08A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP…

Palo Alto Networks · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0120High7.02025-04-11A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM.
CVE-2025-0124Low3.82025-04-11An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limit…
CVE-2025-01292025-04-11An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules.
CVE-2025-01232025-04-11A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-pack…
CVE-2025-01192025-04-11A command injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system running Broker VM.
CVE-2025-01282025-04-11A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously c…
CVE-2025-01272025-04-11A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user.
CVE-2025-01262025-04-11When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user.
CVE-2025-01252025-04-11An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS adm…
CVE-2025-01222025-04-11A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet processing capabilities of the device by…
CVE-2025-01212025-04-11A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent.

Pcman · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3380High7.32025-04-07A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7.
CVE-2025-3379High7.32025-04-07A vulnerability classified as critical was found in PCMan FTP Server 2.0.7.
CVE-2025-3378High7.32025-04-07A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7.
CVE-2025-3377High7.32025-04-07A vulnerability was found in PCMan FTP Server 2.0.7.
CVE-2025-3376High7.32025-04-07A vulnerability was found in PCMan FTP Server 2.0.7.
CVE-2025-3375High7.32025-04-07A vulnerability was found in PCMan FTP Server 2.0.7.
CVE-2025-3374High7.32025-04-07A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical.
CVE-2025-3373High7.32025-04-07A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical.
CVE-2025-3372High7.32025-04-07A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7.
CVE-2025-3371High7.32025-04-07A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7.
CVE-2025-3349High7.32025-04-07A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7.

Rockwell Automation · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3289High7.82025-04-08A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow.
CVE-2025-3288High7.82025-04-08A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer.
CVE-2025-3287High7.82025-04-08A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow.
CVE-2025-3286High7.82025-04-08A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer.
CVE-2025-3285High7.82025-04-08A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer.
CVE-2025-2829High7.82025-04-08A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer.
CVE-2025-2293High7.82025-04-08A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer.
CVE-2025-2288High7.82025-04-08A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer.
CVE-2025-2287High7.82025-04-08A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer.
CVE-2025-2286High7.82025-04-08A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer.
CVE-2025-2285High7.82025-04-08A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer.

Linux · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22017Medium5.52025-04-08In the Linux kernel, the following vulnerability has been resolved: devlink: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false.
CVE-2025-22016Medium5.52025-04-08In the Linux kernel, the following vulnerability has been resolved: dpll: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false.
CVE-2025-22015Medium5.52025-04-08In the Linux kernel, the following vulnerability has been resolved: mm/migrate: fix shmem xarray update during migration A shmem folio can be either in page cache or in swap cache, but not at the same time.
CVE-2025-22014Medium5.52025-04-08In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdr_add_lookup() to add the look up for the service and does schedule locator work, later a pr…
CVE-2025-22013Medium5.52025-04-08In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several problems with the way hyp code lazily saves the host's FPSIMD/SVE state, including: *…
CVE-2025-22012Medium5.52025-04-08In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu" There are reports that the pagetable walker cache coherency is not a given across the spectrum of SDM845…
CVE-2025-22011Medium5.52025-04-08In the Linux kernel, the following vulnerability has been resolved: ARM: dts: bcm2711: Fix xHCI power-domain During s2idle tests on the Raspberry CM4 the VPU firmware always crashes on xHCI power-domain resume: root@raspberrypi:/sys/pow…
CVE-2025-22010Medium5.52025-04-08In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup during bt pages loop Driver runs a for-loop when allocating bt pages and mapping them with buffer pages.
CVE-2025-22009Medium5.52025-04-08In the Linux kernel, the following vulnerability has been resolved: regulator: dummy: force synchronous probing Sometimes I get a NULL pointer dereference at boot time in kobject_get() with the following call stack: anatop_regulator_pro…
CVE-2025-22008Medium5.52025-04-08In the Linux kernel, the following vulnerability has been resolved: regulator: check that dummy regulator has been probed before using it Due to asynchronous driver probing there is a chance that the dummy regulator hasn't already been p…

Inaba Denki Sangyo Co., Ltd. · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27797Critical9.82025-04-09OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'.
CVE-2025-25053High8.82025-04-09OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'.
CVE-2025-29870High7.52025-04-09Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'.
CVE-2025-27934High7.52025-04-09Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'.
CVE-2025-25213Medium6.52025-04-09Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'.
CVE-2025-27722Medium5.92025-04-09Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'.
CVE-2025-25056Medium4.32025-04-09Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'.
CVE-2025-23407Medium4.32025-04-09Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'.

Apollographql · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32380High7.52025-04-09The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2.
CVE-2025-32034High7.52025-04-07The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2.
CVE-2025-32033High7.52025-04-07The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2.
CVE-2025-32032High7.52025-04-07The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2.
CVE-2025-32031High7.52025-04-07Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint.
CVE-2025-32030High7.52025-04-07Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint.
CVE-2025-31496High7.52025-04-07apollo-compiler is a query-based compiler for the GraphQL query language.

Google · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-20656Medium6.82025-04-07In DA, there is a possible out of bounds write due to a missing bounds check.
CVE-2025-20662Medium6.72025-04-07In PlayReady TA, there is a possible out of bounds read due to a missing bounds check.
CVE-2025-20661Medium6.72025-04-07In PlayReady TA, there is a possible out of bounds read due to a missing bounds check.
CVE-2025-20660Medium6.72025-04-07In PlayReady TA, there is a possible out of bounds read due to a missing bounds check.
CVE-2025-20657Medium6.72025-04-07In vdec, there is a possible permission bypass due to improper input validation.
CVE-2025-20658Medium6.02025-04-07In DA, there is a possible permission bypass due to a logic error.
CVE-2025-20655Medium5.32025-04-07In keymaster, there is a possible out of bounds read due to a missing bounds check.

Openatom · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22851Medium6.52025-04-07in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow.
CVE-2025-27534Low3.32025-04-07in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.
CVE-2025-25057Low3.32025-04-07in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.
CVE-2025-24304Low3.32025-04-07in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write.
CVE-2025-22842Low3.32025-04-07in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-22452Low3.32025-04-07in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-20102Low3.32025-04-07in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Suse · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23391Critical9.12025-04-11A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts.
CVE-2025-23389High8.42025-04-11A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login.
CVE-2025-23388High8.22025-04-11A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.
CVE-2025-23386High7.82025-04-10A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1.
CVE-2024-52280High7.72025-04-11A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type.
CVE-2024-52282Medium6.22025-04-11A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps’ value…
CVE-2025-23387Medium5.32025-04-11A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects…

Dnnsoftware · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32373Medium6.52025-04-09DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem.
CVE-2025-32372Medium6.52025-04-09DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem.
CVE-2025-32374Medium5.92025-04-09DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem.
CVE-2025-32371Medium4.32025-04-09DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem.
CVE-2025-32036Medium4.22025-04-08DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem.
CVE-2025-32035Low2.62025-04-08DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem.

Ivanti · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22466High8.22025-04-08Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges.
CVE-2025-22458High7.82025-04-08DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.
CVE-2025-22461High7.22025-04-08SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.
CVE-2025-22465Medium6.12025-04-08Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser.
CVE-2025-22464Medium6.12025-04-08An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.
CVE-2025-22459Medium4.82025-04-08Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.

Wikimedia Foundation · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-34692025-04-10Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
CVE-2025-327002025-04-10Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter.
CVE-2025-326992025-04-10Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.
CVE-2025-326982025-04-10Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
CVE-2025-326972025-04-10Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki.
CVE-2025-326962025-04-10Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki.

Elastic · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12556High8.72025-04-08Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal.
CVE-2025-25013Medium6.52025-04-08Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.
CVE-2024-52980Medium6.52025-04-08A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.
CVE-2024-52974Medium6.52025-04-08An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash.
CVE-2024-52981Medium4.92025-04-08An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

Gitlab · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1677Medium6.52025-04-10A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversized payloads into CI pipeline exports.
CVE-2025-0362Medium6.42025-04-10An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4.
CVE-2024-11129Medium6.32025-04-10An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4.
CVE-2025-2408Medium5.32025-04-10An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4.
CVE-2025-2469Low3.72025-04-10An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4.

Hailey888 · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3388Medium4.32025-04-07A vulnerability classified as problematic was found in hailey888 oa_system up to 2025.01.01.
CVE-2025-3392Low3.52025-04-08A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic.
CVE-2025-3391Low3.52025-04-08A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic.
CVE-2025-3390Low3.52025-04-08A vulnerability, which was classified as problematic, was found in hailey888 oa_system up to 2025.01.01.
CVE-2025-3389Low3.52025-04-08A vulnerability, which was classified as problematic, has been found in hailey888 oa_system up to 2025.01.01.

Phpgurukul · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3370High7.32025-04-07A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0.
CVE-2025-3353High7.32025-04-07A vulnerability was found in PHPGurukul Men Salon Management System 1.0.
CVE-2025-3352High7.32025-04-07A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical.
CVE-2025-3351High7.32025-04-07A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical.
CVE-2025-3350High7.32025-04-07A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0.

Schneider Electric · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2223High7.82025-04-09CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when a malicious project file is loaded by a user from the local system.
CVE-2025-2222High7.82025-04-09CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following man in the middle attack.
CVE-2025-2442Medium6.82025-04-09CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could potentially lead to unauthorized access which could result in the loss of confidentially, integrity and availability when a malicious user, hav…
CVE-2025-2441Medium4.62025-04-09CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory default mode where the product does no…
CVE-2025-2440Medium4.22025-04-09CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets…

Stylemix · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2807High8.82025-04-08The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and in…
CVE-2025-32654High8.12025-04-11Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows PHP Local File Inclusion.This issue affects Motors: f…
CVE-2025-2128Medium6.52025-04-11The Cost Calculator Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_ids’ parameter in all versions up to, and including, 3.2.67 due to insufficient escaping on the user supplied parameter and lack of s…
CVE-2025-2808Medium5.42025-04-08The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63 due to insufficient input sanitization a…
CVE-2025-3437Medium4.32025-04-08The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajax_actions.php file in all versions up to, and…

Zoom · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30671Medium6.52025-04-08Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-30670Medium6.52025-04-08Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-27442Medium4.62025-04-08Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
CVE-2025-27441Medium4.62025-04-08Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
CVE-2025-27443Low2.82025-04-08Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.

Apache · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30473High8.82025-04-07Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow Common SQL Provider.
CVE-2025-27391Medium6.52025-04-09Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis.
CVE-2025-30677Medium6.52025-04-09Apache Pulsar contains multiple connectors for integrating with Apache Kafka.
CVE-2025-31672Medium5.32025-04-09Improper Input Validation vulnerability in Apache POI.

Arubanetworks · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27083High7.22025-04-08Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface.
CVE-2025-27082High7.22025-04-08Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems.
CVE-2025-27084Medium5.42025-04-08A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack.
CVE-2025-27085Medium4.92025-04-08Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor.

Fuzzoid · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3430Medium4.92025-04-08The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printer_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparat…
CVE-2025-3429Medium4.92025-04-08The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient prepara…
CVE-2025-3428Medium4.92025-04-08The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparat…
CVE-2025-3427Medium4.92025-04-08The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati…

Hgiga · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3363Critical9.82025-04-08The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-3362Critical9.82025-04-08The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-3361Critical9.82025-04-08The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-3364Medium6.72025-04-08The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system.

Ibm · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-43037Medium6.52025-04-10IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation.
CVE-2023-33844Medium5.42025-04-09IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting.
CVE-2025-25023Medium4.92025-04-09IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment.
CVE-2024-51461Medium4.32025-04-11IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.

Mediatek · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-20654Critical9.82025-04-07In wlan service, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2025-20664High7.52025-04-07In wlan AP driver, there is a possible information disclosure due to an uncaught exception.
CVE-2025-20663High7.52025-04-07In wlan AP driver, there is a possible information disclosure due to an uncaught exception.
CVE-2025-20659Medium6.52025-04-07In Modem, there is a possible system crash due to improper input validation.

Ni · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2632High7.82025-04-09Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution.
CVE-2025-2631High7.82025-04-09Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution.
CVE-2025-2630High7.32025-04-09There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW.
CVE-2025-2629High7.32025-04-09There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting.

Nothings · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3409Medium6.32025-04-08A vulnerability classified as critical has been found in Nothings stb up to f056911.
CVE-2025-3408Medium6.32025-04-08A vulnerability was found in Nothings stb up to f056911.
CVE-2025-3407Medium6.32025-04-08A vulnerability was found in Nothings stb up to f056911.
CVE-2025-3406Medium4.32025-04-08A vulnerability was found in Nothings stb up to f056911.

Oisf · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29915High7.52025-04-10Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.
CVE-2025-29918Medium6.22025-04-10Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.
CVE-2025-29917Medium6.22025-04-10Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.
CVE-2025-29916Medium6.22025-04-10Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.

Red Hat · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2251Medium6.22025-04-07A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism.
CVE-2025-3359Medium6.22025-04-07A flaw was found in GNUPlot.
CVE-2025-3416Low3.72025-04-08A flaw was found in OpenSSL's handling of the properties argument in certain functions.
CVE-2025-3360Low3.72025-04-07A flaw was found in GLib.

Adonesevangelista · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3337High7.32025-04-07A vulnerability was found in codeprojects Online Restaurant Management System 1.0.
CVE-2025-3336High7.32025-04-07A vulnerability was found in codeprojects Online Restaurant Management System 1.0.
CVE-2025-3335High7.32025-04-07A vulnerability was found in codeprojects Online Restaurant Management System 1.0.

Aias · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3412Medium6.32025-04-08A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308.
CVE-2025-3411Medium6.32025-04-08A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308.
CVE-2025-3410Medium6.32025-04-08A vulnerability classified as critical was found in mymagicpower AIAS 20250308.

Amauri · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31475Medium5.52025-04-07tarteaucitron.js is a compliant and accessible cookie banner.
CVE-2025-31138Medium5.52025-04-07tarteaucitron.js is a compliant and accessible cookie banner.
CVE-2025-31476Medium4.82025-04-07tarteaucitron.js is a compliant and accessible cookie banner.

Brizy · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32198Medium6.52025-04-10Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefusecom Brizy brizy.This issue affects Brizy: from n/a through <= 2.7.7.
CVE-2025-26902Medium4.32025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1.
CVE-2025-26901Medium4.32025-04-09Missing Authorization vulnerability in Brizy Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy Pro: from n/a through 2.6.1.

Debian · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13861High7.82025-04-11A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root.
CVE-2025-29769Medium5.52025-04-07libvips is a demand-driven, horizontally threaded image processing library.
CVE-2025-32728Medium4.32025-04-10In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

Drupal · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3475Medium6.52025-04-09Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.This issue affects WEB-T: from 0.0.0 before 1.1.0.
CVE-2025-3474Medium6.52025-04-09Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panels: from 0.0.0 before 4.9.0.
CVE-2025-3131Medium5.42025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before 2.0.16, from 2.1.0…

Esafenet · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3401High7.32025-04-08A vulnerability has been found in ESAFENET CDG 5.6.3.154.205_20250114 and classified as critical.
CVE-2025-3400High7.32025-04-08A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114.
CVE-2025-3399High7.32025-04-08A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5.6.3.154.205_20250114.

Hive Support · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32242Medium6.52025-04-10Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hive Support: from n/a through <= 1.2.5.
CVE-2025-32214Medium6.52025-04-10Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Stored XSS.This issue affects Hive Support: from n/a through <= 1.2.11.
CVE-2025-32208Medium6.52025-04-10Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through <= 1.2.5.

Iqonicdesign · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2526High8.82025-04-08The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2.
CVE-2025-2525High8.82025-04-08The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'st_Authentication_Controller::edit_profile' function in all versions up to, and including, 4.0.1.
CVE-2025-2519Medium6.52025-04-08The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1.

Philips · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-34262025-04-07We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering.
CVE-2025-34252025-04-07The IntelliSpace portal application utilizes .NET Remoting for its functionality.
CVE-2025-34242025-04-07The IntelliSpace portal application utilizes .NET Remoting for its functionality.

Pickplugins · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32144High8.82025-04-11Deserialization of Untrusted Data vulnerability in PickPlugins Job Board Manager job-board-manager allows Object Injection.This issue affects Job Board Manager: from n/a through <= 2.1.61.
CVE-2025-32143High8.82025-04-11Deserialization of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects Accordion: from n/a through <= 2.3.11.
CVE-2025-32618High8.52025-04-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through <= 1.0.46.

Shopware · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30151High7.52025-04-08Shopware is an open commerce platform.
CVE-2025-32378Medium5.32025-04-09Shopware is an open source e-commerce software platform.
CVE-2025-30150Medium5.32025-04-08Shopware 6 is an open commerce platform based on Symfony Framework and Vue.

Sonicwall · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23010High7.22025-04-10An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths.
CVE-2025-23009High7.22025-04-10A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion.
CVE-2025-23008High7.22025-04-10An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.

Wpeverest · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3439Critical9.82025-04-11The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input f…
CVE-2025-3421Medium6.12025-04-11The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 du…
CVE-2025-3422Medium5.42025-04-11The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1.

Ability, Inc · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32650High8.52025-04-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ability, Inc Accessibility Suite online-accessibility allows SQL Injection.This issue affects Accessibility Suite: from n/a through <= 4…
CVE-2025-32215Medium6.52025-04-10Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Stored XSS.This issue affects Accessibility Suite: from n/a through <= 4.18.

Ashan Perera · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32614High8.82025-04-11Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through <= 2.4.
CVE-2025-32160High7.52025-04-10Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON eventon-lite.This issue affects EventON: from n/a through <= 2.4.1.

Axis · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0361Medium4.32025-04-08During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuratio…
CVE-2024-47261Medium4.32025-04-0851l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web inte…

Bep · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-320252025-04-08bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files.
CVE-2025-320242025-04-08bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files.

Blubrry · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32690Medium6.52025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through <= 11.12.5.
CVE-2025-32691Medium4.92025-04-09Server-Side Request Forgery (SSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Server Side Request Forgery.This issue affects PowerPress Podcasting: from n/a through <= 11.12.6.

Bogdan Bendziukov · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31002Critical9.12025-04-09Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze squeeze allows Using Malicious Files.This issue affects Squeeze: from n/a through <= 1.6.
CVE-2025-31003Low2.72025-04-09Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze squeeze allows Retrieve Embedded Sensitive Data.This issue affects Squeeze: from n/a through <= 1.6.

Codeastro · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29017High8.82025-04-10A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php.
CVE-2025-29018Medium4.82025-04-09A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.

Dev02ali · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32567High8.52025-04-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dev02ali Easy Post Duplicator easy-post-duplicator allows SQL Injection.This issue affects Easy Post Duplicator: from n/a through <= 1.0…
CVE-2025-32538High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dev02ali Easy Post Duplicator easy-post-duplicator allows Reflected XSS.This issue affects Easy Post Duplicator: from n/a through <= 1.0…

Helm · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32387Medium6.52025-04-09Helm is a package manager for Charts for Kubernetes.
CVE-2025-32386Medium6.52025-04-09Helm is a tool for managing Charts.

Hewlett Packard Enterprise (Hpe) · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27078Medium6.52025-04-08A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to inject commands into the underlying operating system while using the CLI.
CVE-2025-27079Medium6.02025-04-08A vulnerability in the file creation process on the command line interface of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to perform remote code execution (RCE).

Iteaj · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3327Low3.52025-04-07A vulnerability was found in iteaj iboot 物联网网关 1.1.3 and classified as problematic.
CVE-2025-3326Low3.52025-04-07A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic.

Jenkins · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32755Critical9.12025-04-10In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to…
CVE-2025-32754Critical9.12025-04-10In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able…

Joe · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32495Medium6.52025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark waymark allows Stored XSS.This issue affects Waymark: from n/a through <= 1.5.3.
CVE-2025-32487Medium4.92025-04-09Server-Side Request Forgery (SSRF) vulnerability in Joe Waymark waymark allows Server Side Request Forgery.This issue affects Waymark: from n/a through <= 1.5.2.

Joomla · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25226Critical9.82025-04-08Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package.
CVE-2025-25227High7.52025-04-08Insufficient state checks lead to a vector that allows to bypass 2FA checks.

Linzhaoguan · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3386Low2.42025-04-07A vulnerability was found in LinZhaoguan pb-cms 2.0.
CVE-2025-3385Low2.42025-04-07A vulnerability was found in LinZhaoguan pb-cms 2.0.

Magepeopleteam · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32607Critical9.82025-04-11Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly service-booking-manager allows Object Injection.This issue affects WpBookingly: from n/a through <= 1.3.0.
CVE-2025-32145High8.82025-04-10Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 4.3.6.

Magnigenie · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32687High8.52025-04-10Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce review-stars-count-for-woocommerce allows SQL Injection.This issue affects Review Stars Cou…
CVE-2025-32553High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Reflected XSS.This issue affects RestroPress: from n/a through <= 3.2.8.4.

Msi · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27813High8.12025-04-10MSI Center before 2.0.52.0 has Missing PE Signature Validation.
CVE-2025-27812High8.12025-04-10MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation.

Ngothang · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6860Medium4.32025-04-09The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack
CVE-2024-6857Medium4.32025-04-09The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack

Open, Inc. · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31932High8.82025-04-11Deserialization of untrusted data issue exists in BizRobo!
CVE-2025-31362Low3.72025-04-11Use of hard-coded cryptographic key issue exists in BizRobo!

Otwthemes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32115High7.12025-04-10Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Popping Content Light popping-content-light allows Reflected XSS.This issue affects Popping Content Light: from n/a through <=…
CVE-2025-32117High7.12025-04-08Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through <=…

Quantumcloud · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32675Medium6.82025-04-09Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help seo-help allows Server Side Request Forgery.This issue affects SEO Help: from n/a through <= 6.7.9.
CVE-2025-32244Medium6.52025-04-10Missing Authorization vulnerability in QuantumCloud SEO Help seo-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Help: from n/a through <= 6.7.9.

Romancode · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32683Medium6.52025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through <= 8.6.6.
CVE-2025-32684Medium5.02025-04-09Missing Authorization vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through <= 8.6.4.

Samsung Mobile · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-20935Medium5.52025-04-08Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access files with system privilege.
CVE-2025-20940Medium4.02025-04-08Improper handling of insufficient permission in Samsung Device Health Manager Service prior to SMR Apr-2025 Release 1 allows local attackers to access provider in SDMHS.

Scand · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32517High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SCAND MultiMailer scand-multi-mailer allows Reflected XSS.This issue affects MultiMailer: from n/a through <= 1.0.3.
CVE-2025-32505High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in SCAND MultiMailer scand-multi-mailer allows Stored XSS.This issue affects MultiMailer: from n/a through <= 1.0.3.

Silverstripe · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30148Medium5.42025-04-10Silverstripe Framework is a PHP framework which powers the Silverstripe CMS.
CVE-2025-25197Medium5.42025-04-10Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field.

Spider Themes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32216Medium6.42025-04-10Missing Authorization vulnerability in Spider Themes Spider Elements spider-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spider Elements: from n/a through <= 1.6.6.
CVE-2025-32221Medium5.42025-04-10Missing Authorization vulnerability in Spider Themes EazyDocs eazydocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through <= 2.7.1.

Spotfire · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3115Critical9.82025-04-09Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions.
CVE-2025-31142025-04-09Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise.

Sqlite · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29088Medium5.62025-04-10In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash).
CVE-2025-29087Low3.22025-04-07In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer.

Subnet Solutions · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31935Medium6.22025-04-11Subnet Solutions PowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability.
CVE-2025-31354Medium4.32025-04-11Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters.

Tenda · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3346High8.82025-04-07A vulnerability was found in Tenda AC7 15.03.06.44.
CVE-2025-3328High8.82025-04-07A vulnerability was found in Tenda AC1206 15.03.06.23.

Verbb · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32427Medium5.42025-04-11Formie is a Craft CMS plugin for creating forms.
CVE-2025-32426Medium4.62025-04-11Formie is a Craft CMS plugin for creating forms.

Videx Inc. · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-223752025-04-10An authentication bypass vulnerability was found in Videx's CyberAudit-Web.
CVE-2025-223742025-04-10A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3.

W. W. Norton · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32808High7.72025-04-11W.
CVE-2025-32809Medium6.42025-04-11W.

Wedevs · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2541Medium6.42025-04-11The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping.
CVE-2025-3100Medium6.42025-04-09The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22…

Wpminds · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2004Critical9.12025-04-08The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17.
CVE-2025-32509High7.52025-04-11Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMinds Simple WP Events simple-wp-events allows Path Traversal.This issue affects Simple WP Events: from n/a through <= 1.8.17.

Yiiframework · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-58136Critical9.0KEV2025-04-10Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.
CVE-2025-32027Medium6.12025-04-10Yii is an open source PHP web framework.

1000 Projects · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3384High7.32025-04-07A vulnerability was found in 1000 Projects Human Resource Management System 1.0.

1panel-dev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32383Medium4.32025-04-10MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG).

5sterrenspecialist · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32114High7.12025-04-10Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5sterrenspecialist WordPress 5sterrenspecialist Plugin 5-sterrenspecialist allows Reflected XSS.This issue affects WordPress 5sterrenspec…

A.ankit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31395High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through <= 1.0.

Aaronfrey · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32128High7.62025-04-10Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aaronfrey Nearby Locations nearby-locations allows SQL Injection.This issue affects Nearby Locations: from n/a through <= 1.1.1.

Ab-tools · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32479High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in ab-tools Flags Widget flags-widget allows Stored XSS.This issue affects Flags Widget: from n/a through <= 1.0.7.

Aba Bank · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32586High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABA Bank ABA PayWay Payment Gateway for WooCommerce aba-payway-woocommerce-payment-gateway allows Reflected XSS.This issue affects ABA Pa…

Abozain Albanna · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31034Medium4.32025-04-09Cross-Site Request Forgery (CSRF) vulnerability in AboZain Albanna Customize Login Page customize-login-page allows Cross Site Request Forgery.This issue affects Customize Login Page: from n/a through <= 1.1.

Accredible · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13909Medium4.92025-04-10The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter an…

Adam Nowak · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31033Critical9.82025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity buddypress-humanity allows Cross Site Request Forgery.This issue affects Buddypress Humanity: from n/a through <= 1.2.

Adrian Tobey · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31015High7.52025-04-11Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved!

Agence Web Eoxia - Montpellier · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32576Critical9.62025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Server.This issue affects WP shop: from n/a through <= 2.6.1.

Alimir · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32259Medium5.32025-04-10Missing Authorization vulnerability in Alimir WP ULike wp-ulike.This issue affects WP ULike: from n/a through <= 4.7.9.1.

Amir Helzer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26888Medium5.32025-04-09Missing Authorization vulnerability in Amir Helzer WooCommerce Multilingual & Multicurrency woocommerce-multilingual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Mult…

Anantaddons · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32641Critical9.62025-04-09Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Cross Site Request Forgery.This issue affects Anant Addons for Elementor: from n/a through <= 1.1.8.

Ankit Singla · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32581High7.12025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ankit Singla WordPress Spam Blocker cf7-manual-spam-blocker allows Stored XSS.This issue affects WordPress Spam Blocker: from n/a through…

Anytrack · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31041High7.52025-04-11Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: fro…

Apeleghq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-320292025-04-07ts-asn1-der is a collection of utility classes to encode ASN.1 data following DER rule.

Appsbd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32642Critical10.02025-04-09Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon vite-coupon allows Remote Code Inclusion.This issue affects Vite Coupon: from n/a through <= 1.0.9.

Aribhour · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31411Medium5.92025-04-10Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Int…

Aristo Rinjuang · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32685High7.62025-04-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries wp-inquiries allows SQL Injection.This issue affects WP Inquiries: from n/a through <= 0.2.1.

Arm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0050Medium5.92025-04-07Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privile…

Asaquzzaman Mishu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31377High7.52025-04-09Missing Authorization vulnerability in Asaquzzaman mishu Woo Product Feed For Marketing Channels woocommerce-to-google-merchant-center allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Product F…

Asgaros · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32227Medium4.32025-04-10Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum asgaros-forum allows Identity Spoofing.This issue affects Asgaros Forum: from n/a through <= 3.0.0.

Ashish Ajani · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32678Medium4.32025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Show Stats wp-show-stats allows Cross Site Request Forgery.This issue affects WP Show Stats: from n/a through <= 1.5.

Ashokbasnet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32664High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in ashokbasnet Nepali Date Utilities nepali-date-utilities allows Stored XSS.This issue affects Nepali Date Utilities: from n/a through <= 1.0.15.

Athemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32158High7.52025-04-10Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite.This issue affects aThemes Addons for Eleme…

Austin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31026High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Austin Comment Validation Reloaded comment-validation-reloaded allows Stored XSS.This issue affects Comment Validation Reloaded: from n/a through <= 0.5.

Axew3 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32575High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB wp-w3all-phpbb-integration allows Reflected XSS.This issue affects WP w3all phpBB: from n/a through <= 2.9.9.

Ays Pro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32275Medium4.32025-04-10Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker survey-maker allows Identity Spoofing.This issue affects Survey Maker: from n/a through <= 5.1.6.3.

Aytechnet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30582High8.12025-04-10Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet DyaPress ERP/CRM dyapress allows PHP Local File Inclusion.This issue affects DyaPress ERP/CRM: from n/a through <= 18.0.2.0.

Azuread · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32016Medium4.72025-04-09Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform (formerly Azure AD v2.0 endpoint) and AAD B2C.

Azurecurve · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2809High7.32025-04-10The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2.

Bdoga · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31390High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in bdoga Social Crowd social-crowd allows Stored XSS.This issue affects Social Crowd: from n/a through <= 0.9.6.1.

Benjamin Chris · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31035Medium5.92025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Chris WP Editor.md – The Perfect WordPress Markdown Editor wp-editormd allows Stored XSS.This issue affects WP Editor.md – The P…

Bentoml · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32375Critical9.82025-04-09BentoML is a Python library for building online serving systems optimized for AI apps and model inference.

Bhoogterp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31375High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled scheduled allows Stored XSS.This issue affects Scheduled: from n/a through <= 1.0.

Bjoern · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32485Medium4.32025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Cross Site Request Forgery.This issue affects WP Performance Pack: from n/a through <= 2.5.4.

Bluecms_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29150Medium4.32025-04-10BlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter in an /publish.php?act=del request.

Blueinstyle · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32476High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in blueinstyle Advanced Tag Lists advanced-tag-list allows Stored XSS.This issue affects Advanced Tag Lists: from n/a through <= 1.2.

Bozdoz · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32494Medium4.32025-04-09Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Jetpack recaptcha-jetpack allows Cross Site Request Forgery.This issue affects reCAPTCHA Jetpack: from n/a through <= 0.2.2.

Brainstormforce · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3102High8.12025-04-10The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_use…

Brian Batt - Elearningfreak.com · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32202Critical9.12025-04-10Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress insert-or-embed-articulate-content-into-wordpress allows Upload a Web Shell to a Web Server…

Broadstreet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32211Medium6.52025-04-08Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet Ads broadstreet allows Stored XSS.This issue affects Broadstreet Ads: from n/a through <= 1.52.1.

C-ares · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-314982025-04-08c-ares is an asynchronous resolver library.

Canonical · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24375Medium5.02025-04-09Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes.

Cardgate · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32119High8.22025-04-10Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce cardgate allows Blind SQL Injection.This issue affects CardGate Payments for WooCommerce: from…

Ch-go · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1386Medium4.92025-04-11When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stre…

Chandan Garg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31399High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Chandan Garg CG Scroll To Top cg-scroll-to-top allows Stored XSS.This issue affects CG Scroll To Top: from n/a through <= 3.5.

Chat2 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32584High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Chat2 Chat2 chat2 allows Cross Site Request Forgery.This issue affects Chat2: from n/a through <= 4.0.

Checkmk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38865High8.82025-04-10Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution.

Chillpay · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32570High7.12025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChillPay ChillPay WooCommerce chillpay-payment-gateway allows Stored XSS.This issue affects ChillPay WooCommerce: from n/a through <= 2.5…

Circl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32413Medium6.42025-04-08Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py.

Clickandpledge · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32550High7.22025-04-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection.

Cmsjunkie - Wordpress Business Directory Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32629High8.62025-04-11Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Path Traversal.This issue affects WP-Business…

Codelit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32816Low3.12025-04-11CodeLit CourseLit before 0.57.5 allows Parameter Tampering via a payment plan associated with the wrong entity.

Connman · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32743Critical9.02025-04-10In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response.

Consumer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3329Low3.12025-04-07A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8.

Creativemindssolutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32210Medium6.52025-04-10Missing Authorization vulnerability in CreativeMindsSolutions CM Registration and Invitation Codes cm-invitation-codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Registration and Invitatio…

Crocoblock · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22279High7.52025-04-10Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetCompareWishlist jet-compare-wishlist allows PHP Local File Inclusion.This issue affects JetCompareWishli…

Croover.inc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31004Medium4.32025-04-09Missing Authorization vulnerability in Croover.inc Rich Table of Contents rich-table-of-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Table of Contents: from n/a through <= 1.4.0.

Cyberdigm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11071High8.82025-04-07Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, whi…

Czater · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32624High7.12025-04-09Missing Authorization vulnerability in czater Czater.pl – live chat i telefon czater allows Cross Site Request Forgery.This issue affects Czater.pl – live chat i telefon: from n/a through <= 1.0.5.

Dalziel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32480High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in dalziel Windows Live Writer windows-live-writer allows Stored XSS.This issue affects Windows Live Writer: from n/a through <= 0.1.

Danbwb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31378High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danbwb Oppso Unit Converter oppso-unit-converter allows Reflected XSS.This issue affects Oppso Unit Converter: from n/a through <= 1.1.1.

Dangrossman · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32563High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in dangrossman WP Calais Auto Tagger calais-auto-tagger allows Cross Site Request Forgery.This issue affects WP Calais Auto Tagger: from n/a through <= 2.0.

Debounce · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32580High7.12025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows Stored XSS.This issue affects DeBounce Email Validator: from n/a thr…

Detheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32260Medium5.32025-04-10Missing Authorization vulnerability in Detheme DethemeKit For Elementor dethemekit-for-elementor.This issue affects DethemeKit For Elementor: from n/a through <= 2.1.10.

Digitalzoomstudio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3431High7.52025-04-08The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsap_download' action.

Dimafreund · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32501High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in dimafreund Rentsyst rentsyst allows Stored XSS.This issue affects Rentsyst: from n/a through <= 2.0.92.

Doa · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31388High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in doa The World the-world allows Stored XSS.This issue affects The World: from n/a through <= 0.4.

Dolby_uk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31021High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dolby_uk Mobile Smart mobile-smart allows Reflected XSS.This issue affects Mobile Smart: from n/a through <= v1.3.16.

Eazyplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32542High8.82025-04-11Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager plugins-on-steroids allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eazy Plugin Manager: from n/a through <= 4.3.0.

Edamam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32555High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam seo-nutrition-and-print-for-recipes-by-edamam allows Stored XSS.This issue affects SEO, Nutrition and Print for Recipes by Edamam: fro…

Element-hq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32026Low3.82025-04-08Element Web is a Matrix web client built using the Matrix React SDK.

Elementor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32640Medium5.92025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Ally pojo-accessibility allows Stored XSS.This issue affects Ally: from n/a through <= 3.1.0.

Eliot Akira · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32492Medium5.92025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eliot Akira Admin Menu Post List admin-menu-post-list allows Stored XSS.This issue affects Admin Menu Post List: from n/a through <= 2.0…

Elpix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3432Medium6.42025-04-08The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-aawp-web' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.

Embeds For Youtube Plugin Support · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31008Medium5.92025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through <= 5.3…

Empik · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32568Critical9.82025-04-11Deserialization of Untrusted Data vulnerability in empik EmpikPlace for Woocommerce empik-for-woocommerce allows Object Injection.This issue affects EmpikPlace for Woocommerce: from n/a through <= 1.4.3.

Epeken · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32673High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in epeken Epeken All Kurir epeken-all-kurir allows Stored XSS.This issue affects Epeken All Kurir: from n/a through <= 2.0.6.

Eset, Spol. S R.o. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-118592025-04-07DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.

Essential Marketer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31038High8.82025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs essential-breadcrumbs allows Privilege Escalation.This issue affects Essential Breadcrumbs: from n/a through <= 1.1.1.

Exthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31040High8.12025-04-11Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Exthemes WP Food ordering and Restaurant Menu wp-food allows PHP Local File Inclusion.This issue affects WP Food order…

Eyale-vc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32199Medium6.52025-04-10Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyale-vc Contact Form Builder by vcita contact-form-with-a-meeting-scheduler-by-vcita allows DOM-Based XSS.This issue affects Contact For…

Fcj Venture Builder · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3405Medium4.32025-04-08A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27.

Feedify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13874High7.12025-04-10The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Felixker · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8243Medium6.32025-04-09The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads…

Flothemesplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32213Medium6.52025-04-10Missing Authorization vulnerability in flothemesplugins Flo Forms flo-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through <= 1.0.43.

Flowiseai · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29189High7.62025-04-09Flowise <= 2.2.3 is vulnerable to SQL Injection.

Foliovision · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32610High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in FolioVision Foliopress WYSIWYG foliopress-wysiwyg allows Cross Site Request Forgery.This issue affects Foliopress WYSIWYG: from n/a through <= 2.6.18.

Fooplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32139Medium5.92025-04-10Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooBox Image Lightbox foobox-image-lightbox.This issue affects FooBox Image Lightbox : from n/a through <= 2.7.33.

Foysal Imran · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32519High8.12025-04-11Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Foysal Imran IDonate idonate allows PHP Local File Inclusion.This issue affects IDonate: from n/a through <= 2.1.18.

Fraudlabspro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32659High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro for WooCommerce fraudlabs-pro-for-woocommerce allows Stored XSS.This issue affects FraudLabs Pro for WooCommerce: from n/a through <= 2.22.8.

Fromdoppler · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32667High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through <= 2.5.1.

Fusiondirectory · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32807Medium5.32025-04-11A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.

G5theme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32672High8.12025-04-11Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor ultimate-bootstrap-elements-for-elementor allows PHP Local File Incl…

Gdragon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3436Medium6.52025-04-08The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'order' and 'orderby' parameters in all versions up to, and including, 2.7 due to insufficient escaping on the user supplied param…

George Sexton · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32597High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in George Sexton WordPress Events Calendar Plugin – connectDaily connect-daily-web-calendar allows Cross-Site Scripting (XSS).This issue affects WordPress Events Calendar Plugin – connectDail…

Getcursor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32018High8.02025-04-08Cursor is a code editor built for programming with AI.

Go Standard Library · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22871Critical9.12025-04-08The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines.

Grade Us, Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32680Medium5.92025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Grade Us, Inc.

Graphicsmagick · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32460Medium4.02025-04-09GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.

Graylog · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30373Medium6.52025-04-07Graylog is a free and open log management platform.

Greenmoney · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2882Medium5.32025-04-08The GreenPay(tm) by Green.Money plugin for WordPress is vulnerable to Sensitive Information Exposure in versions between 3.0.0 and 3.0.9 through the publicly accessible phpinfo.php script.

Gtlwpdev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32547High8.22025-04-09Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP all-push-notification allows Blind SQL Injection.This issue affects All push notification for WP: from n/a through <= 1.5.3.

Guichaguri · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-320202025-04-08The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries.

Hakeemnala · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32577Critical9.82025-04-11Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-online allows PHP Local File Inclusion.This issue affects Build App Online: from…

Haproxy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32464Medium6.82025-04-09HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.

Hasthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2719Medium6.52025-04-10The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the…

Haxtheweb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32028Critical9.92025-04-08HAX CMS PHP allows you to manage your microsite universe with PHP backend.

Hedgedoc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32391Medium6.42025-04-10HedgeDoc is an open source, real-time, collaborative, markdown notes application.

Hewlett Packard Enterprise · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27081Medium6.82025-04-10A potential security vulnerability in HPE NonStop OSM Service Connection Suite could potentially be exploited to allow a local Denial of Service.

Hiren Patel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32645High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Hiren Patel Custom Posts Order custom-posts-order allows Stored XSS.This issue affects Custom Posts Order: from n/a through <= 4.4.

Hivedigital · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32543High7.12025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hivedigital Canonical Attachments canonical-attachments allows Reflected XSS.This issue affects Canonical Attachments: from n/a through <…

Hk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32603Critical9.32025-04-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats wp-online-users-stats allows Blind SQL Injection.This issue affects WP Online Users Stats: from n/a through <= 1…

Horvey · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29391High7.22025-04-09horvey Library-Manager v1.0 is vulnerable to SQL Injection in Admin/Controller/BookController.class.php.

Hossainawlad · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32518High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in hossainawlad ALD Login Page ald-login-page allows Stored XSS.This issue affects ALD Login Page: from n/a through <= 1.1.

Hossein · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31014High7.52025-04-11Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hossein Material Dashboard material-dashboard allows PHP Local File Inclusion.This issue affects Material Dashboard: f…

Hugh Mungus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27350High7.12025-04-10Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Vice Versa vice-versa allows Reflected XSS.This issue affects Vice Versa: from n/a through <= 2.2.3.

Huseyin Berberoglu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31028High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Huseyin Berberoglu WP Hide Categories wp-hide-categories allows Reflected XSS.This issue affects WP Hide Categories: from n/a through <=…

Icyleaf · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31400High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in icyleaf WS Audio Player ws-audio-player allows Stored XSS.This issue affects WS Audio Player: from n/a through <= 1.1.8.

Infosoftplugin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32541High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin WooCommerce Sales MIS Report woocommerce-mis-report allows Reflected XSS.This issue affects WooCommerce Sales MIS Report…

Instawp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2636High8.12025-04-11The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter.

Intelcaprep · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31385High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in intelcaprep Site Table of Contents site-table-of-contents allows Stored XSS.This issue affects Site Table of Contents: from n/a through <= 0.3.

Ip2location · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32644High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in IP2Location IP2Location World Clock ip2location-world-clock allows Stored XSS.This issue affects IP2Location World Clock: from n/a through <= 1.1.9.

Jaap Jansma · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32551High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace connector-civicrm-mcrestface allows Reflected XSS.This issue affects Connector to Ci…

Jalios · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0942High8.62025-04-07The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection.

Jan Boddez · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31009Medium5.42025-04-09Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks indieblocks allows Server Side Request Forgery.This issue affects IndieBlocks: from n/a through <= 0.13.1.

Jerryhanjj · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29390High8.82025-04-09jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the set_password function in application/controllers/home.php.

Jgehrcke · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13896Medium6.52025-04-10The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wp_geshi_filter_replace_code() function, which could lead to Regular Exp…

Joey-zhou · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3382Medium6.32025-04-07A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical.

John James Jacoby · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31524High8.82025-04-10Incorrect Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege Escalation.This issue affects WP User Profiles: from n/a through <= 2.6.2.

John Weissberg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32671High7.52025-04-11Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John Weissberg Print Science Designer print-science-designer allows Path Traversal.This issue affects Print Science Designer: from n/a through…

Joomsky · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32627High8.12025-04-11Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <=…

Jordi Salord · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32477High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Jordi Salord WP-Easy Menu wp-easy-menu allows Stored XSS.This issue affects WP-Easy Menu: from n/a through <= 0.41.

Jose Conti · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32503High7.12025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield link-shield allows Stored XSS.This issue affects Link Shield: from n/a through <= 0.5.4.

Josh Kohlbach · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32539High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Store Exporter woocommerce-exporter allows Reflected XSS.This issue affects Store Exporter: from n/a through <= 2.7.4.

Kailey (Trepmal) · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31394High7.12025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey (trepmal) More Mime Type Filters more-mime-type-filters allows Stored XSS.This issue affects More Mime Type Filters: from n/a thro…

Kaizencoders · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32632High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Automatic Ban IP automatic-ban-ip allows Reflected XSS.This issue affects Automatic Ban IP: from n/a through <= 1.0.7.

Kendysond · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10894Medium6.42025-04-10The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and including, 4.0.2 due to insufficient input sa…

Ketanajani · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32558High8.52025-04-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ketanajani Duplicate Title Checker duplicate-title-checker allows Blind SQL Injection.This issue affects Duplicate Title Checker: from n/…

Kevon Adonis · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32591High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows Cross Site Request Forgery.This issue affects WP Abstracts: from n/a through <= 2.7.5.

Keycaptcha · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32619High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in KeyCAPTCHA KeyCAPTCHA keycaptcha allows Stored XSS.This issue affects KeyCAPTCHA: from n/a through <= 2.5.1.

Koajs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32379Medium5.02025-04-09Koa is expressive middleware for Node.js using ES2017 async functions.

Labcat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32206Critical9.12025-04-10Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects processing-projects allows Upload a Web Shell to a Web Server.This issue affects Processing Projects: from n/a through <= 1.0.2.

Langflow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3248Critical9.8KEV2025-04-07Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint.

Lemmentwickler · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32502High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in lemmentwickler ePaper Lister for Yumpu magazine-lister-for-yumpu allows Stored XSS.This issue affects ePaper Lister for Yumpu: from n/a through <= 1.4.0.

Lenovo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11679Medium4.42025-04-11An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory.

Lenve · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3398Medium6.32025-04-08A vulnerability classified as critical was found in lenve VBlog up to 1.0.0.

Libbpf_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29481Medium6.22025-04-07Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf.

Lisandro Martinez · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31565Critical9.32025-04-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisandro Martinez WPSmartContracts wp-smart-contracts allows Blind SQL Injection.This issue affects WPSmartContracts: from n/a through <=…

Lucee · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55354High8.82025-04-08Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expected to be blocked and access resources th…

Maennchen1.de · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32164Medium6.52025-04-08Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in maennchen1.de m1.DownloadList m1downloadlist allows Retrieve Embedded Sensitive Data.This issue affects m1.DownloadList: from n/a through <= 0.24.

Mapgeo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32525High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MapGeo Interactive Geo Maps interactive-geo-maps allows Reflected XSS.This issue affects Interactive Geo Maps: from n/a through <= 1.6.24.

Mario Aguiar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32478High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Mario Aguiar WP SexyLightBox wp-sexylightbox allows Stored XSS.This issue affects WP SexyLightBox: from n/a through <= 0.5.3.

Mathieu Chartier · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32484High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WP-Planification wp-planification allows Stored XSS.This issue affects WP-Planification: from n/a through <= 2.3.1.

Mattermost · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24866Low2.72025-04-10Mattermost versions 9.11.x <= 9.11.8  fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Log…

Melapress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2876Medium5.32025-04-08The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0.

Melhorenvio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13820Medium5.32025-04-08The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.11 via the 'run' function, which uses a hardcoded hash.

Mergado · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32669High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack mergado-marketing-pack allows Stored XSS.This issue affects Mergado Pack: from n/a through <= 4.2.1.

Mestres Do Wp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32695Critical9.82025-04-09Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through <= 8.7.5.

Metabase · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-323822025-04-10Metabase is an open source Business Intelligence and Embedded Analytics tool.

Miunosoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32599High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miunosoft Task Scheduler task-scheduler allows Reflected XSS.This issue affects Task Scheduler: from n/a through <= 1.6.3.

Mlc-ai · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32381Medium6.52025-04-09XGrammar is an open-source library for efficient, flexible, and portable structured generation.

Mmetrodw · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31401High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through <= 1.0.0.

Mrcen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3393Low3.52025-04-08A vulnerability was found in mrcen springboot-ucan-admin up to 5f35162032cbe9288a04e429ef35301545143509.

Myworks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32524High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyWorks MyWorks WooCommerce Sync for QuickBooks Online myworks-woo-sync-for-quickbooks-online allows Reflected XSS.This issue affects MyW…

N-media · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31599Critical9.32025-04-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync sync-wc-google allows SQL Injection.This issue affects Bulk Product Sync: from n/a through <= 8.6.

Nababur · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3489Medium4.32025-04-10A vulnerability was found in Nababur Simple-User-Management-System 1.0.

Nakivo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32406High8.62025-04-08An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response.

Neoslab · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32633High8.62025-04-11Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in neoslab Database Toolset database-toolset allows Path Traversal.This issue affects Database Toolset: from n/a through <= 1.8.4.

Newsboard Plugin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31402High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard Plugin NewsBoard Post and RSS Scroller newsboard allows Stored XSS.This issue affects NewsBoard Post and RSS Scroller: from n/a through <= 1.2.12.

Nik00726 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25223Medium4.92025-04-08The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of suffi…

Nimbata · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32616High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in nimbata Nimbata Call Tracking nimbata-call-tracking allows Stored XSS.This issue affects Nimbata Call Tracking: from n/a through <= 1.7.4.

Ninotheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32481High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in ninotheme Nino Social Connect nino-social-connect allows Stored XSS.This issue affects Nino Social Connect: from n/a through <= 2.0.

Nirmal Kumar Ram · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32140Critical9.92025-04-10Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail wp-remote-thumbnail allows Upload a Web Shell to a Web Server.This issue affects WP Remote Thumbnail: from n/a through <= 1.3.2.

Odude · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32589High8.12025-04-11Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in odude Flexi – Guest Submit flexi allows PHP Local File Inclusion.This issue affects Flexi – Guest Submit: from n/a thr…

Oleglark · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32498High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in oleglark VKontakte Cross-Post vkontakte-cross-post allows Stored XSS.This issue affects VKontakte Cross-Post: from n/a through <= 0.3.2.

Opplus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3413Medium6.32025-04-08A vulnerability has been found in opplus springboot-admin up to a2d5310f44fd46780a8686456cf2f9001ab8f024 and classified as critical.

Oxygensuite · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32631High8.62025-04-11Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in oxygensuite Oxygen MyData for WooCommerce oxygen-mydata allows Path Traversal.This issue affects Oxygen MyData for WooCommerce: from n/a throug…

Oz Forensics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32367High8.62025-04-11The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference.

Pagopar - Grupo M S.a. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31032High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A.

Panasonic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1073High7.52025-04-10Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.

Payphone · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32523High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in payphone WooCommerce – Payphone Gateway wc-payphone-gateway allows Reflected XSS.This issue affects WooCommerce – Payphone Gateway: from…

Phil · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31012Medium5.32025-04-09Missing Authorization vulnerability in Phil Age Gate age-gate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Age Gate: from n/a through <= 3.5.4.

Pickupp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32587High8.12025-04-11Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pickupp WooCommerce Pickupp wc-pickupp allows PHP Local File Inclusion.This issue affects WooCommerce Pickupp: from n/a through <= 2.4.3.

Picture-planet Gmbh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32676High7.62025-04-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Blind SQL Injection.This issue affects Verowa Connect: from n/a through <= 3.0.5.

Pimcore · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30166Medium4.82025-04-08Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore.

Piotnetdotcom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32205Low2.72025-04-10Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms piotnetforms.This issue affects Piotnet Forms: from n/a through <= 1.0.30.

Plainware · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32623High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in plainware PlainInventory z-inventory-manager allows Stored XSS.This issue affects PlainInventory: from n/a through <= 3.1.9.

Powerdns · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30195High7.52025-04-07An attacker can publish a zone containing specific Resource Record Sets.

Programphases · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31379High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in programphases Insert HTML Here insert-html-here allows Reflected XSS.This issue affects Insert HTML Here: from n/a through <= 1.0.

Progress Software Corporation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1968High7.72025-04-09Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 1…

Propanetank · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2017-20197High7.32025-04-09A vulnerability was found in propanetank Roommate-Bill-Tracking up to 288437f658fc9ee7d4b92a9da12557024d8bc55c.

Purab · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31023High8.82025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags seo-meta-tags allows Cross Site Request Forgery.This issue affects Seo Meta Tags: from n/a through <= 1.4.

Quanganhdo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32482High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in quanganhdo Custom Smilies custom-smilies allows Stored XSS.This issue affects Custom Smilies: from n/a through <= 1.2.

Rachel Cherry · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32537High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry Lock Your Updates lock-your-updates allows Reflected XSS.This issue affects Lock Your Updates: from n/a through <= 1.1.

Radiustheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32656High8.12025-04-11Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This i…

Rafasashi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32612High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in rafasashi User Session Synchronizer user-session-synchronizer allows Stored XSS.This issue affects User Session Synchronizer: from n/a through <= 1.4.0.

Rameez Iqbal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32668High8.12025-04-10Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows PHP Local File Inclusion.This issue affects Real Estate Ma…

Rankology · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32491Critical9.82025-04-11Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This issue affects Rankology SEO – On-site SEO: from n/a through <= 2.2.4.

Ratta · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32409High8.12025-04-07Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of…

Realmag777 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32569Critical9.82025-04-11Deserialization of Untrusted Data vulnerability in RealMag777 TableOn posts-table-filterable allows Object Injection.This issue affects TableOn: from n/a through <= 1.0.4.3.

Regen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31391High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in regen Script Compressor script-compressor allows Stored XSS.This issue affects Script Compressor: from n/a through <= 1.7.1.

Remcohaszing · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-320142025-04-07estree-util-value-to-estree converts a JavaScript value to an ESTree expression.

Renrenio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3387Low3.52025-04-07A vulnerability classified as problematic has been found in renrenio renren-security up to 5.4.0.

Reve Chat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32559High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in REVE Chat REVE Chat revechat allows Stored XSS.This issue affects REVE Chat: from n/a through <= 6.4.4.

Robert Noakes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31017Medium6.52025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Noakes Nav Menu Manager noakes-menu-manager allows Stored XSS.This issue affects Nav Menu Manager: from n/a through <= 3.2.5.

Roninwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32663High8.12025-04-11Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Cooming Soon fat-coming-soon allows PHP Local File Inclusion.This issue affects FAT Cooming Soon: from n/a…

Rtakao · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31042Medium5.32025-04-09Missing Authorization vulnerability in rtakao Sandwich Adsense firsth3tagadsense allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sandwich Adsense: from n/a through <= 4.0.2.

Rustaurius · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32694Medium4.72025-04-09URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Phishing.This issue affects Ultimate WP Mail: from n/a through <= 1.3.10.

Sandeep Verma · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32536High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sandeep Verma HTML5 Video Player with Playlist html5-video-player-with-playlist allows Reflected XSS.This issue affects HTML5 Video Playe…

Sandor Kovacs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32556High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Simple Post Meta Manager simple-post-meta-manager allows Reflected XSS.This issue affects Simple Post Meta Manager: from n/a through <= 1.0.9.

Sap · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31332Medium6.62025-04-08Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause service downtime hence leading to a high i…

Scott Salisbury · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32483Medium5.92025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Salisbury Request Call Back request-call-back allows Stored XSS.This issue affects Request Call Back: from n/a through <= 1.4.1.

Seeyon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3402Medium6.32025-04-08A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical.

Senior-walter · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3383High7.32025-04-07A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0 and classified as critical.

Shahjada · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32279Medium4.32025-04-08Missing Authorization vulnerability in Shahjada Live Forms liveforms.This issue affects Live Forms: from n/a through <= 4.8.5.

Shameem Reza · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31392High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Shameem Reza Smart Product Gallery Slider smart-product-gallery-slider allows Cross Site Request Forgery.This issue affects Smart Product Gallery Slider: from n/a through <= 1.0.4.

Sharethis · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32282Medium4.32025-04-10Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics googleanalytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through <= 3.2.3.

Smartdevth · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3433Medium6.12025-04-08The Advanced Advertising System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1.

Sodena · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31383High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in sodena FrescoChat Live Chat flexytalk-widget allows Stored XSS.This issue affects FrescoChat Live Chat: from n/a through <= 3.2.6.

Softclever Limited · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32579Critical9.92025-04-11Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue affects Sync Posts: from n/a through <= 1.0.

Solwininfotech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32677High7.62025-04-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer social-stream-design allows Blind SQL Injection.This issue affects WP Social Stream Designer: fr…

Specia Theme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32212Medium6.52025-04-10Missing Authorization vulnerability in Specia Theme Specia Companion specia-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Specia Companion: from n/a through <= 6.3.

Spring · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22232Medium5.32025-04-10Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault.

Squiter · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32497High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in squiter Spoiler Block spoiler-block allows Stored XSS.This issue affects Spoiler Block: from n/a through <= 1.7.

Stringfold · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3417High8.82025-04-10The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5.

Studi7 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32116High7.12025-04-10Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studi7 QR Master qr-master allows Reflected XSS.This issue affects QR Master: from n/a through <= 1.0.5.

Sudavar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32500High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Sudavar Codescar Radio Widget codescar-radio-widget allows Stored XSS.This issue affects Codescar Radio Widget: from n/a through <= 0.4.2.

Syammohanm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3064High8.82025-04-08The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1.

The Qt Company · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-35122025-04-11There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter.

Themehunk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2568Medium5.32025-04-08The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayu_blocks_get_toggle_switch_values_callback' and '…

Themeum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32230Medium4.32025-04-10Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through <= 3.4.0.

Theode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31382High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in theode Language Field language-field allows Stored XSS.This issue affects Language Field: from n/a through <= 0.9.

Tianocore · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38797Medium4.62025-04-07EDK2 contains a vulnerability in the HashPeImageByType().

Tiki · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32461Critical9.92025-04-09wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval.

Tim · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32489Medium5.92025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Wetterwarner wetterwarner allows Stored XSS.This issue affects Wetterwarner: from n/a through <= 2.7.3.

Toast Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32243Medium6.52025-04-10Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser internal-link-finder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Internal Link Optimiser: from n/a through <= 5.1.2.

Totalprocessing · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32209Medium6.52025-04-10Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Path Traversal.This issue affects Nomupay Payment Proce…

Tournamatch · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32600High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tournamatch Tournamatch tournamatch allows Reflected XSS.This issue affects Tournamatch: from n/a through <= 4.7.0.
CVESeverityCVSSKEVPublishedSummary
CVE-2025-34422025-04-09This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware.
CVESeverityCVSSKEVPublishedSummary
CVE-2025-32107High8.02025-04-11OS command injection vulnerability exists in Deco BE65 Pro firmware versions prior to "Deco BE65 Pro(JP)_V1_1.1.2 Build 20250123".

Trusty Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32585High7.52025-04-11Path Traversal: '.../...//' vulnerability in Trusty Plugins Shop Products Filter trusty-woo-products-filter allows PHP Local File Inclusion.This issue affects Shop Products Filter: from n/a through <= 1.2.

Twispay · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32601High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twispay Twispay Credit Card Payments twispay allows Reflected XSS.This issue affects Twispay Credit Card Payments: from n/a through <= 2…

Umbraco · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32017High8.82025-04-08Umbraco is a free and open source .NET content management system.

Uncodethemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32496Critical9.62025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer ut-demo-importer allows Upload a Web Shell to a Web Server.This issue affects Ultra Demo Importer: from n/a through <= 1.0.5.

Uzair · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31005Medium4.32025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Uzair Easyfonts easyfonts allows Cross Site Request Forgery.This issue affects Easyfonts: from n/a through <= 1.1.2.

Vagonic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32236Medium4.32025-04-10Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic vagonic-sortable.This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable…

Vertim · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32565Critical9.32025-04-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vertim Neon Product Designer neon-product-designer-for-woocommerce allows SQL Injection.This issue affects Neon Product Designer: from n/…

Vfvalent · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31393High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in vfvalent Social Bookmarking RELOADED social-bookmarking-reloaded allows Stored XSS.This issue affects Social Bookmarking RELOADED: from n/a through <= 3.18.

Vibethemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32493Medium5.92025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes BP Social Connect bp-social-connect allows Stored XSS.This issue affects BP Social Connect: from n/a through <= 1.6.2.

Vikashsrivastava1111989 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2805High7.32025-04-10The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2.

Vitejs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-323952025-04-10Vite is a frontend tooling framework for javascript.

Vivotek · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3403Low2.72025-04-08A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101.

Vsourz Digital · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32621High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital WP Map Route Planner wp-map-route-planner allows Cross Site Request Forgery.This issue affects WP Map Route Planner: from n/a through <= 1.0.0.

Webinarpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32693Medium4.72025-04-09URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Phishing.This issue affects WebinarPress: from n/a through <= 1.33.28.

Webliberty · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31020Medium6.52025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler simple-spoiler allows Stored XSS.This issue affects Simple Spoiler: from n/a through <= 1.4.

Wladyslaw Madejczyk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31404High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk AF Tell a Friend af-tell-a-friend allows Stored XSS.This issue affects AF Tell a Friend: from n/a through <= 1.4.

Workbox · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32534High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Workbox Workbox Video from Vimeo & Youtube workbox-video-from-vimeo-youtube-plugin allows Reflected XSS.This issue affects Workbox Video…

Wp Guru · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32681High8.52025-04-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer error-log-viewer-wp allows Blind SQL Injection.This issue affects Error Log Viewer: from n/a through <= 1.0.5.

Wp Map Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32661High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive US Map interactive-us-map allows Stored XSS.This issue affects Interactive US Map: from n/a through <= 2.7.

Wp Messiah · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32228Medium4.32025-04-10Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Ai Imag…

Wp Shuffle · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32692High7.52025-04-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows PHP Local File Inclusion.This issue affects WP Subscript…

Wp Table Builder · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32598High7.12025-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Reflected XSS.This issue affects WP Table Builder: from n/a through <= 2.0.5.

Wpsolr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31036High8.82025-04-09Cross-Site Request Forgery (CSRF) vulnerability in WPSOLR WPSolr wpsolr-free allows Privilege Escalation.This issue affects WPSolr: from n/a through <= 24.0.

Wpvsingh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32240Medium6.52025-04-10Missing Authorization vulnerability in wpvsingh Site Notify site-notify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Notify: from n/a through <= 1.0.

Wpwax · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32499Medium6.52025-04-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Logo Showcase Ultimate logo-showcase-ultimate allows PHP Local File Inclusion.This issue affects Logo Showcase U…

Wpzita · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2575Medium6.42025-04-11The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping.

Xmlsoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32414Medium5.62025-04-08In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value.

Xxyopen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3369Medium6.32025-04-07A vulnerability was found in xxyopen Novel-Plus 5.1.0.

Yaycommerce · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3434High7.22025-04-11The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping.

Ydesignservices · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32617High7.12025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Ydesignservices Multiple Location Google Map multiple-location-google-map allows Stored XSS.This issue affects Multiple Location Google Map: from n/a through <= 1.1.

Zealopensource · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2883Medium5.32025-04-08The Accept SagePay Payments Using Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 through the publicly accessible phpinfo.php script.

Zealousweb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32679Medium5.42025-04-09Cross-Site Request Forgery (CSRF) vulnerability in ZealousWeb User Registration Using Contact Form 7 user-registration-using-contact-form-7 allows Cross Site Request Forgery.This issue affects User Registration Using Contact Form 7: from n…

Zhangyanbo2007 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3381Medium6.32025-04-07A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0.

آریا وردپرس · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32488Medium5.92025-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in آریا وردپرس Aria Font aria-font allows Stored XSS.This issue affects Aria Font: from n/a through <= 1.4.