US-CERT Vulnerability Summary for the Week of March 31, 2025
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Aboobacker.–AB Google Map Travel | Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel allows Cross Site Request Forgery. This issue affects AB Google Map Travel : from n/a through 4.6. | 2025-03-31 | 7.1 | CVE-2025-31613 |
| acme.sh project–acme.sh | The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks “persist-credentials: false” for actions/checkout. | 2025-04-04 | 8.7 | CVE-2025-32111 |
| adamskaat–Countdown & Clock | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. This issue affects Countdown & Clock: from n/a through 2.8.8. | 2025-04-01 | 9.9 | CVE-2025-30841 |
| adamskaat–Countdown, Coming Soon, Maintenance Countdown & Clock | The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function. This makes it possible for unauthenticated attackers to include and execute files with the specific filenames on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in some cases. | 2025-04-04 | 8.1 | CVE-2025-2270 |
| AdminGeekZ–Varnish WordPress | Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish WordPress allows Cross Site Request Forgery. This issue affects Varnish WordPress: from n/a through 1.7. | 2025-03-31 | 7.1 | CVE-2025-31616 |
| Ads by WPQuads–Ads by WPQuads | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ads by WPQuads Ads by WPQuads allows SQL Injection. This issue affects Ads by WPQuads: from n/a through 2.0.87.1. | 2025-04-01 | 9.3 | CVE-2025-30876 |
| Ads by WPQuads–Ads by WPQuads | Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ads by WPQuads: from n/a through 2.0.87.1. | 2025-03-31 | 7.5 | CVE-2025-30855 |
| ageerle–ruoyi-ai | A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.java of the component API Interface. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.2 is able to address this issue. The name of the patch is c0daf641fb25b244591b7a6c3affa35c69d321fe. It is recommended to upgrade the affected component. | 2025-04-04 | 7.3 | CVE-2025-3199 |
| ageerle–ruoyi-ai | A vulnerability classified as critical has been found in ageerle ruoyi-ai up to 2.0.0. Affected is an unknown function of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysNoticeController.java. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 6382e177bf90cc56ff70521842409e35c50df32d. It is recommended to upgrade the affected component. | 2025-04-04 | 7.3 | CVE-2025-3202 |
| aitool–Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Blind SQL Injection. This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.7. | 2025-04-01 | 8.5 | CVE-2025-31564 |
| aiven–aiven-extras | aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and ensure they run the latest version issuing ALTER EXTENSION aiven_extras UPDATE TO ‘1.1.16’ after installing it. This needs to happen in each database aiven_extras has been installed in. | 2025-04-04 | 9.1 | CVE-2025-31480 |
| Alex Prokopenko / JustCoded–Just Post Preview Widget | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Alex Prokopenko / JustCoded Just Post Preview Widget allows PHP Local File Inclusion. This issue affects Just Post Preview Widget: from n/a through 1.1.1. | 2025-04-04 | 7.5 | CVE-2025-32156 |
| AMD–AMD Ryzen AI Software | Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of integrity or availability. | 2025-04-02 | 7.3 | CVE-2024-36328 |
| AMD–AMD Ryzen AI Software | Integer overflow within the AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to a loss of confidentiality, integrity, or availability. | 2025-04-02 | 7.9 | CVE-2024-36336 |
| AMD–AMD Ryzen AI Software | Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of confidentiality, integrity or availability. | 2025-04-02 | 7.9 | CVE-2024-36337 |
| AMD–AMD Ryzen AI Software | Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 2025-04-02 | 7.3 | CVE-2025-0014 |
| Angelo Mandato–Blubrry PowerPress Podcasting plugin MultiSite add-on | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Angelo Mandato Blubrry PowerPress Podcasting plugin MultiSite add-on allows Reflected XSS. This issue affects Blubrry PowerPress Podcasting plugin MultiSite add-on: from n/a through 0.1.1. | 2025-04-03 | 7.1 | CVE-2025-31436 |
| Anzar Ahmed–Ni WooCommerce Product Enquiry | Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ni WooCommerce Product Enquiry: from n/a through 4.1.8. | 2025-04-01 | 7.5 | CVE-2025-31580 |
| Aphotrax–Uptime Robot Plugin for WordPress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows SQL Injection. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3. | 2025-03-31 | 8.5 | CVE-2025-31547 |
| api-platform–core | API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22. | 2025-04-03 | 7.5 | CVE-2025-31481 |
| api-platform–core | API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe() method is meant to prevent the caching but the parent::normalize method that is called afterwards still creates the cache key and causes the issue. This vulnerability is fixed in 4.0.22. | 2025-04-03 | 7.5 | CVE-2025-31485 |
| apple — ipados | This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox. | 2025-03-31 | 9.8 | CVE-2025-24178 |
| apple — ipados | A buffer overflow was addressed with improved bounds checking. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination. | 2025-03-31 | 9.8 | CVE-2025-24237 |
| apple — ipados | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain elevated privileges. | 2025-03-31 | 9.8 | CVE-2025-24238 |
| apple — ipados | A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app. | 2025-03-31 | 9.8 | CVE-2025-30465 |
| apple — ipados | This issue was addressed with improved handling of symlinks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to delete files for which it does not have permission. | 2025-03-31 | 9.8 | CVE-2025-31182 |
| apple — ipados | The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. | 2025-03-31 | 9.8 | CVE-2025-31183 |
| apple — ipados | This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox. | 2025-03-31 | 7.8 | CVE-2025-24173 |
| apple — ipados | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted file may lead to arbitrary code execution. | 2025-03-31 | 7.8 | CVE-2025-24243 |
| apple — ipados | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges. | 2025-03-31 | 7.8 | CVE-2025-30456 |
| apple — ipados | A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote user may be able to cause a denial-of-service. | 2025-03-31 | 7.5 | CVE-2025-30471 |
| apple — macos | This issue was addressed with improved handling of executable types. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious JAR file may bypass Gatekeeper checks. | 2025-03-31 | 9.8 | CVE-2025-24148 |
| apple — macos | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. “Block All Remote Content” may not apply for all mail previews. | 2025-03-31 | 9.8 | CVE-2025-24172 |
| apple — macos | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data. | 2025-03-31 | 9.8 | CVE-2025-24204 |
| apple — macos | A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to trick a user into copying sensitive data to the pasteboard. | 2025-03-31 | 9.8 | CVE-2025-24241 |
| apple — macos | This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user’s saved passwords. | 2025-03-31 | 9.8 | CVE-2025-24245 |
| apple — macos | A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data. | 2025-03-31 | 9.8 | CVE-2025-24263 |
| apple — macos | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination. | 2025-03-31 | 9.8 | CVE-2025-24265 |
| apple — macos | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination. | 2025-03-31 | 9.8 | CVE-2025-24266 |
| apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to cause unexpected system termination. | 2025-03-31 | 9.8 | CVE-2025-24269 |
| apple — macos | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to create symlinks to protected regions of the disk. | 2025-03-31 | 9.8 | CVE-2025-30457 |
| apple — macos | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read files outside of its sandbox. | 2025-03-31 | 9.8 | CVE-2025-30458 |
| apple — macos | An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data. | 2025-03-31 | 9.8 | CVE-2025-30461 |
| apple — macos | A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Apps that appear to use App Sandbox may be able to launch without restrictions. | 2025-03-31 | 9.8 | CVE-2025-30462 |
| apple — macos | An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A Shortcut may run with admin privileges without authentication. | 2025-03-31 | 9.8 | CVE-2025-31194 |
| apple — macos | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An app may be able to access sensitive user data. | 2025-03-31 | 7 | CVE-2024-54533 |
| apple — macos | A logic issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An app may be able to gain root privileges. | 2025-03-31 | 7.8 | CVE-2025-24170 |
| apple — macos | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges. | 2025-03-31 | 7.8 | CVE-2025-24267 |
| apple — macos | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges. | 2025-03-31 | 7.8 | CVE-2025-24277 |
| apple — macos | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory. | 2025-03-31 | 7.4 | CVE-2025-30437 |
| apple — macos | A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data. | 2025-03-31 | 7.4 | CVE-2025-30460 |
| apple — macos | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory. | 2025-03-31 | 7.8 | CVE-2025-30464 |
| apple — safari | This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A download’s origin may be incorrectly associated. | 2025-03-31 | 9.8 | CVE-2025-24167 |
| apple — safari | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. | 2025-03-31 | 9.8 | CVE-2025-24264 |
| Apple–iOS and iPadOS | This issue was addressed through improved state management. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Password autofill may fill in passwords after failing authentication. | 2025-03-31 | 9.8 | CVE-2025-30430 |
| Apple–iOS and iPadOS | This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app. | 2025-03-31 | 9.8 | CVE-2025-30433 |
| Apple–iOS and iPadOS | The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix. | 2025-03-31 | 8.1 | CVE-2025-24180 |
| Apple–iOS and iPadOS | This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass Privacy preferences. | 2025-03-31 | 7.6 | CVE-2025-24095 |
| Apple–iOS and iPadOS | This issue was addressed with improved data access restriction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Sensitive keychain data may be accessible from an iOS backup. | 2025-03-31 | 7.5 | CVE-2025-24221 |
| Apple–iOS and iPadOS | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to cause unexpected system termination or write kernel memory. | 2025-03-31 | 7.1 | CVE-2025-24257 |
| Apple–macOS | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data. | 2025-03-31 | 9.8 | CVE-2025-24181 |
| Apple–macOS | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A user may be able to elevate privileges. | 2025-03-31 | 9.8 | CVE-2025-24195 |
| Apple–macOS | A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with user privileges may be able to read kernel memory. | 2025-03-31 | 9.8 | CVE-2025-24196 |
| Apple–macOS | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to enable iCloud storage features without user consent. | 2025-03-31 | 9.8 | CVE-2025-24207 |
| Apple–macOS | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system. | 2025-03-31 | 9.8 | CVE-2025-24231 |
| Apple–macOS | This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access arbitrary files. | 2025-03-31 | 9.8 | CVE-2025-24232 |
| Apple–macOS | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to read or write to protected files. | 2025-03-31 | 9.8 | CVE-2025-24233 |
| Apple–macOS | An injection issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data. | 2025-03-31 | 9.8 | CVE-2025-24246 |
| Apple–macOS | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker may be able to cause unexpected app termination. | 2025-03-31 | 9.8 | CVE-2025-24247 |
| Apple–macOS | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to check the existence of an arbitrary path on the file system. | 2025-03-31 | 9.8 | CVE-2025-24249 |
| Apple–macOS | This issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app acting as a HTTPS proxy could get access to sensitive user data. | 2025-03-31 | 9.8 | CVE-2025-24250 |
| Apple–macOS | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data. | 2025-03-31 | 9.8 | CVE-2025-24253 |
| Apple–macOS | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to disclose kernel memory. | 2025-03-31 | 9.8 | CVE-2025-24256 |
| Apple–macOS | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to retrieve Safari bookmarks without an entitlement check. | 2025-03-31 | 9.8 | CVE-2025-24259 |
| Apple–macOS | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker in a privileged position may be able to perform a denial-of-service. | 2025-03-31 | 9.8 | CVE-2025-24260 |
| Apple–macOS | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory. | 2025-03-31 | 9.8 | CVE-2025-24273 |
| Apple–macOS | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Deleting a conversation in Messages may expose user contact information in system logging. | 2025-03-31 | 9.8 | CVE-2025-30424 |
| Apple–macOS | A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Mounting a maliciously crafted SMB network share may lead to system termination. | 2025-03-31 | 9.8 | CVE-2025-30444 |
| Apple–macOS | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An input validation issue was addressed. | 2025-03-31 | 9.8 | CVE-2025-30452 |
| Apple–macOS | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A user may be able to elevate privileges. | 2025-03-31 | 8.8 | CVE-2025-24254 |
| Apple–macOS | A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox. | 2025-03-31 | 8.4 | CVE-2025-24255 |
| Apple–macOS | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to execute arbitrary code with kernel privileges. | 2025-03-31 | 7.8 | CVE-2025-24228 |
| Apple–macOS | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A sandboxed app may be able to access sensitive user data. | 2025-03-31 | 7.4 | CVE-2025-24229 |
| Apple–macOS | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to gain root privileges. | 2025-03-31 | 7.8 | CVE-2025-24234 |
| Apple–macOS | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges. | 2025-03-31 | 7.8 | CVE-2025-30449 |
| Apple–tvOS | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory. | 2025-03-31 | 9.8 | CVE-2025-24190 |
| Apple–tvOS | This issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory. | 2025-03-31 | 9.8 | CVE-2025-24211 |
| Apple–tvOS | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Playing a malicious audio file may lead to an unexpected app termination. | 2025-03-31 | 9.8 | CVE-2025-24230 |
| Apple–tvOS | This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to enumerate a user’s installed apps. | 2025-03-31 | 9.8 | CVE-2025-30426 |
| Apple–tvOS | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash. | 2025-03-31 | 7 | CVE-2025-24209 |
| Apple–tvOS | This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A type confusion issue could lead to memory corruption. | 2025-03-31 | 7.8 | CVE-2025-24213 |
| appsbd–Vitepos | Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.4. | 2025-04-01 | 8.8 | CVE-2025-22277 |
| ApusThemes–WP RealEstate | The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the ‘process_register’ function. This makes it possible for unauthenticated attackers to register an account with the Administrator role. | 2025-04-01 | 9.8 | CVE-2025-2237 |
| Ashish Ajani–Contact Form vCard Generator | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ashish Ajani Contact Form vCard Generator allows Stored XSS. This issue affects Contact Form vCard Generator: from n/a through 2.4. | 2025-04-03 | 7.1 | CVE-2025-31582 |
| Ashish Ajani–WP Copy Media URL | Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Copy Media URL allows Stored XSS. This issue affects WP Copy Media URL: from n/a through 2.1. | 2025-03-31 | 7.1 | CVE-2025-31583 |
| ATL Software SRL–AEC Kiosque | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ATL Software SRL AEC Kiosque allows Reflected XSS. This issue affects AEC Kiosque: from n/a through 1.9.3. | 2025-04-01 | 7.1 | CVE-2025-30902 |
| Autodesk–Navisworks Freedom | A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-04-01 | 7.8 | CVE-2025-1658 |
| Autodesk–Navisworks Freedom | A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-04-01 | 7.8 | CVE-2025-1659 |
| Autodesk–Navisworks Freedom | A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | 2025-04-01 | 7.8 | CVE-2025-1660 |
| Aviplugins–Videos | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5. | 2025-04-04 | 7.1 | CVE-2025-31384 |
| aweos–Email Notifications for Updates | The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-04-05 | 8.8 | CVE-2025-2933 |
| awesomesupport–Awesome Support WordPress HelpDesk & Support Plugin | The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.3.1 via the ‘awesome-support’ directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/awesome-support directory which can contain file attachments included in support tickets. The vulnerability was partially patched in version 6.3.1. | 2025-04-01 | 7.5 | CVE-2024-13567 |
| AwesomeTOGI–Awesome Event Booking | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AwesomeTOGI Awesome Event Booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through 2.8.4. | 2025-04-04 | 7.1 | CVE-2025-31416 |
| Ays Pro–Quiz Maker | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ays Pro Quiz Maker allows SQL Injection. This issue affects Quiz Maker: from n/a through 6.6.8.7. | 2025-04-01 | 8.2 | CVE-2025-30774 |
| Ays Pro–Secure Copy Content Protection and Content Locking | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.4.3. | 2025-04-01 | 7.1 | CVE-2025-30905 |
| Bastien Ho–Accounting for WooCommerce | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Bastien Ho Accounting for WooCommerce allows PHP Local File Inclusion. This issue affects Accounting for WooCommerce: from n/a through 1.6.8. | 2025-03-31 | 7.5 | CVE-2025-30835 |
| beego–beego | Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego’s RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims’ browsers, potentially leading to session hijacking, credential theft, or account takeover. The vulnerability affects any application using Beego’s RenderForm() function with user-provided data. Since it is a high-level function generating an entire form markup, many developers would assume it automatically escapes attributes (the way most frameworks do). This vulnerability is fixed in 2.3.6. | 2025-03-31 | 9.3 | CVE-2025-30223 |
| bentoml–BentoML | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. It exists an unsafe code segment in serde.py. This vulnerability is fixed in 1.4.3. | 2025-04-04 | 9.8 | CVE-2025-27520 |
| bigdrop.gr–Greek Multi Tool Fix peralinks, accents, auto create menus and more | Missing Authorization vulnerability in bigdrop.gr Greek Multi Tool – Fix peralinks, accents, auto create menus and more allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Greek Multi Tool – Fix peralinks, accents, auto create menus and more: from n/a through 2.3.1. | 2025-04-01 | 7.5 | CVE-2025-30797 |
| Bit Apps–Bit Assist | Path Traversal vulnerability in Bit Apps Bit Assist allows Path Traversal. This issue affects Bit Assist: from n/a through 1.5.4. | 2025-04-01 | 7.5 | CVE-2025-30834 |
| Bob–Hostel | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bob Hostel allows Reflected XSS. This issue affects Hostel: from n/a through 1.1.5. | 2025-04-01 | 7.1 | CVE-2025-30848 |
| Bob–Watu Quiz | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bob Watu Quiz allows Reflected XSS. This issue affects Watu Quiz: from n/a through 3.4.2. | 2025-04-01 | 7.1 | CVE-2025-30844 |
| Canon Inc.–Generic Plus PCL6 Printer Driver | Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver | 2025-03-31 | 9.4 | CVE-2025-1268 |
| canonical–get-workflow-version-action | canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUB_TOKEN. If the full token is included in the exception output, GitHub will automatically redact the secret from the GitHub Actions logs. However, the token may be truncated-causing part of the GITHUB_TOKEN to be displayed in plaintext in the GitHub Actions logs. Anyone with read access to the GitHub repository can view GitHub Actions logs. For public repositories, anyone can view the GitHub Actions logs. The opportunity to exploit this vulnerability is limited-the GITHUB_TOKEN is automatically revoked when the job completes. However, there is an opportunity for an attack in the time between the GITHUB_TOKEN being displayed in the logs and the completion of the job. Users using the github-token input are impacted. This vulnerability is fixed in 1.0.1. | 2025-04-02 | 8.2 | CVE-2025-31479 |
| Catch Themes–Catch Dark Mode | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Catch Themes Catch Dark Mode allows PHP Local File Inclusion. This issue affects Catch Dark Mode: from n/a through 1.2.1. | 2025-04-04 | 7.5 | CVE-2025-32154 |
| Cisco–Cisco Enterprise Chat and Email | A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover. | 2025-04-02 | 7.5 | CVE-2025-20139 |
| Cisco–Cisco Meraki MX Firmware | A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device. This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this vulnerability by supplying crafted attributes while establishing an SSL VPN session with an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN sessions and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers without manual intervention. | 2025-04-02 | 7.7 | CVE-2025-20212 |
| click5–History Log by click5 | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in click5 History Log by click5 allows SQL Injection. This issue affects History Log by click5: from n/a through 1.0.13. | 2025-04-01 | 9.3 | CVE-2025-31531 |
| cmsMinds–Pay with Contact Form 7 | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in cmsMinds Pay with Contact Form 7 allows SQL Injection. This issue affects Pay with Contact Form 7: from n/a through 1.0.4. | 2025-04-04 | 7.6 | CVE-2025-32126 |
| code-projects–Blood Bank Management System | A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /don.php. The manipulation of the argument fullname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-06 | 7.3 | CVE-2025-3306 |
| code-projects–Blood Bank Management System | A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-06 | 7.3 | CVE-2025-3307 |
| code-projects–Blood Bank Management System | A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /viewrequest.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-06 | 7.3 | CVE-2025-3308 |
| code-projects–Blood Bank Management System | A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/campsdetails.php. The manipulation of the argument hospital leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-06 | 7.3 | CVE-2025-3309 |
| code-projects–Blood Bank Management System | A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the file /admin/delete.php. The manipulation of the argument Search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-06 | 7.3 | CVE-2025-3310 |
| Coffee Code Tech–Plugin Oficial Getnet para WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Coffee Code Tech Plugin Oficial – Getnet para WooCommerce allows Reflected XSS. This issue affects Plugin Oficial – Getnet para WooCommerce: from n/a through 1.7.3. | 2025-04-01 | 7.1 | CVE-2025-30906 |
| contempoinc–Real Estate 7 WordPress | The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the ‘template-submit-listing.php’ file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible if front-end listing submission has been enabled. | 2025-04-01 | 8.8 | CVE-2025-2891 |
| coothemes–Easy WP Optimizer | Missing Authorization vulnerability in coothemes Easy WP Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy WP Optimizer: from n/a through 1.1.0. | 2025-04-04 | 8.8 | CVE-2025-32147 |
| cozyvision1–SMS Alert Order Notifications WooCommerce | The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code “1234” and authenticate as any user, including administrators. | 2025-04-01 | 9.8 | CVE-2024-13553 |
| CreativeMindsSolutions–CM Download Manager | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in CreativeMindsSolutions CM Download Manager allows Path Traversal. This issue affects CM Download Manager: from n/a through 2.9.6. | 2025-04-01 | 8.6 | CVE-2025-30910 |
| Cristiano Zanca–WooCommerce Fattureincloud | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Cristiano Zanca WooCommerce Fattureincloud allows Reflected XSS. This issue affects WooCommerce Fattureincloud: from n/a through 2.6.7. | 2025-04-01 | 7.1 | CVE-2025-30837 |
| Crocoblock–JetWooBuilder | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Crocoblock JetWooBuilder allows PHP Local File Inclusion.This issue affects JetWooBuilder: from n/a through 2.1.18. | 2025-03-31 | 7.5 | CVE-2025-31016 |
| crosstec–Breezing Forms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in crosstec Breezing Forms allows Reflected XSS. This issue affects Breezing Forms: from n/a through 1.2.8.11. | 2025-04-01 | 7.1 | CVE-2025-30520 |
| CrushFTP–CrushFTP | CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka “Unauthenticated HTTP(S) port access.” A race condition exists in the AWS4-HMAC (compatible with S3) authorization method of the HTTP component of the FTP server. The server first verifies the existence of the user by performing a call to login_user_pass() with no password requirement. This will authenticate the session through the HMAC verification process and up until the server checks for user verification once more. The vulnerability can be further stabilized, eliminating the need for successfully triggering a race condition, by sending a mangled AWS4-HMAC header. By providing only the username and a following slash (/), the server will successfully find a username, which triggers the successful anypass authentication process, but the server will fail to find the expected SignedHeaders entry, resulting in an index-out-of-bounds error that stops the code from reaching the session cleanup. Together, these issues make it trivial to authenticate as any known or guessable user (e.g., crushadmin), and can lead to a full compromise of the system by obtaining an administrative account. | 2025-04-03 | 9.8 | CVE-2025-31161 |
| Cynob IT Consultancy–The Logo Slider | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Cynob IT Consultancy The Logo Slider allows Reflected XSS. This issue affects The Logo Slider: from n/a through 1.0.0. | 2025-04-01 | 7.1 | CVE-2025-31571 |
| Daisycon–Daisycon prijsvergelijkers | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Daisycon Daisycon prijsvergelijkers allows SQL Injection. This issue affects Daisycon prijsvergelijkers: from n/a through 4.8.4. | 2025-04-04 | 8.5 | CVE-2025-32148 |
| David Tufts–WP Cards | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in David Tufts WP Cards allows Reflected XSS. This issue affects WP Cards: from n/a through 1.5.1. | 2025-04-01 | 7.1 | CVE-2025-30547 |
| davidfcarr–RSVPMarker | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in davidfcarr RSVPMarker allows SQL Injection. This issue affects RSVPMarker : from n/a through 11.4.8. | 2025-04-01 | 9.3 | CVE-2025-31552 |
| debounce–DeBounce Email Validator | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in debounce DeBounce Email Validator allows PHP Local File Inclusion. This issue affects DeBounce Email Validator: from n/a through 5.7. | 2025-04-03 | 7.5 | CVE-2025-31098 |
| Dell–DD OS 8.3 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. | 2025-04-03 | 8.8 | CVE-2025-29987 |
| Dell–Wyse Management Suite | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | 2025-04-02 | 7.5 | CVE-2025-29981 |
| Digihood–Digihood HTML Sitemap | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Digihood Digihood HTML Sitemap allows Reflected XSS. This issue affects Digihood HTML Sitemap: from n/a through 3.1.1. | 2025-04-03 | 7.1 | CVE-2025-31901 |
| Digital China–DCME-520 | A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320. This issue affects some unknown processing of the file /usr/local/WWW/function/audit/newstatistics/mon_merge_stat_hist.php. The manipulation of the argument type_name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-03-31 | 7.3 | CVE-2025-3002 |
| Dimitri Grassi–Salon booking system | Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system allows Privilege Escalation. This issue affects Salon booking system: from n/a through 10.11. | 2025-04-01 | 7.2 | CVE-2025-31560 |
| Drupal–AI (Artificial Intelligence) | Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5. | 2025-03-31 | 7.5 | CVE-2025-31692 |
| Drupal–Drupal core | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. | 2025-03-31 | 7.5 | CVE-2025-31674 |
| edmonparker–Read More & Accordion | The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.5. This is due to missing or incorrect nonce validation on the addNewButtons() function. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-04-05 | 7.5 | CVE-2025-0810 |
| Elaborate Bytes AG–Virtual CloneDrive | The kernel driver, accessible to low-privileged users, exposes a function that fails to properly validate the privileges of the calling process. This allows creating files at arbitrary locations with full user control, ultimately allowing for privilege escalation to SYSTEM. | 2025-04-04 | 7.8 | CVE-2025-1865 |
| eleopard–Behance Portfolio Manager | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in eleopard Behance Portfolio Manager allows SQL Injection. This issue affects Behance Portfolio Manager: from n/a through 1.7.4. | 2025-03-31 | 8.5 | CVE-2025-31526 |
| eleopard–Behance Portfolio Manager | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in eleopard Behance Portfolio Manager allows Blind SQL Injection. This issue affects Behance Portfolio Manager: from n/a through 1.7.4. | 2025-04-04 | 7.6 | CVE-2025-32124 |
| emotionalonlinestorytelling–Oracle Cards Lite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in emotionalonlinestorytelling Oracle Cards Lite allows Reflected XSS. This issue affects Oracle Cards Lite: from n/a through 1.2.1. | 2025-04-01 | 7.1 | CVE-2025-30852 |
| enituretechnology–Small Package Quotes Worldwide Express Edition | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows Reflected XSS. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.18. | 2025-04-01 | 7.1 | CVE-2025-31078 |
| EPC–ez Form Calculator – WordPress plugin | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in EPC ez Form Calculator – WordPress plugin allows Reflected XSS.This issue affects ez Form Calculator – WordPress plugin: from n/a through 2.14.1.2. | 2025-04-04 | 7.1 | CVE-2025-22282 |
| Erick Danzer–Easy Query WP Query Builder | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Erick Danzer Easy Query – WP Query Builder allows Blind SQL Injection. This issue affects Easy Query – WP Query Builder: from n/a through 2.0.4. | 2025-04-04 | 7.6 | CVE-2025-32120 |
| Essential Plugins by WP OnlineSupport–Slider a SlidersPack | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Essential Plugins by WP OnlineSupport Slider a SlidersPack allows PHP Local File Inclusion. This issue affects Slider a SlidersPack: from n/a through 2.3. | 2025-04-04 | 7.5 | CVE-2025-32152 |
| EXEIdeas International–WP AutoKeyword | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in EXEIdeas International WP AutoKeyword allows SQL Injection. This issue affects WP AutoKeyword: from n/a through 1.0. | 2025-04-01 | 9.3 | CVE-2025-31579 |
| Fahad Mahmood–Order Splitter for WooCommerce | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Fahad Mahmood Order Splitter for WooCommerce allows SQL Injection. This issue affects Order Splitter for WooCommerce: from n/a through 5.3.0. | 2025-04-01 | 8.5 | CVE-2025-31089 |
| Favethemes–Homey | Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1. | 2025-04-04 | 9.8 | CVE-2024-51800 |
| Fortinet–FortiSIEM | A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements | 2025-04-02 | 9.9 | CVE-2023-40714 |
| g5theme–Essential Real Estate | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.0. | 2025-04-01 | 8.1 | CVE-2025-30849 |
| Gagan Deep Singh–PostmarkApp Email Integrator | Cross-Site Request Forgery (CSRF) vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Cross Site Request Forgery. This issue affects PostmarkApp Email Integrator: from n/a through 2.4. | 2025-03-31 | 7.1 | CVE-2025-31617 |
| Gladinet–CentreStack | Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal’s hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config. | 2025-04-03 | 9 | CVE-2025-30406 |
| glenwpcoder–Drag and Drop Multiple File Upload for WooCommerce | The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file[] parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). | 2025-04-05 | 9.8 | CVE-2025-2941 |
| Google–Chrome | Use after free in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-04-02 | 8.8 | CVE-2025-3066 |
| Google–Chrome | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium) | 2025-04-02 | 8.8 | CVE-2025-3067 |
| Google–Chrome | Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | 2025-04-02 | 8.8 | CVE-2025-3068 |
| Google–Chrome | Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | 2025-04-02 | 8.8 | CVE-2025-3069 |
| Haozhe Xie–Google Font Fix | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Haozhe Xie Google Font Fix allows Reflected XSS. This issue affects Google Font Fix: from n/a through 2.3.1. | 2025-04-01 | 7.1 | CVE-2025-30614 |
| ho3einie–Material Dashboard | Authentication Bypass Using an Alternate Path or Channel vulnerability in ho3einie Material Dashboard allows Authentication Bypass. This issue affects Material Dashboard: from n/a through 1.4.5. | 2025-04-01 | 9.8 | CVE-2025-31095 |
| ho3einie–Material Dashboard | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ho3einie Material Dashboard allows PHP Local File Inclusion. This issue affects Material Dashboard: from n/a through 1.4.5. | 2025-04-01 | 8.1 | CVE-2025-31097 |
| Inaba Denki Sangyo Co., Ltd.–CHOCO TEI WATCHER mini (IB-MCT001) | Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login. | 2025-03-31 | 9.8 | CVE-2025-25211 |
| Inaba Denki Sangyo Co., Ltd.–CHOCO TEI WATCHER mini (IB-MCT001) | Direct request (‘Forced Browsing’) issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered. | 2025-03-31 | 9.8 | CVE-2025-26689 |
| Inaba Denki Sangyo Co., Ltd.–CHOCO TEI WATCHER mini (IB-MCT001) | Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication. | 2025-03-31 | 7.5 | CVE-2025-24517 |
| InfornWeb–News & Blog Designer Pack | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in InfornWeb News & Blog Designer Pack allows PHP Local File Inclusion. This issue affects News & Blog Designer Pack: from n/a through 4.0. | 2025-04-01 | 8.1 | CVE-2025-31082 |
| Infoway LLC–Ebook Downloader | Cross-Site Request Forgery (CSRF) vulnerability in Infoway LLC Ebook Downloader allows Cross Site Request Forgery. This issue affects Ebook Downloader: from n/a through 1.0. | 2025-04-01 | 7.1 | CVE-2025-31904 |
| InstaWP–InstaWP Connect | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion. This issue affects InstaWP Connect: from n/a through 0.1.0.82. | 2025-03-31 | 7.5 | CVE-2025-31387 |
| itsourcecode–Online Blood Bank Management System | A vulnerability, which was classified as critical, has been found in itsourcecode Online Blood Bank Management System 1.0. This issue affects some unknown processing of the file /bbms.php. The manipulation of the argument Search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3195 |
| Ivanti–Connect Secure | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. | 2025-04-03 | 9 | CVE-2025-22457 |
| Jakeii–Pesapal Gateway for Woocommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jakeii Pesapal Gateway for Woocommerce allows Reflected XSS. This issue affects Pesapal Gateway for Woocommerce: from n/a through 2.1.0. | 2025-04-01 | 7.1 | CVE-2025-30579 |
| Jakub Glos–Sparkle Elementor Kit | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Jakub Glos Sparkle Elementor Kit allows PHP Local File Inclusion. This issue affects Sparkle Elementor Kit: from n/a through 2.0.9. | 2025-04-04 | 7.5 | CVE-2025-32157 |
| Jenkins Project–Jenkins Templating Engine Plugin | In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. | 2025-04-02 | 8.8 | CVE-2025-31722 |
| jhipster–generator-jhipster-entity-audit | generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath and also has access to these REST interface for calling the mentioned REST endpoints, using these lines of code can lead to unintended remote code execution. This vulnerability is fixed in 5.9.1. | 2025-04-03 | 7.6 | CVE-2025-31119 |
| jiangmiao–WP Cleaner | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in jiangmiao WP Cleaner allows Reflected XSS. This issue affects WP Cleaner: from n/a through 1.1.5. | 2025-04-01 | 7.1 | CVE-2025-31446 |
| jooby-project–jooby | Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImpl#get module deserializes untrusted data. This vulnerability is fixed in 2.17.0 (2.x) and 3.7.0 (3.x). | 2025-03-31 | 8.8 | CVE-2025-31129 |
| JoomSky–JS Help Desk | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2. | 2025-04-01 | 9.3 | CVE-2025-30886 |
| JoomSky–JS Help Desk | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in JoomSky JS Help Desk allows Path Traversal. This issue affects JS Help Desk: from n/a through 2.9.2. | 2025-04-01 | 8.6 | CVE-2025-30878 |
| JoomSky–JS Help Desk | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in JoomSky JS Help Desk allows PHP Local File Inclusion. This issue affects JS Help Desk: from n/a through 2.9.2. | 2025-04-01 | 8.1 | CVE-2025-30901 |
| JoomSky–JS Help Desk | Missing Authorization vulnerability in JoomSky JS Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Help Desk: from n/a through 2.9.2. | 2025-04-01 | 7.5 | CVE-2025-30880 |
| JoomSky–JS Help Desk | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in JoomSky JS Help Desk allows Path Traversal. This issue affects JS Help Desk: from n/a through 2.9.1. | 2025-04-01 | 7.5 | CVE-2025-30882 |
| JoomSky–JS Job Manager | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion. This issue affects JS Job Manager: from n/a through 2.0.2. | 2025-04-04 | 8.8 | CVE-2025-32146 |
| jupyterlab–jupyterlab-git | jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(<command>). These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks “Git > Open Git Repository in Terminal” from the menu bar, then the injected command <command> is run in the user’s shell without the user’s permission. This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd <git-repo-path> through the shell to set the current directory. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix. This vulnerability is fixed in 0.51.1. | 2025-04-03 | 7.4 | CVE-2025-30370 |
| Kentico–Xperience | An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180. | 2025-03-31 | 7.5 | CVE-2025-2794 |
| Kentico–Xperience | Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS. | 2025-04-06 | 7.2 | CVE-2025-32370 |
| Labib Ahmed–Team Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Labib Ahmed Team Builder allows Reflected XSS. This issue affects Team Builder: from n/a through 1.3. | 2025-04-03 | 7.1 | CVE-2025-31907 |
| leadfox–Leadfox for WordPress | Cross-Site Request Forgery (CSRF) vulnerability in leadfox Leadfox for WordPress allows Cross Site Request Forgery. This issue affects Leadfox for WordPress: from n/a through 2.1.8. | 2025-03-31 | 7.1 | CVE-2025-31585 |
| lexicata–Lexicata | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in lexicata Lexicata allows Reflected XSS. This issue affects Lexicata: from n/a through 1.0.16. | 2025-04-03 | 7.1 | CVE-2025-31900 |
| Link Software LLC–HTML Forms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.1. | 2025-04-01 | 7.1 | CVE-2025-31080 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in key_put() Once a key’s reference count has been reduced to 0, the garbage collector thread may destroy it at any time and so key_put() is not allowed to touch the key after that point. The most key_put() is normally allowed to do is to touch key_gc_work as that’s a static global variable. However, in an effort to speed up the reclamation of quota, this is now done in key_put() once the key’s usage is reduced to 0 – but now the code is looking at the key after the deadline, which is forbidden. Fix this by using a flag to indicate that a key can be gc’d now rather than looking at the key’s refcount in the garbage collector. | 2025-03-31 | 7.8 | CVE-2025-21893 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX’s inode instantiation. The bug is that pde->proc_ops don’t belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered is a bug unless use_pde/unuse_pde() pair has been used. use_pde/unuse_pde can be avoided (2 atomic ops!) because pde->proc_ops never changes so information necessary for inode instantiation can be saved _before_ proc_register() in PDE itself and used later, avoiding pde->proc_ops->… dereference. rmmod lookup sys_delete_module proc_lookup_de pde_get(de); proc_get_inode(dir->i_sb, de); mod->exit() proc_remove remove_proc_subtree proc_entry_rundown(de); free_module(mod); if (S_ISREG(inode->i_mode)) if (de->proc_ops->proc_read_iter) –> As module is already freed, will trigger UAF BUG: unable to handle page fault for address: fffffbfff80a702b PGD 817fc4067 P4D 817fc4067 PUD 817fc0067 PMD 102ef4067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 26 UID: 0 PID: 2667 Comm: ls Tainted: G Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:proc_get_inode+0x302/0x6e0 RSP: 0018:ffff88811c837998 EFLAGS: 00010a06 RAX: dffffc0000000000 RBX: ffffffffc0538140 RCX: 0000000000000007 RDX: 1ffffffff80a702b RSI: 0000000000000001 RDI: ffffffffc0538158 RBP: ffff8881299a6000 R08: 0000000067bbe1e5 R09: 1ffff11023906f20 R10: ffffffffb560ca07 R11: ffffffffb2b43a58 R12: ffff888105bb78f0 R13: ffff888100518048 R14: ffff8881299a6004 R15: 0000000000000001 FS: 00007f95b9686840(0000) GS:ffff8883af100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffbfff80a702b CR3: 0000000117dd2000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> proc_lookup_de+0x11f/0x2e0 __lookup_slow+0x188/0x350 walk_component+0x2ab/0x4f0 path_lookupat+0x120/0x660 filename_lookup+0x1ce/0x560 vfs_statx+0xac/0x150 __do_sys_newstat+0x96/0x110 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e [[email protected]: don’t do 2 atomic ops on the common path] | 2025-04-03 | 7.8 | CVE-2025-21999 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free. | 2025-04-03 | 7.8 | CVE-2025-22004 |
| logoninc–KB Support Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin | The KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.4 via the ‘kbs’ directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/kbs directory which can contain file attachments included in support tickets. The vulnerability was partially patched in version 1.7.3.2. | 2025-04-05 | 7.5 | CVE-2024-13604 |
| M. Ali Saleem–Support Helpdesk Ticket System Lite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in M. Ali Saleem Support Helpdesk Ticket System Lite allows Reflected XSS. This issue affects Support Helpdesk Ticket System Lite: from n/a through 4.5.2. | 2025-04-03 | 7.1 | CVE-2025-31626 |
| M. Tuhin–Ultimate Push Notifications | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in M. Tuhin Ultimate Push Notifications allows SQL Injection. This issue affects Ultimate Push Notifications: from n/a through 1.1.8. | 2025-04-01 | 8.5 | CVE-2025-31561 |
| M. Tuhin–Ultimate Push Notifications | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in M. Tuhin Ultimate Push Notifications allows Reflected XSS. This issue affects Ultimate Push Notifications: from n/a through 1.1.8. | 2025-04-01 | 7.1 | CVE-2025-31548 |
| madfishdigital–Bulk NoIndex & NoFollow Toolkit | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in madfishdigital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS. This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.16. | 2025-04-01 | 7.1 | CVE-2025-31537 |
| magepeopleteam–WpTravelly | Deserialization of Untrusted Data vulnerability in magepeopleteam WpTravelly allows Object Injection. This issue affects WpTravelly: from n/a through 1.8.7. | 2025-04-01 | 8.8 | CVE-2025-30892 |
| manu225–Falling things | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in manu225 Falling things allows SQL Injection. This issue affects Falling things: from n/a through 1.08. | 2025-04-04 | 7.6 | CVE-2025-32203 |
| marcoingraiti–Actionwear products sync | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in marcoingraiti Actionwear products sync allows SQL Injection. This issue affects Actionwear products sync: from n/a through 2.3.3. | 2025-04-01 | 8.5 | CVE-2025-31619 |
| markkinchin–Beds24 Online Booking | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in markkinchin Beds24 Online Booking allows PHP Local File Inclusion. This issue affects Beds24 Online Booking: from n/a through 2.0.26. | 2025-04-04 | 7.5 | CVE-2025-32155 |
| Martin Nguyen–Next-Cart Store to WooCommerce Migration | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Martin Nguyen Next-Cart Store to WooCommerce Migration allows SQL Injection. This issue affects Next-Cart Store to WooCommerce Migration: from n/a through 3.9.4. | 2025-04-01 | 9.3 | CVE-2025-30807 |
| MDJM–MDJM Event Management | Deserialization of Untrusted Data vulnerability in MDJM MDJM Event Management allows Object Injection. This issue affects MDJM Event Management: from n/a through 1.7.5.2. | 2025-04-01 | 8.8 | CVE-2025-31074 |
| Michel – xiligroup dev–xili-dictionary | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Michel – xiligroup dev xili-dictionary allows Reflected XSS. This issue affects xili-dictionary: from n/a through 2.12.5. | 2025-04-01 | 7.1 | CVE-2025-30840 |
| Michel – xiligroup dev–xili-language | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Michel – xiligroup dev xili-language allows Reflected XSS. This issue affects xili-language: from n/a through 2.21.2. | 2025-04-01 | 7.1 | CVE-2025-31085 |
| Microsoft–Azure Health Bot | An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. | 2025-04-01 | 8.3 | CVE-2025-21384 |
| Microsoft–Azure Playwright | Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network. | 2025-03-31 | 8.1 | CVE-2025-26683 |
| Microsoft–Microsoft Edge (Chromium-based) | Access of resource using incompatible type (‘type confusion’) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 2025-04-04 | 8.8 | CVE-2025-25000 |
| Microsoft–Microsoft Edge (Chromium-based) | Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. | 2025-04-04 | 7.6 | CVE-2025-29815 |
| MongoDB Inc–MongoDB Server | A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer’s certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to improper authentication. This issue may also affect intra-cluster authentication. This issue affects MongoDB Server v5.0 versions prior to 5.0.31, MongoDB Server v6.0 versions prior to 6.0.20, MongoDB Server v7.0 versions prior to 7.0.16 and MongoDB Server v8.0 versions prior to 8.0.4. Required Configuration : MongoDB Server must be running on Linux Operating Systems and CRL revocation status checking must be enabled | 2025-04-01 | 8.1 | CVE-2025-3085 |
| MongoDB Inc–MongoDB Server | Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16 | 2025-04-01 | 7.5 | CVE-2025-3083 |
| moshensky–CF7 Spreadsheets | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in moshensky CF7 Spreadsheets allows Reflected XSS. This issue affects CF7 Spreadsheets: from n/a through 2.3.2. | 2025-04-03 | 7.1 | CVE-2025-31536 |
| Mozilla–Firefox | Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. | 2025-04-01 | 8.1 | CVE-2025-3030 |
| Mozilla–Firefox | Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137 and Thunderbird < 137. | 2025-04-01 | 8.1 | CVE-2025-3034 |
| Mozilla–Firefox | A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. | 2025-04-01 | 7.3 | CVE-2025-3029 |
| Mozilla–Firefox | Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137. | 2025-04-01 | 7.4 | CVE-2025-3032 |
| Mozilla–Firefox | After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 137 and Thunderbird < 137. | 2025-04-01 | 7.7 | CVE-2025-3033 |
| n/a–bigint-buffer | Versions of the package bigint-buffer from 0.0.0 are vulnerable to Buffer Overflow in the toBigIntLE() function. Attackers can exploit this to crash the application. | 2025-04-04 | 7.5 | CVE-2025-3194 |
| n/a–expand-object | Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like __proto__. | 2025-04-04 | 7.3 | CVE-2025-3197 |
| n/a–n/a | OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php and \openemr\controller.php. | 2025-04-03 | 9.8 | CVE-2024-22611 |
| n/a–n/a | Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code. | 2025-04-02 | 9.1 | CVE-2024-38392 |
| n/a–n/a | In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-based buffer overflow in the M-SEARCH Host header. | 2025-03-31 | 9.8 | CVE-2024-54802 |
| n/a–n/a | Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoe_peer_mac and forcing a reboot. This will result in command injection. | 2025-03-31 | 9.8 | CVE-2024-54803 |
| n/a–n/a | Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wan_hostname and forcing a reboot. This will result in command injection. | 2025-03-31 | 9.8 | CVE-2024-54804 |
| n/a–n/a | Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter get_email. After which, they can visit the send_log.cgi endpoint which uses the parameter in a system call to achieve command execution. | 2025-03-31 | 9.8 | CVE-2024-54805 |
| n/a–n/a | Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface. | 2025-03-31 | 9.8 | CVE-2024-54806 |
| n/a–n/a | In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request for AddPortMapping via the router’s WANIPConn1 service to achieve arbitrary command execution. | 2025-03-31 | 9.8 | CVE-2024-54807 |
| n/a–n/a | Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution. | 2025-03-31 | 9.8 | CVE-2024-54808 |
| n/a–n/a | Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take control of the program counter and hijack control flow of the program to execute arbitrary system commands. | 2025-03-31 | 9.8 | CVE-2024-54809 |
| n/a–n/a | An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors. | 2025-03-31 | 9.8 | CVE-2025-22937 |
| n/a–n/a | Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default passwords. | 2025-03-31 | 9.8 | CVE-2025-22938 |
| n/a–n/a | A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. | 2025-03-31 | 9.8 | CVE-2025-22939 |
| n/a–n/a | Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unauthorized attackers to arbitrarily set the admin password. | 2025-03-31 | 9.1 | CVE-2025-22940 |
| n/a–n/a | A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. | 2025-03-31 | 9.8 | CVE-2025-22941 |
| n/a–n/a | Netwrix Password Secure 9.2.0.32454 allows OS command injection. | 2025-04-03 | 9.8 | CVE-2025-26817 |
| n/a–n/a | Netwrix Password Secure through 9.2 allows command injection. | 2025-04-03 | 9.8 | CVE-2025-26818 |
| n/a–n/a | An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice. | 2025-04-02 | 9.8 | CVE-2025-29062 |
| n/a–n/a | An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly. | 2025-04-02 | 9.8 | CVE-2025-29063 |
| n/a–n/a | SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component. | 2025-04-02 | 9.8 | CVE-2025-29085 |
| n/a–n/a | SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php. | 2025-04-03 | 9.8 | CVE-2025-29647 |
| n/a–n/a | insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution. | 2025-04-03 | 8.8 | CVE-2024-45198 |
| n/a–n/a | insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution. | 2025-04-03 | 8.8 | CVE-2024-45199 |
| n/a–n/a | An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile. | 2025-04-02 | 8.8 | CVE-2025-22923 |
| n/a–n/a | OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php. | 2025-04-02 | 8.8 | CVE-2025-22924 |
| n/a–n/a | Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message. | 2025-04-02 | 7.5 | CVE-2024-37917 |
| n/a–n/a | An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt. | 2025-04-03 | 7.5 | CVE-2024-47212 |
| n/a–n/a | An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted. | 2025-04-03 | 7.5 | CVE-2024-47213 |
| n/a–n/a | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the table parameter at /attendance/AttendanceCodes.php. The remote, authenticated attacker requires the admin role to successfully exploit this vulnerability. | 2025-04-02 | 7.5 | CVE-2025-22925 |
| n/a–n/a | An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=” HTTP GET parameter. | 2025-04-01 | 7.3 | CVE-2025-29033 |
| n/a–n/a | A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this is disputed by the Supplier because the finding identified a bug in a third-party calling program, not in lcms. | 2025-04-01 | 7.3 | CVE-2025-29069 |
| n/a–n/a | A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this because “this is not exploitable as this function is never called on normal color management, is there only as a helper for low-level programming and investigation.” | 2025-04-01 | 7.5 | CVE-2025-29070 |
| n/a–n/a | Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification. | 2025-04-03 | 7.8 | CVE-2025-29504 |
| n/a–n/a | Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort). | 2025-04-02 | 7.5 | CVE-2025-30080 |
| n/a–spatie/browsershot | Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories. | 2025-04-04 | 8.2 | CVE-2025-3192 |
| Name.ly–Quick Localization | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Name.ly Quick Localization allows Reflected XSS. This issue affects Quick Localization: from n/a through 0.1.0. | 2025-04-01 | 7.1 | CVE-2025-30607 |
| Nick McReynolds–Product Table by WBW | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nick McReynolds Product Table by WBW allows Reflected XSS. This issue affects Product Table by WBW: from n/a through 2.1.4. | 2025-04-01 | 7.1 | CVE-2025-31086 |
| NiteoThemes–CMP Coming Soon & Maintenance | Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13. | 2025-04-04 | 9.1 | CVE-2025-32118 |
| noonnoo–Gravel | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in noonnoo Gravel allows Reflected XSS.This issue affects Gravel: from n/a through 1.6. | 2025-04-04 | 7.1 | CVE-2025-31418 |
| NotFound–Apptivo Business Site CRM | Missing Authorization vulnerability in NotFound Apptivo Business Site CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Apptivo Business Site CRM: from n/a through 5.3. | 2025-04-03 | 7.5 | CVE-2025-31909 |
| NotFound–Delete Post Revision | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Delete Post Revision allows Reflected XSS. This issue affects Delete Post Revision: from n/a through 1.1. | 2025-04-01 | 7.1 | CVE-2025-31454 |
| NotFound–DigiWidgets Image Editor | Improper Control of Generation of Code (‘Code Injection’) vulnerability in NotFound DigiWidgets Image Editor allows Remote Code Inclusion. This issue affects DigiWidgets Image Editor: from n/a through 1.10. | 2025-04-01 | 10 | CVE-2025-30580 |
| NotFound–Flickr Photostream | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Flickr Photostream allows Reflected XSS. This issue affects Flickr Photostream: from n/a through 3.1.8. | 2025-04-03 | 7.1 | CVE-2025-31467 |
| NotFound–Flickr set slideshows | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Flickr set slideshows allows SQL Injection. This issue affects Flickr set slideshows: from n/a through 0.9. | 2025-04-01 | 8.5 | CVE-2025-30589 |
| NotFound–Frizzly | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Frizzly allows Reflected XSS. This issue affects Frizzly: from n/a through 1.1.0. | 2025-04-01 | 7.1 | CVE-2025-30554 |
| NotFound–Kento WordPress Stats | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Kento WordPress Stats allows Stored XSS. This issue affects Kento WordPress Stats: from n/a through 1.1. | 2025-04-01 | 7.1 | CVE-2025-30559 |
| NotFound–Latest Custom Post Type Updates | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Latest Custom Post Type Updates allows Reflected XSS. This issue affects Latest Custom Post Type Updates: from n/a through 1.3.0. | 2025-04-03 | 7.1 | CVE-2025-30616 |
| NotFound–Limit Max IPs Per User | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Limit Max IPs Per User allows DOM-Based XSS. This issue affects Limit Max IPs Per User: from n/a through 1.5. | 2025-04-01 | 7.1 | CVE-2025-31455 |
| NotFound–MediaView | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound MediaView allows Reflected XSS. This issue affects MediaView: from n/a through 1.1.2. | 2025-04-03 | 7.1 | CVE-2025-31898 |
| NotFound–NanoSupport | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound NanoSupport allows Reflected XSS. This issue affects NanoSupport: from n/a through 0.6.0. | 2025-04-01 | 7.1 | CVE-2025-31461 |
| NotFound–OK Poster Group | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound OK Poster Group allows Reflected XSS. This issue affects OK Poster Group: from n/a through 1.1. | 2025-04-01 | 7.1 | CVE-2025-30544 |
| NotFound–Pages Order | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Pages Order allows Reflected XSS. This issue affects Pages Order: from n/a through 1.1.3. | 2025-04-01 | 7.1 | CVE-2025-31445 |
| NotFound–Search engine keywords highlighter | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Search engine keywords highlighter allows Reflected XSS. This issue affects Search engine keywords highlighter: from n/a through 0.1.3. | 2025-04-03 | 7.1 | CVE-2025-31442 |
| NotFound–Social Share And Social Locker | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Social Share And Social Locker allows Blind SQL Injection. This issue affects Social Share And Social Locker: from n/a through 1.4.2. | 2025-04-03 | 9.3 | CVE-2025-31911 |
| NotFound–Social Share And Social Locker | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Social Share And Social Locker allows Reflected XSS. This issue affects Social Share And Social Locker: from n/a through 1.4.1. | 2025-04-03 | 7.1 | CVE-2025-31902 |
| NotFound–Team Rosters | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Team Rosters allows Reflected XSS. This issue affects Team Rosters: from n/a through 4.7. | 2025-04-03 | 7.1 | CVE-2025-31905 |
| NotFound–Tidekey | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Tidekey allows Reflected XSS. This issue affects Tidekey: from n/a through 1.1. | 2025-04-01 | 7.1 | CVE-2025-30563 |
| NotFound–WP Bookmarks | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WP Bookmarks allows Reflected XSS. This issue affects WP Bookmarks: from n/a through 1.1. | 2025-04-01 | 7.1 | CVE-2025-31431 |
| NotFound–WP_Identicon | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WP_Identicon allows Reflected XSS. This issue affects WP_Identicon: from n/a through 2.0. | 2025-04-03 | 7.1 | CVE-2025-31468 |
| NotFound–Wptobe-signinup | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Wptobe-signinup allows Reflected XSS. This issue affects Wptobe-signinup: from n/a through 1.1.2. | 2025-04-03 | 7.1 | CVE-2025-30611 |
| NotFound–XV Random Quotes | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound XV Random Quotes allows Reflected XSS. This issue affects XV Random Quotes: from n/a through 1.37. | 2025-04-03 | 7.1 | CVE-2025-31903 |
| onOffice GmbH–onOffice for WP-Websites | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in onOffice GmbH onOffice for WP-Websites allows SQL Injection. This issue affects onOffice for WP-Websites: from n/a through 5.7. | 2025-04-04 | 7.6 | CVE-2025-32127 |
| Open Source Robotics Foundation–Robot Operating System (ROS) | A YAML deserialization vulnerability was found in the Robot Operating System (ROS) ‘dynparam’, a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the ‘set’ and ‘get’ verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code. This issue has now been fixed for ROS Noetic via commit 3d93ac13603438323d7e9fa74e879e45c5fe2e8e. | 2025-04-02 | 8.4 | CVE-2024-39780 |
| OpenVPN–OpenVPN | OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges | 2025-04-03 | 8.8 | CVE-2024-4877 |
| OTWthemes–Sidebar Manager Light | Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery. This issue affects Sidebar Manager Light: from n/a through 1.1.8. | 2025-04-04 | 7.1 | CVE-2025-32112 |
| owenr88–Simple Contact Forms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in owenr88 Simple Contact Forms allows Stored XSS. This issue affects Simple Contact Forms: from n/a through 1.6.4. | 2025-03-31 | 7.1 | CVE-2025-31615 |
| Parakoos–Image Wall | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Parakoos Image Wall allows Reflected XSS. This issue affects Image Wall: from n/a through 3.0. | 2025-04-01 | 7.1 | CVE-2025-30869 |
| Pepro Dev. Group–PeproDev CF7 Database | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pepro Dev. Group PeproDev CF7 Database allows Stored XSS. This issue affects PeproDev CF7 Database: from n/a through 2.0.0. | 2025-04-03 | 7.1 | CVE-2025-31573 |
| pgadmin.org–pgAdmin 4 | Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. This issue affects pgAdmin 4: before 9.2. | 2025-04-03 | 9.9 | CVE-2025-2945 |
| pgadmin.org–pgAdmin 4 | pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user’s browser through query result rendering, then HTML/JavaScript runs on the browser. | 2025-04-03 | 9.1 | CVE-2025-2946 |
| PHPGurukul–Boat Booking System | A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3147 |
| PHPGurukul–Bus Pass Management System | A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3146 |
| PHPGurukul–e-Diary Management System | A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /edit-category.php?id=8. The manipulation of the argument Category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 7.3 | CVE-2025-3006 |
| PHPGurukul–e-Diary Management System | A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument logindetail leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3187 |
| PHPGurukul–e-Diary Management System | A vulnerability classified as critical has been found in PHPGurukul e-Diary Management System 1.0. This affects an unknown part of the file /add-notes.php. The manipulation of the argument Category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3188 |
| PHPGurukul–e-Diary Management System | A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /view-note.php?noteid=11. The manipulation of the argument remark leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3213 |
| PHPGurukul–e-Diary Management System | A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been classified as critical. This affects an unknown part of the file /password-recovery.php. The manipulation of the argument username/contactno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3216 |
| PHPGurukul–e-Diary Management System | A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /registration.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3217 |
| PHPGurukul–e-Diary Management System | A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3220 |
| PHPGurukul–e-Diary Management System | A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-category.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3265 |
| PHPGurukul–Men Salon Management System | A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /appointment.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-05 | 7.3 | CVE-2025-3299 |
| PHPGurukul–Men Salon Management System | A vulnerability classified as critical was found in PHPGurukul Men Salon Management System 1.0. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-06 | 7.3 | CVE-2025-3311 |
| PHPGurukul–Men Salon Management System | A vulnerability, which was classified as critical, has been found in PHPGurukul Men Salon Management System 1.0. This issue affects some unknown processing of the file /admin/add-customer-services.php. The manipulation of the argument sids[] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-06 | 7.3 | CVE-2025-3312 |
| PHPGurukul–Men Salon Management System | A vulnerability, which was classified as critical, was found in PHPGurukul Men Salon Management System 1.0. Affected is an unknown function of the file /admin/add-customer.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-06 | 7.3 | CVE-2025-3313 |
| PHPGurukul–Men Salon Management System | A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-06 | 7.3 | CVE-2025-3316 |
| PHPGurukul–Old Age Home Management System | A vulnerability classified as critical was found in PHPGurukul Old Age Home Management System 1.0. This vulnerability affects unknown code of the file /search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3258 |
| PHPGurukul–Online Fire Reporting System | A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /search-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3238 |
| PHPGurukul–Online Fire Reporting System | A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3239 |
| PHPGurukul–Online Fire Reporting System | A vulnerability, which was classified as critical, has been found in PHPGurukul Online Fire Reporting System 1.2. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3240 |
| PHPGurukul–Online Security Guards Hiring System | A vulnerability, which was classified as critical, was found in PHPGurukul Online Security Guards Hiring System 1.0. Affected is an unknown function of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3137 |
| PHPGurukul–Online Security Guards Hiring System | A vulnerability has been found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3138 |
| PHPGurukul–Time Table Generator System | A vulnerability was found in PHPGurukul Time Table Generator System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-class.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3168 |
| PHPGurukul–Zoo Management System | A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3231 |
| PickPlugins–Testimonial Slider | Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider allows Object Injection. This issue affects Testimonial Slider: from n/a through 2.0.13. | 2025-04-03 | 8.8 | CVE-2025-30889 |
| PiExtract–SOOP-CLM | SOOP-CLM from PiExtract has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 2025-03-31 | 9.8 | CVE-2025-3011 |
| pluggabl–Booster for WooCommerce | The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-04-04 | 8.1 | CVE-2024-13744 |
| pluggabl–Booster for WooCommerce | The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-01 | 7.2 | CVE-2024-12278 |
| pluggabl–Booster for WooCommerce | The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-04-04 | 7.2 | CVE-2024-13708 |
| podpirate–Access Areas | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in podpirate Access Areas allows Reflected XSS. This issue affects Access Areas: from n/a through 1.5.19. | 2025-04-01 | 7.1 | CVE-2025-30913 |
| primersoftware–Primer MyData for Woocommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in primersoftware Primer MyData for Woocommerce allows Reflected XSS. This issue affects Primer MyData for Woocommerce: from n/a through n/a. | 2025-04-01 | 7.1 | CVE-2025-30924 |
| ProfitShare.ro–WP Profitshare | Cross-Site Request Forgery (CSRF) vulnerability in ProfitShare.ro WP Profitshare allows Stored XSS. This issue affects WP Profitshare: from n/a through 1.4.9. | 2025-04-01 | 7.1 | CVE-2025-31906 |
| Project Worlds–Online Lawyer Management System | A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. This affects an unknown part of the file /admin_user.php. The manipulation of the argument block_id/unblock_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3170 |
| Project Worlds–Online Lawyer Management System | A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. This vulnerability affects unknown code of the file /approve_lawyer.php. The manipulation of the argument unblock_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3171 |
| Project Worlds–Online Lawyer Management System | A vulnerability, which was classified as critical, has been found in Project Worlds Online Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyer_booking.php. The manipulation of the argument unblock_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3172 |
| Project Worlds–Online Lawyer Management System | A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the file /save_booking.php. The manipulation of the argument lawyer_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3173 |
| Project Worlds–Online Lawyer Management System | A vulnerability has been found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /searchLawyer.php. The manipulation of the argument experience leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3174 |
| Project Worlds–Online Lawyer Management System | A vulnerability was found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /save_user_edit_profile.php. The manipulation of the argument first_Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3175 |
| Project Worlds–Online Lawyer Management System | A vulnerability was found in Project Worlds Online Lawyer Management System 1.0. It has been classified as critical. This affects an unknown part of the file /single_lawyer.php. The manipulation of the argument u_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3176 |
| projectworlds–Online Doctor Appointment Booking System | A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /doctor/deleteappointment.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3178 |
| projectworlds–Online Doctor Appointment Booking System | A vulnerability classified as critical has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected is an unknown function of the file /doctor/deletepatient.php. The manipulation of the argument ic leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3179 |
| projectworlds–Online Doctor Appointment Booking System | A vulnerability classified as critical was found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor/deleteschedule.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3180 |
| projectworlds–Online Doctor Appointment Booking System | A vulnerability, which was classified as critical, has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this issue is some unknown functionality of the file /patient/appointment.php?scheduleDate=1&appid=1. The manipulation of the argument scheduleDate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3181 |
| projectworlds–Online Doctor Appointment Booking System | A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. This affects an unknown part of the file /patient/getschedule.php. The manipulation of the argument q leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3182 |
| projectworlds–Online Doctor Appointment Booking System | A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /patient/patientupdateprofile.php. The manipulation of the argument patientFirstName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-03 | 7.3 | CVE-2025-3183 |
| projectworlds–Online Doctor Appointment Booking System | A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /patient/profile.php?patientId=1. The manipulation of the argument patientFirstName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-03 | 7.3 | CVE-2025-3184 |
| projectworlds–Online Doctor Appointment Booking System | A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been classified as critical. Affected is an unknown function of the file /patient/patientupdateprofile.php. The manipulation of the argument patientFirstName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-03 | 7.3 | CVE-2025-3185 |
| projectworlds–Online Doctor Appointment Booking System | A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /patient/invoice.php. The manipulation of the argument appid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3186 |
| Property Hive–Houzez Property Feed | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Property Hive Houzez Property Feed allows Path Traversal. This issue affects Houzez Property Feed: from n/a through 2.5.4. | 2025-04-01 | 7.5 | CVE-2025-30793 |
| qinguoyi–TinyWebServer | A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0. Affected by this issue is some unknown functionality of the file /http/http_conn.cpp. The manipulation of the argument name/password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 7.3 | CVE-2025-3266 |
| RadiusTheme–Radius Blocks | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in RadiusTheme Radius Blocks allows PHP Local File Inclusion. This issue affects Radius Blocks: from n/a through 2.2.1. | 2025-04-04 | 7.5 | CVE-2025-32159 |
| ramanparashar–Useinfluence | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ramanparashar Useinfluence allows Stored XSS. This issue affects Useinfluence: from n/a through 1.0.8. | 2025-03-31 | 7.1 | CVE-2025-31625 |
| Rameez Iqbal–Real Estate Manager | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Rameez Iqbal Real Estate Manager allows PHP Local File Inclusion. This issue affects Real Estate Manager: from n/a through 7.3. | 2025-04-04 | 7.5 | CVE-2025-32150 |
| randyjensen–RJ Quickcharts | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in randyjensen RJ Quickcharts allows SQL Injection. This issue affects RJ Quickcharts: from n/a through 0.6.1. | 2025-04-01 | 8.5 | CVE-2025-31024 |
| Red Hat–OpenShift Lightspeed | A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability. | 2025-03-31 | 7.5 | CVE-2025-2586 |
| Red Hat–Red Hat Enterprise Linux 6 | A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. | 2025-04-03 | 7 | CVE-2025-2784 |
| Red Hat–Red Hat Enterprise Linux 6 | A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). | 2025-04-03 | 7.5 | CVE-2025-32049 |
| Renzo Tejada–Libro de Reclamaciones y Quejas | Cross-Site Request Forgery (CSRF) vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas allows Cross Site Request Forgery. This issue affects Libro de Reclamaciones y Quejas: from n/a through 0.9. | 2025-04-04 | 7.1 | CVE-2025-32113 |
| reputeinfosystems–BookingPress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28. | 2025-04-01 | 7.6 | CVE-2025-31910 |
| richtexteditor–Rich Text Editor | Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor allows Stored XSS. This issue affects Rich Text Editor: from n/a through 1.0.1. | 2025-03-31 | 7.1 | CVE-2025-31623 |
| rickonline_nl–Better WishList API | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in rickonline_nl Better WishList API allows Reflected XSS. This issue affects Better WishList API: from n/a through 1.1.4. | 2025-04-01 | 7.1 | CVE-2025-30798 |
| riosisgroup–Rio Video Gallery | Cross-Site Request Forgery (CSRF) vulnerability in riosisgroup Rio Video Gallery allows Stored XSS. This issue affects Rio Video Gallery: from n/a through 2.3.6. | 2025-03-31 | 7.1 | CVE-2025-31566 |
| rocketelements–Split Test For Elementor | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in rocketelements Split Test For Elementor allows SQL Injection. This issue affects Split Test For Elementor: from n/a through 1.8.2. | 2025-04-04 | 7.6 | CVE-2025-32204 |
| Rometheme–RomethemeKit For Elementor | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4. | 2025-04-01 | 9.9 | CVE-2025-30911 |
| rustaurius–Front End Users | The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-04-02 | 9.8 | CVE-2025-2005 |
| rzfarrell–CGM Event Calendar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in rzfarrell CGM Event Calendar allows Reflected XSS. This issue affects CGM Event Calendar: from n/a through 0.8.5. | 2025-04-01 | 7.1 | CVE-2025-31462 |
| S–WordPress Galleria | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in S WordPress Galleria allows Reflected XSS. This issue affects WordPress Galleria: from n/a through 1.4. | 2025-04-01 | 7.1 | CVE-2025-31441 |
| Sabuj Kundu–CBX Poll | Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Poll allows Object Injection. This issue affects CBX Poll: from n/a through 1.2.7. | 2025-04-01 | 9.8 | CVE-2025-31612 |
| Salesmate.io–Salesmate Add-On for Gravity Forms | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms allows SQL Injection. This issue affects Salesmate Add-On for Gravity Forms: from n/a through 2.0.3. | 2025-04-01 | 9.3 | CVE-2025-31551 |
| Saleswonder Team Tobias–WP2LEADS | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Saleswonder Team Tobias WP2LEADS allows Reflected XSS. This issue affects WP2LEADS: from n/a through 3.4.5. | 2025-04-01 | 7.1 | CVE-2025-30827 |
| Sami Ahmed Siddiqui–JSON Structuring Markup | Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui JSON Structuring Markup allows Stored XSS. This issue affects JSON Structuring Markup: from n/a through 0.1. | 2025-04-01 | 7.1 | CVE-2025-31908 |
| sequel.io–Sequel | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sequel.Io Sequel allows Reflected XSS.This issue affects Sequel: from n/a through 1.0.11. | 2025-04-04 | 7.1 | CVE-2025-31389 |
| Shamalli–Web Directory Free | Cross-Site Request Forgery (CSRF) vulnerability in Shamalli Web Directory Free allows Stored XSS. This issue affects Web Directory Free: from n/a through 1.7.6. | 2025-04-03 | 7.1 | CVE-2025-30908 |
| shiptrack–Booking Calendar and Notification | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in shiptrack Booking Calendar and Notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through 4.0.3. | 2025-04-04 | 9.3 | CVE-2025-31403 |
| shopperapprovedapp–Shopper Approved Reviews | The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-04-02 | 8.8 | CVE-2025-3063 |
| shopperdotcom–Shopper | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in shopperdotcom Shopper allows SQL Injection. This issue affects Shopper: from n/a through 3.2.5. | 2025-04-01 | 9.3 | CVE-2025-31534 |
| ShortPixel–Enable Media Replace | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ShortPixel Enable Media Replace allows Reflected XSS. This issue affects Enable Media Replace: from n/a through 4.1.5. | 2025-04-01 | 7.1 | CVE-2025-31081 |
| silvasoft–Silvasoft boekhouden | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in silvasoft Silvasoft boekhouden allows SQL Injection. This issue affects Silvasoft boekhouden: from n/a through 3.0.1. | 2025-04-04 | 7.6 | CVE-2025-32125 |
| silverplugins217–Multiple Shipping And Billing Address For Woocommerce | Deserialization of Untrusted Data vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows Object Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.5. | 2025-04-01 | 9.8 | CVE-2025-31087 |
| smackcoders–Import Export Suite for CSV and XML Datafeed | The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 2025-04-01 | 8.1 | CVE-2025-2007 |
| smackcoders–Import Export Suite for CSV and XML Datafeed | The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-04-01 | 8.8 | CVE-2025-2008 |
| SourceCodester–Apartment Visitor Management System | A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /forgotpw.php. The manipulation of the argument secode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-06 | 7.3 | CVE-2025-3314 |
| SourceCodester–Apartment Visitor Management System | A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view-report.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-06 | 7.3 | CVE-2025-3315 |
| SourceCodester–Gym Management System | A vulnerability was found in SourceCodester Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /signup.php. The manipulation of the argument user_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 7.3 | CVE-2025-3151 |
| SquirrelMail–SquirrelMail | mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true. | 2025-04-02 | 7.2 | CVE-2025-30090 |
| STMicroelectronics–X-CUBE-AZRT-H7RS | A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2025-04-02 | 8.5 | CVE-2024-45064 |
| Stylemix–MasterStudy LMS | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Stylemix MasterStudy LMS allows PHP Local File Inclusion. This issue affects MasterStudy LMS: from n/a through 3.5.23. | 2025-04-04 | 8.8 | CVE-2025-32141 |
| Stylemix–Motors | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Stylemix Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.65. | 2025-04-04 | 8.8 | CVE-2025-32142 |
| Stylemix–uListing | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Stylemix uListing allows Blind SQL Injection. This issue affects uListing: from n/a through 2.1.9. | 2025-04-04 | 7.6 | CVE-2025-32122 |
| SuitePlugins–Video & Photo Gallery for Ultimate Member | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows SQL Injection. This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.3. | 2025-04-04 | 7.6 | CVE-2025-32121 |
| sunshinephotocart — sunshine_photo_cart | Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection. This issue affects Sunshine Photo Cart: from n/a through 3.4.10. | 2025-04-01 | 9.8 | CVE-2025-31084 |
| Sven Lehnert–BuddyForms | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Sven Lehnert BuddyForms allows PHP Local File Inclusion. This issue affects BuddyForms: from n/a through 2.8.15. | 2025-04-04 | 7.5 | CVE-2025-32151 |
| ta2g–Tantyyellow | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ta2g Tantyyellow allows Reflected XSS.This issue affects Tantyyellow: from n/a through 1.0.0.5. | 2025-03-31 | 7.1 | CVE-2025-23995 |
| tagDiv–tagDiv Composer | The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | 2025-04-04 | 9.8 | CVE-2024-13645 |
| TangibleWP–Vehica Core | The Vehica Core plugin for WordPress, used by the Vehica – Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator. | 2025-04-04 | 8.8 | CVE-2025-3105 |
| Tenda–AC10 | A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 8.8 | CVE-2025-3161 |
| Tenda–RX3 | A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 8.8 | CVE-2025-3259 |
| The Events Calendar–Event Tickets | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Events Calendar Event Tickets allows Reflected XSS. This issue affects Event Tickets: from n/a through 5.20.0. | 2025-04-01 | 7.1 | CVE-2025-30794 |
| The-Commit-Company–raven | Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10. | 2025-04-01 | 8.1 | CVE-2025-31132 |
| TLA Media–GTM Kit | Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit allows Retrieve Embedded Sensitive Data. This issue affects GTM Kit: from n/a through 2.3.1. | 2025-04-01 | 7.5 | CVE-2025-31001 |
| Tomdever–wpForo Forum | Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.4.2. | 2025-04-04 | 7.6 | CVE-2025-31420 |
| torsteino–PostMash | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in torsteino PostMash allows SQL Injection. This issue affects PostMash: from n/a through 1.0.3. | 2025-04-01 | 9.3 | CVE-2025-30622 |
| Tribulant Software–Snow Storm | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tribulant Software Snow Storm allows Reflected XSS. This issue affects Snow Storm: from n/a through 1.4.6. | 2025-04-03 | 7.1 | CVE-2025-30858 |
| Ubuntu–Ubuntu package linux-bluefield | Running DDoS on tcp port 22 will trigger a kernel crash. This issue is introduced by the backport of a commit regarding nft_lookup without the subsequent fixes that were introduced after this commit. The resolution of this CVE introduces those commits to the linux-bluefield package. | 2025-03-31 | 7.5 | CVE-2023-0881 |
| uncannyowl–Uncanny Automator Easy Automation, Integration, Webhooks & Workflow Builder Plugin | The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to add_role() and user_role() functions missing proper capability checks performed through the validate_rest_call() function. This makes it possible for unauthenticated attackers to set the role of arbitrary users to administrator granting full access to the site, though privilege escalation requires an active account on the site so this is considered an authenticated privilege escalation. | 2025-04-04 | 8.8 | CVE-2025-2075 |
| Unraid–Unraid | Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled. | 2025-03-31 | 9.6 | CVE-2025-29266 |
| VarDump s.r.l.–Advanced Post Search | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in VarDump s.r.l. Advanced Post Search allows Reflected XSS. This issue affects Advanced Post Search: from n/a through 1.1.0. | 2025-04-01 | 7.1 | CVE-2025-30548 |
| Vikas Ratudi–VForm | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vikas Ratudi VForm allows Reflected XSS. This issue affects VForm: from n/a through 3.1.9. | 2025-04-01 | 7.1 | CVE-2025-30778 |
| Vimal Kava–AI Search Bar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vimal Kava AI Search Bar allows Stored XSS. This issue affects AI Search Bar: from n/a through 1.3. | 2025-04-01 | 7.1 | CVE-2025-31563 |
| vinagecko–VG WooCarousel | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in vinagecko VG WooCarousel allows PHP Local File Inclusion. This issue affects VG WooCarousel: from n/a through 1.3. | 2025-04-04 | 7.5 | CVE-2025-32153 |
| VMware–VMware Aria operations | VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations. | 2025-04-01 | 7.8 | CVE-2025-22231 |
| weblizar–About Author | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in weblizar About Author allows Reflected XSS. This issue affects About Author: from n/a through 1.6.2. | 2025-04-01 | 7.1 | CVE-2025-30808 |
| winkm89–teachPress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in winkm89 teachPress allows SQL Injection. This issue affects teachPress: from n/a through 9.0.11. | 2025-04-04 | 8.5 | CVE-2025-32149 |
| wiredmindshelp–LeadLab by wiredminds | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wiredmindshelp LeadLab by wiredminds allows Reflected XSS. This issue affects LeadLab by wiredminds: from n/a through 1.3. | 2025-04-01 | 7.1 | CVE-2025-31568 |
| Wisdomlogix Solutions Pvt. Ltd.–Fonts Manager | Custom Fonts | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts allows Reflected XSS. This issue affects Fonts Manager | Custom Fonts: from n/a through 1.2. | 2025-04-01 | 7.1 | CVE-2025-31578 |
| WofficeIO–Woffice Core | The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the ‘saveFeaturedImage’ function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-04-04 | 9.8 | CVE-2025-2780 |
| woobewoo–Product Filter by WBW | The Product Filter by WBW plugin for WordPress is vulnerable to time-based SQL Injection via the filtersDataBackend parameter in all versions up to, and including, 2.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-04-04 | 7.5 | CVE-2025-2317 |
| WP Extended–The Ultimate WordPress Toolkit WP Extended | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS. This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 3.0.14. | 2025-04-01 | 7.1 | CVE-2025-30796 |
| WP Shuffle–Subscribe to Download Lite | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WP Shuffle Subscribe to Download Lite allows PHP Local File Inclusion. This issue affects Subscribe to Download Lite: from n/a through 1.2.9. | 2025-04-01 | 7.5 | CVE-2025-30782 |
| WP Travel Engine–WP Travel Engine | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5. | 2025-04-01 | 8.1 | CVE-2025-30870 |
| WP Wham–SKU Generator for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Wham SKU Generator for WooCommerce allows Reflected XSS. This issue affects SKU Generator for WooCommerce: from n/a through 1.6.2. | 2025-04-01 | 7.1 | CVE-2025-30917 |
| wp-buy–Related Posts Widget with Thumbnails | Cross-Site Request Forgery (CSRF) vulnerability in wp-buy Related Posts Widget with Thumbnails allows Stored XSS. This issue affects Related Posts Widget with Thumbnails: from n/a through 1.2. | 2025-03-31 | 7.1 | CVE-2025-31570 |
| wp-buy–wordpress related Posts with thumbnails | Cross-Site Request Forgery (CSRF) vulnerability in wp-buy wordpress related Posts with thumbnails allows Stored XSS. This issue affects wordpress related Posts with thumbnails: from n/a through 3.0.0.1. | 2025-03-31 | 7.1 | CVE-2025-31569 |
| WPClever–WPC Smart Linked Products – Upsells & Cross-sells for WooCommerce | Missing Authorization vulnerability in WPClever WPC Smart Linked Products – Upsells & Cross-sells for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Linked Products – Upsells & Cross-sells for WooCommerce: from n/a through 1.3.5. | 2025-04-01 | 8.8 | CVE-2025-30825 |
| WPFactory–Advanced WooCommerce Product Sales Reporting | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting allows SQL Injection. This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through 3.1. | 2025-04-01 | 9.3 | CVE-2025-31553 |
| WPglob–Auto scroll for reading | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPglob Auto scroll for reading allows Reflected XSS. This issue affects Auto scroll for reading: from n/a through 1.1.4. | 2025-04-01 | 7.1 | CVE-2025-31594 |
| wphocus–My auctions allegro | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in wphocus My auctions allegro allows Blind SQL Injection. This issue affects My auctions allegro: from n/a through 3.6.20. | 2025-03-31 | 8.5 | CVE-2025-31542 |
| wpshopee–Awesome Logos | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpshopee Awesome Logos allows Reflected XSS. This issue affects Awesome Logos: from n/a through 1.2. | 2025-04-03 | 7.1 | CVE-2025-31899 |
| Xavi Ivars–XV Random Quotes | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Xavi Ivars XV Random Quotes allows SQL Injection. This issue affects XV Random Quotes: from n/a through 1.40. | 2025-04-01 | 9.3 | CVE-2025-30971 |
| Xorcom–CompletePBX | Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35 | 2025-03-31 | 9.1 | CVE-2025-30004 |
| XTENDIFY–Woffice CRM | The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link. | 2025-04-04 | 9.8 | CVE-2025-2798 |
| xwiki-contrib–jira | The XWiki JIRA extension provides various integration points between XWiki and JIRA (macros, UI, CKEditor plugin). If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file’s content in one of the returned JIRA fields (such as the summary or description for example). The vulnerability has been patched in the JIRA Extension v8.6.5. | 2025-04-03 | 7.7 | CVE-2025-31487 |
| YayCommerce–YayExtra | Missing Authorization vulnerability in YayCommerce YayExtra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YayExtra: from n/a through 1.5.2. | 2025-04-01 | 7.6 | CVE-2025-31415 |
| YesWiki–yeswiki | YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2. | 2025-04-01 | 8.6 | CVE-2025-31131 |
| zankover–Fami WooCommerce Compare | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in zankover Fami WooCommerce Compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through 1.0.5. | 2025-04-04 | 7.5 | CVE-2025-31405 |
| Zend–ZendTo | An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp_name parameter when dropping off a file via a POST /dropoff request. | 2025-04-05 | 10 | CVE-2021-47667 |
| zitadel–zitadel | Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to obtain valid access tokens. This vulnerability does not affect the use of JWT Profile for OAuth 2.0 Client Authentication on the Token and Introspection endpoints, which correctly reject expired keys. This vulnerability is fixed in 2.71.6, 2.70.8, 2.69.9, 2.68.9, 2.67.13, 2.66.16, 2.65.7, 2.64.6, and 2.63.9. | 2025-03-31 | 8.7 | CVE-2025-31123 |
| ZoomIt–ZoomSounds – WordPress Wave Audio Player with Playlist | The ZoomSounds – WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the ‘dzsap_delete_notice’ AJAX action in all versions up to, and including, 6.91. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to ‘seen’ on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. There are several other functions also vulnerable to missing authorization. | 2025-04-05 | 8.1 | CVE-2024-13776 |
Medium Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1902756969–IKUN_Library | A vulnerability has been found in 1902756969/code-projects IKUN_Library 1.0 and classified as problematic. This vulnerability affects the function addInterceptors of the file MvcConfig.java of the component Borrow Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-05 | 4.3 | CVE-2025-3305 |
| 1clickmigration–1 Click WordPress Migration | Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration allows Retrieve Embedded Sensitive Data. This issue affects 1 Click WordPress Migration: from n/a through 2.2. | 2025-04-04 | 5.3 | CVE-2025-32257 |
| 6Storage–6Storage Rentals | Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.18.0. | 2025-04-04 | 5.4 | CVE-2025-32178 |
| ABCdatos–AI Content Creator | Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator allows Cross Site Request Forgery. This issue affects AI Content Creator: from n/a through 1.2.6. | 2025-04-04 | 5.4 | CVE-2025-32247 |
| ablancodev–Woocommerce Role Pricing | Cross-Site Request Forgery (CSRF) vulnerability in ablancodev Woocommerce Role Pricing allows Cross Site Request Forgery. This issue affects Woocommerce Role Pricing: from n/a through 3.5.5. | 2025-04-04 | 4.3 | CVE-2025-32271 |
| acmemediakits–ACME Divi Modules | Missing Authorization vulnerability in acmemediakits ACME Divi Modules allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ACME Divi Modules: from n/a through 1.3.5. | 2025-03-31 | 4.3 | CVE-2025-31540 |
| activecampaign–ActiveCampaign | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in activecampaign ActiveCampaign allows Stored XSS. This issue affects ActiveCampaign: from n/a through 8.1.16. | 2025-04-04 | 5.9 | CVE-2025-32136 |
| adamwillhoeft–AI Content Pipelines: Content Engine + Analytics | The AI Content Pipelines plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-04-05 | 6.4 | CVE-2025-2544 |
| Agency Dominion Inc.–Fusion | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Agency Dominion Inc. Fusion allows DOM-Based XSS. This issue affects Fusion: from n/a through 1.6.3. | 2025-03-31 | 6.5 | CVE-2025-31549 |
| ahmadshyk–Gift Cards for WooCommerce | Missing Authorization vulnerability in ahmadshyk Gift Cards for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gift Cards for WooCommerce: from n/a through 1.5.8. | 2025-04-01 | 4.3 | CVE-2025-31781 |
| aioseo–Broken Link Checker by AIOSEO Easily Fix/Monitor Internal and External links | The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to SQL Injection via the ‘orderBy’ parameter in all versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-04-06 | 6.5 | CVE-2025-1264 |
| Ajay–WebberZone Snippetz | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ajay WebberZone Snippetz allows Stored XSS. This issue affects WebberZone Snippetz: from n/a through 2.1.0. | 2025-04-01 | 6.5 | CVE-2025-31874 |
| aleswebs–AdMail Multilingual Back in-Stock Notifier for WooCommerce | Missing Authorization vulnerability in aleswebs AdMail – Multilingual Back in-Stock Notifier for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AdMail – Multilingual Back in-Stock Notifier for WooCommerce: from n/a through 1.7.0. | 2025-04-04 | 4.3 | CVE-2025-32234 |
| alextselegidis–Easy!Appointments | Cross-Site Request Forgery (CSRF) vulnerability in alextselegidis Easy!Appointments allows Cross Site Request Forgery. This issue affects Easy!Appointments: from n/a through 1.4.2. | 2025-04-01 | 4.3 | CVE-2025-31828 |
| AlThemist–Lafka Plugin | The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ‘lafka_options_upload’ AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the theme option that overrides the site. | 2025-04-05 | 4.3 | CVE-2025-1233 |
| andreyazimov–Sheet2Site | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in andreyazimov Sheet2Site allows Stored XSS. This issue affects Sheet2Site: from n/a through 1.0.18. | 2025-04-01 | 6.5 | CVE-2025-31762 |
| Andy Stratton–Append Content | Missing Authorization vulnerability in Andy Stratton Append Content allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Append Content: from n/a through 2.1.1. | 2025-04-01 | 6.5 | CVE-2025-31780 |
| Animesh Kumar–Advanced Speed Increaser | Cross-Site Request Forgery (CSRF) vulnerability in Animesh Kumar Advanced Speed Increaser. This issue affects Advanced Speed Increaser: from n/a through 2.2.1. | 2025-04-01 | 4.3 | CVE-2025-31753 |
| Anzar Ahmed–Display product variations dropdown on shop page | Missing Authorization vulnerability in Anzar Ahmed Display product variations dropdown on shop page allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Display product variations dropdown on shop page: from n/a through 1.1.3. | 2025-04-04 | 4.3 | CVE-2025-32226 |
| Anzar Ahmed–Ni WooCommerce Cost Of Goods | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods allows Stored XSS. This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8. | 2025-04-04 | 6.5 | CVE-2025-32207 |
| Anzar Ahmed–Ni WooCommerce Cost Of Goods | Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8. | 2025-04-01 | 5.4 | CVE-2025-31826 |
| Apache Software Foundation–Apache Answer | Private Data Structure Returned From A Public Method vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.2. If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the ip address of that accessing user. Users are recommended to upgrade to version 1.4.5, which fixes the issue. In the new version, administrators can set whether external content can be displayed. | 2025-04-01 | 6.5 | CVE-2025-29868 |
| Apache Software Foundation–Apache Camel | Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions. This issue affects Apache Camel: from 4.10.0 before 4.10.3, from 4.8.0 before 4.8.6. Users are recommended to upgrade to version 4.10.3 for 4.10.x LTS and 4.8.6 for 4.8.x LTS. Camel undertow component is vulnerable to Camel message header injection, in particular the custom header filter strategy used by the component only filter the “out” direction, while it doesn’t filter the “in” direction. This allows an attacker to include Camel specific headers that for some Camel components can alter the behaviour such as the camel-bean component, or the camel-exec component. | 2025-04-01 | 6.5 | CVE-2025-30177 |
| Apache Software Foundation–Apache OFBiz | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue. | 2025-04-01 | 6.1 | CVE-2025-30676 |
| Aphotrax–Uptime Robot Plugin for WordPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows DOM-Based XSS. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3. | 2025-03-31 | 6.5 | CVE-2025-31562 |
| Aphotrax–Uptime Robot Plugin for WordPress | Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows Cross Site Request Forgery. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3. | 2025-04-01 | 4.3 | CVE-2025-31776 |
| api-platform–core | API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5. | 2025-04-03 | 5.3 | CVE-2023-47639 |
| apimofficiel–Apimo Connector | Cross-Site Request Forgery (CSRF) vulnerability in apimofficiel Apimo Connector allows Cross Site Request Forgery. This issue affects Apimo Connector: from n/a through 2.6.3.1. | 2025-03-31 | 4.3 | CVE-2025-31602 |
| apple — ipados | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to read arbitrary file metadata. | 2025-03-31 | 5 | CVE-2025-24097 |
| apple — ipados | The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. | 2025-03-31 | 5.5 | CVE-2025-30463 |
| apple — ipados | A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to read sensitive location information. | 2025-03-31 | 5.5 | CVE-2025-30470 |
| apple — ipados | This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data. | 2025-03-31 | 5.5 | CVE-2025-31191 |
| apple — macos | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data. | 2025-03-31 | 6.5 | CVE-2025-24239 |
| apple — macos | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory. | 2025-03-31 | 5.6 | CVE-2025-24157 |
| apple — macos | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system. | 2025-03-31 | 5.5 | CVE-2025-24164 |
| apple — macos | The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system. | 2025-03-31 | 5.5 | CVE-2025-24191 |
| apple — macos | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data. | 2025-03-31 | 5.5 | CVE-2025-24236 |
| apple — macos | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to enumerate devices that have signed into the user’s Apple Account. | 2025-03-31 | 5 | CVE-2025-24248 |
| apple — macos | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs. | 2025-03-31 | 5.5 | CVE-2025-24262 |
| apple — macos | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data. | 2025-03-31 | 5.5 | CVE-2025-24278 |
| apple — macos | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data. | 2025-03-31 | 5.5 | CVE-2025-24280 |
| apple — macos | This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data. | 2025-03-31 | 5.5 | CVE-2025-24281 |
| apple — macos | A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system. | 2025-03-31 | 5.5 | CVE-2025-24282 |
| apple — macos | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs. | 2025-03-31 | 5.5 | CVE-2025-30435 |
| apple — macos | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data. | 2025-03-31 | 5.5 | CVE-2025-30451 |
| apple — macos | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system. | 2025-03-31 | 5.5 | CVE-2025-31187 |
| apple — macos | A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data. | 2025-03-31 | 4.7 | CVE-2025-24240 |
| apple — macos | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app with root privileges may be able to access private information. | 2025-03-31 | 4.4 | CVE-2025-24242 |
| apple — safari | The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a malicious website may lead to address bar spoofing. | 2025-03-31 | 4.3 | CVE-2025-30467 |
| apple — xcode | The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information. | 2025-03-31 | 5.5 | CVE-2025-24226 |
| apple — xcode | This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arbitrary files. | 2025-03-31 | 5.5 | CVE-2025-30441 |
| Apple–iOS and iPadOS | A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a website may leak sensitive data. | 2025-03-31 | 6.5 | CVE-2025-24192 |
| Apple–iOS and iPadOS | This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access may be able to use Siri to access sensitive user data. | 2025-03-31 | 6.6 | CVE-2025-24198 |
| Apple–iOS and iPadOS | A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack. | 2025-03-31 | 6.1 | CVE-2025-24208 |
| Apple–iOS and iPadOS | The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent. | 2025-03-31 | 6.7 | CVE-2025-31192 |
| Apple–iOS and iPadOS | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. | 2025-03-31 | 5.5 | CVE-2025-24202 |
| Apple–iOS and iPadOS | An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data. | 2025-03-31 | 5.5 | CVE-2025-24205 |
| Apple–iOS and iPadOS | A logging issue was addressed with improved data redaction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. | 2025-03-31 | 5.5 | CVE-2025-24283 |
| Apple–iOS and iPadOS | This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Photos in the Hidden Photos Album may be viewed without authentication. | 2025-03-31 | 5.4 | CVE-2025-30428 |
| Apple–iOS and iPadOS | The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.4 and iPadOS 18.4. Processing a maliciously crafted file may lead to a cross site scripting attack. | 2025-03-31 | 5 | CVE-2025-30434 |
| Apple–iOS and iPadOS | The issue was addressed with improved checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An attacker with physical access to a locked device may be able to view sensitive user information. | 2025-03-31 | 4.6 | CVE-2025-30439 |
| Apple–iPadOS | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system. | 2025-03-31 | 5 | CVE-2025-24203 |
| Apple–iPadOS | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access private information. | 2025-03-31 | 5.5 | CVE-2025-24215 |
| Apple–macOS | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system. | 2025-03-31 | 6.8 | CVE-2025-24272 |
| Apple–macOS | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app with root privileges may be able to modify the contents of system files. | 2025-03-31 | 6.5 | CVE-2025-30446 |
| Apple–macOS | An uncontrolled format string issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause a denial-of-service. | 2025-03-31 | 5.5 | CVE-2025-24199 |
| Apple–macOS | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. An app may be able to access information about a user’s contacts. | 2025-03-31 | 5.5 | CVE-2025-24218 |
| Apple–macOS | A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption. | 2025-03-31 | 5.5 | CVE-2025-24235 |
| Apple–macOS | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system. | 2025-03-31 | 5.5 | CVE-2025-24261 |
| Apple–macOS | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access private information. | 2025-03-31 | 5.5 | CVE-2025-24276 |
| Apple–macOS | A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data. | 2025-03-31 | 5.5 | CVE-2025-30443 |
| Apple–macOS | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data. | 2025-03-31 | 5.5 | CVE-2025-30450 |
| Apple–macOS | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access private information. | 2025-03-31 | 5.5 | CVE-2025-30455 |
| Apple–macOS | This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access contacts. | 2025-03-31 | 4.3 | CVE-2025-24279 |
| Apple–tvOS | A logic issue was addressed with improved checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may result in the disclosure of process memory. | 2025-03-31 | 6.5 | CVE-2025-24194 |
| Apple–tvOS | This issue was addressed with improved checks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox. | 2025-03-31 | 6.3 | CVE-2025-24212 |
| Apple–tvOS | A path handling issue was addressed with improved validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox. | 2025-03-31 | 6.3 | CVE-2025-30429 |
| Apple–tvOS | A logic issue was addressed with improved state management. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sonoma 14.7.5. A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures. | 2025-03-31 | 6.4 | CVE-2025-30432 |
| Apple–tvOS | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing a maliciously crafted font may result in the disclosure of process memory. | 2025-03-31 | 5.5 | CVE-2025-24182 |
| Apple–tvOS | A logic error was addressed with improved error handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Parsing an image may lead to disclosure of user information. | 2025-03-31 | 5.5 | CVE-2025-24210 |
| Apple–tvOS | A privacy issue was addressed by not logging contents of text fields. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. | 2025-03-31 | 5.5 | CVE-2025-24214 |
| Apple–tvOS | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. | 2025-03-31 | 5.5 | CVE-2025-24217 |
| Apple–tvOS | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted font may result in the disclosure of process memory. | 2025-03-31 | 5.5 | CVE-2025-24244 |
| Apple–tvOS | This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started. | 2025-03-31 | 5.5 | CVE-2025-30438 |
| Apple–tvOS | The issue was resolved by sanitizing logging This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data. | 2025-03-31 | 5.5 | CVE-2025-30447 |
| Apple–tvOS | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. A malicious app may be able to access private information. | 2025-03-31 | 5.5 | CVE-2025-30454 |
| Apple–tvOS | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. | 2025-03-31 | 4.3 | CVE-2025-24216 |
| Apple–tvOS | This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode. | 2025-03-31 | 4.3 | CVE-2025-30425 |
| Apple–tvOS | A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. | 2025-03-31 | 4.3 | CVE-2025-30427 |
| appointify–Appointify | Unrestricted Upload of File with Dangerous Type vulnerability in appointify Appointify allows Upload a Web Shell to a Web Server. This issue affects Appointify: from n/a through 1.0.8. | 2025-03-31 | 6.6 | CVE-2025-31577 |
| appointy–Appointy Appointment Scheduler | Cross-Site Request Forgery (CSRF) vulnerability in appointy Appointy Appointment Scheduler allows Cross Site Request Forgery. This issue affects Appointy Appointment Scheduler: from n/a through 4.2.1. | 2025-03-31 | 6.5 | CVE-2025-31601 |
| Arni Cinco–Subscription Form for Feedblitz | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Arni Cinco Subscription Form for Feedblitz allows Stored XSS. This issue affects Subscription Form for Feedblitz: from n/a through 1.0.9. | 2025-04-01 | 6.5 | CVE-2025-31745 |
| Arni Cinco–WPCargo Track & Trace | Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPCargo Track & Trace: from n/a through 7.0.6. | 2025-03-31 | 4.3 | CVE-2025-31609 |
| Arrow Plugins–Arrow Custom Feed for Twitter | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Arrow Plugins Arrow Custom Feed for Twitter allows Stored XSS. This issue affects Arrow Custom Feed for Twitter: from n/a through 1.5.3. | 2025-04-01 | 6.5 | CVE-2025-31897 |
| Ashish Ajani–WP Church Donation | Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Church Donation allows Cross Site Request Forgery.This issue affects WP Church Donation: from n/a through 1.7. | 2025-03-31 | 4.3 | CVE-2025-31410 |
| Ashish Ajani–WP Simple HTML Sitemap | Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Simple HTML Sitemap: from n/a through 3.2. | 2025-04-01 | 5.3 | CVE-2025-31822 |
| Astoundify–WP Modal Popup with Cookie Integration | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Astoundify WP Modal Popup with Cookie Integration allows Stored XSS. This issue affects WP Modal Popup with Cookie Integration: from n/a through 2.4. | 2025-04-01 | 5.9 | CVE-2025-31772 |
| Ateeq Rafeeq–RepairBuddy | Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 3.8211. | 2025-04-04 | 4.3 | CVE-2025-32277 |
| aThemeArt–News, Magazine and Blog Elements | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in aThemeArt News, Magazine and Blog Elements allows Stored XSS. This issue affects News, Magazine and Blog Elements: from n/a through 1.3. | 2025-04-01 | 6.5 | CVE-2025-31740 |
| AWS–AWS Serverless Application Model Command Line Interface | When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container. Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes. | 2025-03-31 | 6.5 | CVE-2025-3047 |
| AWS–AWS Serverless Application Model Command Line Interface | After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outside of the Docker container would now have access via the local workspace. Users should upgrade to version 1.134.0 and ensure any forked or derivative code is patched to incorporate the new fixes. After upgrading, users must re-build their applications using the sam build –use-container to update the symlinks. | 2025-03-31 | 6.5 | CVE-2025-3048 |
| axew3–WP w3all phpBB | Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB allows Cross Site Request Forgery. This issue affects WP w3all phpBB: from n/a through 2.9.2. | 2025-04-04 | 4.3 | CVE-2025-32274 |
| Ays Pro–Secure Copy Content Protection and Content Locking | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.5.1. | 2025-04-04 | 5.9 | CVE-2025-32133 |
| bdthemes–Ultimate Store Kit Elementor Addons | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Stored XSS. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0. | 2025-04-04 | 6.5 | CVE-2025-32184 |
| BeastThemes–Clockinator Lite | Missing Authorization vulnerability in BeastThemes Clockinator Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clockinator Lite: from n/a through 1.0.7. | 2025-04-01 | 5.3 | CVE-2025-31777 |
| Beee–ACF City Selector | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector allows Retrieve Embedded Sensitive Data. This issue affects ACF City Selector: from n/a through 1.16.0. | 2025-04-01 | 5.3 | CVE-2025-31832 |
| BeRocket–Sequential Order Numbers for WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in BeRocket Sequential Order Numbers for WooCommerce allows Cross Site Request Forgery. This issue affects Sequential Order Numbers for WooCommerce: from n/a through 3.6.2. | 2025-04-04 | 4.3 | CVE-2025-32263 |
| Best WP Developer–BWD Elementor Addons | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Best WP Developer BWD Elementor Addons allows DOM-Based XSS. This issue affects BWD Elementor Addons: from n/a through 4.3.20. | 2025-04-04 | 6.5 | CVE-2025-32189 |
| bigboomdesign–Big Boom Directory | The Big Boom Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘bbd-search’ shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-03 | 6.4 | CVE-2024-13673 |
| BinaryCarpenter–Free Woocommerce Product Table View | Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Free Woocommerce Product Table View: from n/a through 1.78. | 2025-04-03 | 6.5 | CVE-2025-31758 |
| BinaryCarpenter–Free Woocommerce Product Table View | Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Free Woocommerce Product Table View: from n/a through 1.78. | 2025-04-01 | 5.4 | CVE-2025-31757 |
| Binsaifullah–Posten | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Binsaifullah Posten allows DOM-Based XSS. This issue affects Posten: from n/a through 0.0.1. | 2025-04-01 | 6.5 | CVE-2025-31790 |
| blackandwhitedigital–WP Genealogy Your Family History Website | Missing Authorization vulnerability in blackandwhitedigital WP Genealogy – Your Family History Website allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Genealogy – Your Family History Website: from n/a through 0.1.9. | 2025-04-04 | 5.3 | CVE-2025-32252 |
| blazethemes–News Kit Elementor Addons | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in blazethemes News Kit Elementor Addons allows Stored XSS. This issue affects News Kit Elementor Addons: from n/a through 1.3.1. | 2025-04-04 | 6.5 | CVE-2025-32196 |
| Blocksera–Cryptocurrency Widgets Pack | Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cryptocurrency Widgets Pack: from n/a through 2.0.1. | 2025-03-31 | 6.5 | CVE-2025-31539 |
| bobcares_plugins–Gift Certificate Creator | The Gift Certificate Creator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘receip_address’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-04-02 | 6.1 | CVE-2025-2483 |
| BoldGrid–Sprout Clients | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldGrid Sprout Clients allows Stored XSS. This issue affects Sprout Clients: from n/a through 3.2. | 2025-04-01 | 6.5 | CVE-2025-31797 |
| Bookingor–Bookingor | Missing Authorization vulnerability in Bookingor Bookingor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bookingor: from n/a through 1.0.6. | 2025-04-04 | 4.3 | CVE-2025-32231 |
| BooSpot–Boo Recipes | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BooSpot Boo Recipes allows Stored XSS. This issue affects Boo Recipes: from n/a through 2.4.1. | 2025-04-01 | 6.5 | CVE-2025-31759 |
| Boot Div–WP Sitemap | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Boot Div WP Sitemap allows Stored XSS. This issue affects WP Sitemap: from n/a through 1.0.0. | 2025-04-01 | 6.5 | CVE-2025-31733 |
| Bowo–Variable Inspector | Missing Authorization vulnerability in Bowo Variable Inspector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Variable Inspector: from n/a through 2.6.3. | 2025-04-04 | 4.3 | CVE-2025-32229 |
| bPlugins–B Blocks – The ultimate block collection | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bPlugins B Blocks – The ultimate block collection allows Stored XSS. This issue affects B Blocks – The ultimate block collection: from n/a through 2.0.0. | 2025-04-04 | 6.5 | CVE-2025-32173 |
| Brady Vercher–Cue | Missing Authorization vulnerability in Brady Vercher Cue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cue: from n/a through 2.4.4. | 2025-04-01 | 4.3 | CVE-2025-31787 |
| brainvireinfo–Export All Post Meta | Missing Authorization vulnerability in brainvireinfo Export All Post Meta allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export All Post Meta: from n/a through 1.2.1. | 2025-04-01 | 4.3 | CVE-2025-31856 |
| Brice Capobianco–WP Plugin Info Card | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brice Capobianco WP Plugin Info Card allows DOM-Based XSS. This issue affects WP Plugin Info Card: from n/a through 5.2.5. | 2025-04-01 | 6.5 | CVE-2025-31835 |
| Broadstreet–Broadstreet | Cross-Site Request Forgery (CSRF) vulnerability in Broadstreet Broadstreet allows Cross Site Request Forgery. This issue affects Broadstreet: from n/a through 1.51.1. | 2025-04-04 | 4.3 | CVE-2025-32270 |
| C. Johnson–Footnotes for WordPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in C. Johnson Footnotes for WordPress allows Stored XSS. This issue affects Footnotes for WordPress: from n/a through 2016.1230. | 2025-04-01 | 6.5 | CVE-2025-31735 |
| Cal.com–Cal.com | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Cal.com Cal.com allows Stored XSS. This issue affects Cal.com: from n/a through 1.0.0. | 2025-03-31 | 6.5 | CVE-2025-31604 |
| carperfer–CoverManager | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in carperfer CoverManager allows Stored XSS. This issue affects CoverManager: from n/a through 0.0.1. | 2025-03-31 | 6.5 | CVE-2025-31620 |
| CartBoss–SMS Abandoned Cart Recovery CartBoss | Missing Authorization vulnerability in CartBoss SMS Abandoned Cart Recovery ✦ CartBoss allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMS Abandoned Cart Recovery ✦ CartBoss: from n/a through 4.1.2. | 2025-04-01 | 4.3 | CVE-2025-31865 |
| Caspio Bridge–Custom Database Applications by Caspio | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Caspio Bridge Custom Database Applications by Caspio allows DOM-Based XSS. This issue affects Custom Database Applications by Caspio: from n/a through 2.1. | 2025-03-31 | 6.5 | CVE-2025-31559 |
| cedcommerce–Ship Per Product | Missing Authorization vulnerability in cedcommerce Ship Per Product allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ship Per Product: from n/a through 2.1.0. | 2025-04-01 | 5.3 | CVE-2025-31773 |
| ChainMaker–chainmaker-go | In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node’s configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a panic. | 2025-04-06 | 4 | CVE-2024-58132 |
| ChainMaker–chainmaker-go | In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node’s configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Creating other logs simultaneously can lead to a read-write conflict and panic. | 2025-04-06 | 4 | CVE-2024-58133 |
| Chatwee–Chat by Chatwee | Missing Authorization vulnerability in Chatwee Chat by Chatwee allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Chat by Chatwee: from n/a through 2.1.3. | 2025-03-31 | 4.3 | CVE-2025-31596 |
| checklistcom–Checklist | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in checklistcom Checklist allows Stored XSS. This issue affects Checklist: from n/a through 1.1.9. | 2025-03-31 | 6.5 | CVE-2025-31538 |
| cheesefather–Botnet Attack Blocker | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in cheesefather Botnet Attack Blocker allows Stored XSS. This issue affects Botnet Attack Blocker: from n/a through 2.0.0. | 2025-04-03 | 6.5 | CVE-2025-31893 |
| Cisco–Cisco Prime Infrastructure | A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2025-04-02 | 6.1 | CVE-2025-20120 |
| Cisco–Cisco Prime Infrastructure | A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. {{value}} [“%7b%7bvalue%7d%7d”])}]] | 2025-04-02 | 4.8 | CVE-2025-20203 |
| Clearbit–Clearbit Reveal | Cross-Site Request Forgery (CSRF) vulnerability in Clearbit Clearbit Reveal allows Cross Site Request Forgery. This issue affects Clearbit Reveal: from n/a through 1.0.6. | 2025-04-01 | 5.4 | CVE-2025-31785 |
| CleverReach–Official CleverReach Plugin for WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in CleverReach® Official CleverReach Plugin for WooCommerce allows Cross Site Request Forgery. This issue affects Official CleverReach Plugin for WooCommerce: from n/a through 3.4.3. | 2025-04-04 | 6.5 | CVE-2025-32241 |
| CloudRedux–Product Notices for WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in CloudRedux Product Notices for WooCommerce allows Cross Site Request Forgery. This issue affects Product Notices for WooCommerce: from n/a through 1.3.3. | 2025-04-01 | 4.3 | CVE-2025-31807 |
| code-projects–Bus Reservation System | A vulnerability was found in code-projects Bus Reservation System 1.0 and classified as critical. Affected by this issue is the function Login of the component Login Form. The manipulation of the argument Str1 leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 5.3 | CVE-2025-3139 |
| code-projects–College Management System | A vulnerability, which was classified as critical, was found in code-projects College Management System 1.0. This affects an unknown part of the file /Admin/student.php. The manipulation of the argument profile_image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 6.3 | CVE-2025-2973 |
| code-projects–Hospital Management System | A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3206 |
| code-projects–Patient Record Management System | A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /birthing_form.php. The manipulation of the argument birth_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3207 |
| code-projects–Patient Record Management System | A vulnerability was found in code-projects Patient Record Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /xray_print.php. The manipulation of the argument itr_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3208 |
| code-projects–Patient Record Management System | A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add_patient.php. The manipulation of the argument itr_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3209 |
| code-projects–Patient Record Management System | A vulnerability was found in code-projects Patient Record Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /birthing_pending.php. The manipulation of the argument birth_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3210 |
| code-projects–Patient Record Management System | A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /birthing_print.php. The manipulation of the argument itr_no leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3211 |
| code-projects–Patient Record Management System | A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3243 |
| code-projects–Patient Record Management System | A vulnerability, which was classified as critical, has been found in code-projects Patient Record Management System 1.0. Affected by this issue is some unknown functionality of the file /birthing_record.php. The manipulation of the argument itr_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-05 | 6.3 | CVE-2025-3303 |
| code-projects–Patient Record Management System | A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /dental_not.php. The manipulation of the argument itr_no leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-05 | 6.3 | CVE-2025-3304 |
| code-projects–Payroll Management System | A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /delete.php. The manipulation of the argument emp_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 6.3 | CVE-2025-2984 |
| code-projects–Payroll Management System | A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. This affects an unknown part of the file update_account.php. The manipulation of the argument deduction leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-03-31 | 6.3 | CVE-2025-2985 |
| code-projects–Payroll Management System | A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_account.php. The manipulation of the argument salary_rate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 6.3 | CVE-2025-3038 |
| code-projects–Payroll Management System | A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add_employee.php. The manipulation of the argument lname/fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-03-31 | 6.3 | CVE-2025-3039 |
| code-projects–Payroll Management System | A vulnerability classified as critical has been found in code-projects Payroll Management System 1.0. This affects an unknown part of the file /add_overtime.php. The manipulation of the argument rate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 6.3 | CVE-2025-3134 |
| code-projects–Product Management System | A vulnerability classified as critical was found in code-projects Product Management System 1.0. This vulnerability affects the function search_item of the component Search Product Menu. The manipulation of the argument target leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 5.3 | CVE-2025-3166 |
| CodeAstro–Car Rental System | A vulnerability, which was classified as critical, has been found in CodeAstro Car Rental System 1.0. Affected by this issue is some unknown functionality of the file /returncar.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3204 |
| CodeAstro–Student Grading System | A vulnerability, which was classified as critical, was found in CodeAstro Student Grading System 1.0. This affects an unknown part of the file studentsubject.php. The manipulation of the argument studentId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3205 |
| CodeYatri–Gutenify | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodeYatri Gutenify allows Stored XSS. This issue affects Gutenify: from n/a through 1.4.9. | 2025-04-04 | 6.5 | CVE-2025-32168 |
| ComMotion–Course Booking System | Missing Authorization vulnerability in ComMotion Course Booking System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Course Booking System: from n/a through 6.0.5. | 2025-04-04 | 5.3 | CVE-2025-32253 |
| contempoinc–Contempo Real Estate Core | The Contempo Real Estate Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-01 | 6.4 | CVE-2025-2906 |
| ContentBot.ai–ContentBot AI Writer | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ContentBot.ai ContentBot AI Writer allows Stored XSS. This issue affects ContentBot AI Writer: from n/a through 1.2.4. | 2025-04-01 | 6.5 | CVE-2025-31818 |
| ContentMX–ContentMX Content Publisher | Missing Authorization vulnerability in ContentMX ContentMX Content Publisher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ContentMX Content Publisher: from n/a through 1.0.6. | 2025-03-31 | 5.4 | CVE-2025-31555 |
| crazycric–Ultimate Live Cricket WordPress Lite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in crazycric Ultimate Live Cricket WordPress Lite allows Stored XSS. This issue affects Ultimate Live Cricket WordPress Lite: from n/a through 1.4.2. | 2025-03-31 | 6.5 | CVE-2025-31597 |
| CreativeMindsSolutions–CM Header and Footer | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CreativeMindsSolutions CM Header and Footer allows Stored XSS. This issue affects CM Header and Footer: from n/a through 1.2.4. | 2025-04-03 | 6.5 | CVE-2025-31091 |
| Cristin Lvaque–s2Member | Relative Path Traversal vulnerability in Cristián Lávaque s2Member allows Path Traversal. This issue affects s2Member: from n/a through 250214. | 2025-04-04 | 4.9 | CVE-2025-32137 |
| CRM Perks–WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Cross Site Request Forgery. This issue affects WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through 1.1.3. | 2025-04-04 | 4.3 | CVE-2025-32269 |
| Crocoblock–JetSmartFilters | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Crocoblock JetSmartFilters allows DOM-Based XSS.This issue affects JetSmartFilters: from n/a through 3.6.3. | 2025-03-31 | 6.5 | CVE-2025-30963 |
| Daniel Floeter–Hyperlink Group Block | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Daniel Floeter Hyperlink Group Block allows DOM-Based XSS. This issue affects Hyperlink Group Block: from n/a through 2.0.1. | 2025-04-01 | 6.5 | CVE-2025-31885 |
| Data443 Risk Migitation, Inc.–Posts Footer Manager | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Data443 Risk Migitation, Inc. Posts Footer Manager allows Stored XSS. This issue affects Posts Footer Manager: from n/a through 2.2.0. | 2025-04-04 | 5.9 | CVE-2025-32130 |
| Data443 Risk Migitation, Inc.–Welcome Bar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Data443 Risk Migitation, Inc. Welcome Bar allows Stored XSS. This issue affects Welcome Bar: from n/a through 2.0.4. | 2025-04-04 | 5.9 | CVE-2025-32129 |
| David Lingren–Media Library Assistant | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in David Lingren Media Library Assistant allows Stored XSS. This issue affects Media Library Assistant: from n/a through 3.24. | 2025-03-31 | 5.9 | CVE-2025-31627 |
| davidpaulsson–byBrick Accordion | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in davidpaulsson byBrick Accordion allows Stored XSS. This issue affects byBrick Accordion: from n/a through 1.0. | 2025-03-31 | 6.5 | CVE-2025-31621 |
| dbejean–Advanced Search by My Solr Server | The Advanced Search by My Solr Server plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the ‘MySolrServerSettings’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-04-02 | 6.1 | CVE-2025-3099 |
| DEJAN–Hypotext | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DEJAN Hypotext allows Stored XSS. This issue affects Hypotext: from n/a through 1.0.1. | 2025-04-01 | 6.5 | CVE-2025-31761 |
| Dell–Wyse Management Suite Repository | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution | 2025-04-02 | 4.7 | CVE-2025-27692 |
| Dell–Wyse Management Suite | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | 2025-04-02 | 6.8 | CVE-2025-29982 |
| Dell–Wyse Management Suite | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | 2025-04-02 | 5.3 | CVE-2025-27694 |
| Dell–Wyse Management Suite | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | 2025-04-02 | 4.9 | CVE-2025-27693 |
| Denra.com–WP Date and Time Shortcode | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Denra.com WP Date and Time Shortcode allows Stored XSS. This issue affects WP Date and Time Shortcode: from n/a through 2.6.7. | 2025-03-31 | 6.5 | CVE-2025-31590 |
| designinvento–DirectoryPress | Cross-Site Request Forgery (CSRF) vulnerability in designinvento DirectoryPress allows Cross Site Request Forgery. This issue affects DirectoryPress: from n/a through 3.6.19. | 2025-04-04 | 5.4 | CVE-2025-32249 |
| designnbuy–DesignO | Cross-Site Request Forgery (CSRF) vulnerability in designnbuy DesignO allows Cross Site Request Forgery. This issue affects DesignO: from n/a through 2.2.0. | 2025-03-31 | 4.3 | CVE-2025-31600 |
| devscred–Design Blocks | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in devscred Design Blocks allows Stored XSS. This issue affects Design Blocks: from n/a through 1.2.2. | 2025-04-01 | 6.5 | CVE-2025-31815 |
| devscred–ShopCred | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in devscred ShopCred allows DOM-Based XSS. This issue affects ShopCred: from n/a through 1.2.8. | 2025-04-01 | 6.5 | CVE-2025-31829 |
| devsoftbaltic–SurveyJS | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in devsoftbaltic SurveyJS allows Stored XSS. This issue affects SurveyJS: from n/a through 1.12.20. | 2025-04-04 | 6.5 | CVE-2025-32167 |
| devsoftbaltic–SurveyJS | Missing Authorization vulnerability in devsoftbaltic SurveyJS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SurveyJS: from n/a through 1.12.20. | 2025-04-04 | 5.3 | CVE-2025-32256 |
| digireturn–DN Footer Contacts | Cross-Site Request Forgery (CSRF) vulnerability in digireturn DN Footer Contacts allows Cross Site Request Forgery. This issue affects DN Footer Contacts: from n/a through 1.8. | 2025-04-01 | 4.3 | CVE-2025-31839 |
| digireturn–Simple Fixed Notice | Cross-Site Request Forgery (CSRF) vulnerability in digireturn Simple Fixed Notice allows Cross Site Request Forgery. This issue affects Simple Fixed Notice: from n/a through 1.6. | 2025-04-01 | 4.3 | CVE-2025-31840 |
| DigitalCourt–Marketer Addons | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DigitalCourt Marketer Addons allows Stored XSS. This issue affects Marketer Addons: from n/a through 1.0.1. | 2025-04-01 | 6.5 | CVE-2025-31730 |
| Dimitri Grassi–Salon booking system | Missing Authorization vulnerability in Dimitri Grassi Salon booking system allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Salon booking system: from n/a through 10.10.7. | 2025-04-04 | 5.4 | CVE-2025-32220 |
| djangoproject–Django | An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. | 2025-04-02 | 5.8 | CVE-2025-27556 |
| Dmitry V. (CEO of “UKR Solution”)–Barcode Generator for WooCommerce | Missing Authorization vulnerability in Dmitry V. (CEO of “UKR Solution”) Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4. | 2025-04-01 | 5.4 | CVE-2025-31879 |
| Dmitry V. (CEO of “UKR Solution”)–UPC/EAN/GTIN Code Generator | Missing Authorization vulnerability in Dmitry V. (CEO of “UKR Solution”) UPC/EAN/GTIN Code Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2. | 2025-04-01 | 5.4 | CVE-2025-31878 |
| DobsonDev–DobsonDev Shortcodes | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DobsonDev DobsonDev Shortcodes allows Stored XSS. This issue affects DobsonDev Shortcodes: from n/a through 2.1.12. | 2025-04-01 | 6.5 | CVE-2025-31754 |
| docxpresso–Docxpresso | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in docxpresso Docxpresso allows Absolute Path Traversal. This issue affects Docxpresso: from n/a through 2.6. | 2025-04-03 | 5.9 | CVE-2025-31554 |
| doit–Breaking News WP | Cross-Site Request Forgery (CSRF) vulnerability in doit Breaking News WP allows Cross Site Request Forgery. This issue affects Breaking News WP: from n/a through 1.3. | 2025-04-01 | 6.5 | CVE-2025-31751 |
| doit–Breaking News WP | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in doit Breaking News WP allows Stored XSS. This issue affects Breaking News WP: from n/a through 1.3. | 2025-04-01 | 5.9 | CVE-2025-31750 |
| DraftPress Team–Follow Us Badges | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DraftPress Team Follow Us Badges allows Stored XSS. This issue affects Follow Us Badges: from n/a through 3.1.11. | 2025-04-01 | 6.5 | CVE-2025-31804 |
| Drupal–AI (Artificial Intelligence) | Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5. | 2025-03-31 | 6.6 | CVE-2025-31693 |
| Drupal–Drupal Admin LTE theme | Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*. | 2025-03-31 | 6.6 | CVE-2025-3062 |
| Drupal–Drupal core | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. | 2025-03-31 | 6.1 | CVE-2025-3057 |
| Drupal–Material Admin | Vulnerability in Drupal Material Admin.This issue affects Material Admin: *.*. | 2025-03-31 | 6.6 | CVE-2025-3061 |
| Drupal–Obfuscate | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Obfuscate allows Stored XSS.This issue affects Obfuscate: from 0.0.0 before 2.0.1. | 2025-04-02 | 5.4 | CVE-2025-3130 |
| dxladner–Client Showcase | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in dxladner Client Showcase allows Stored XSS. This issue affects Client Showcase: from n/a through 1.2.0. | 2025-04-01 | 6.5 | CVE-2025-31737 |
| Ecwid by Lightspeed Ecommerce Shopping Cart–Ecwid Shopping Cart | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart allows Stored XSS. This issue affects Ecwid Shopping Cart: from n/a through 7.0. | 2025-04-04 | 6.5 | CVE-2025-32195 |
| element-hq–element-x-android | Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.4. | 2025-04-03 | 5.3 | CVE-2025-31127 |
| element-hq–element-x-ios | Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.8. | 2025-04-03 | 5.3 | CVE-2025-31126 |
| ELEXtensions–ELEX WooCommerce Request a Quote | Subscriber Broken Access Control in ELEX WooCommerce Request a Quote <= 2.3.3 versions. | 2025-03-31 | 4.3 | CVE-2025-31406 |
| elfsight–Elfsight Testimonials Slider | Missing Authorization vulnerability in elfsight Elfsight Testimonials Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elfsight Testimonials Slider: from n/a through 1.0.1. | 2025-03-31 | 5.4 | CVE-2025-31584 |
| elfsight–Elfsight Testimonials Slider | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in elfsight Elfsight Testimonials Slider allows Stored XSS. This issue affects Elfsight Testimonials Slider: from n/a through 1.0.1. | 2025-03-31 | 5.9 | CVE-2025-31587 |
| elfsight–Elfsight Testimonials Slider | Cross-Site Request Forgery (CSRF) vulnerability in elfsight Elfsight Testimonials Slider allows Cross Site Request Forgery. This issue affects Elfsight Testimonials Slider: from n/a through 1.0.1. | 2025-03-31 | 5.4 | CVE-2025-31588 |
| elunez–eladmin | A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some unknown functionality of the file /api/database/testConnect of the component Maintenance Management Module. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 4.3 | CVE-2025-3250 |
| Enalean–tuleap | Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tuleap Enterprise Edition 16.5-6 and 16.4-10. | 2025-03-31 | 5.3 | CVE-2025-30209 |
| Enalean–tuleap | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap has missing CSRF protections on artifact submission & edition from the tracker view. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. The vulnerability is fixed in Tuleap Community Edition 16.5.99.1741784483 and Tuleap Enterprise Edition 16.5-3 and 16.4-8. | 2025-03-31 | 4.6 | CVE-2025-29766 |
| Enalean–tuleap | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742306712 and Tuleap Enterprise Edition 16.5-5 and 16.4-8. | 2025-03-31 | 4.6 | CVE-2025-29929 |
| Enalean–tuleap | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8. | 2025-03-31 | 4.3 | CVE-2025-30155 |
| Enalean–tuleap | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force victims to execute uncontrolled code. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742562878 and Tuleap Enterprise Edition 16.5-5 and 16.4-8. | 2025-03-31 | 4.8 | CVE-2025-30203 |
| Eniture Technology–Pallet Packaging for WooCommerce | Missing Authorization vulnerability in Eniture Technology Pallet Packaging for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through 1.1.15. | 2025-04-04 | 6.5 | CVE-2025-22285 |
| enituretechnology–Residential Address Detection | Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Residential Address Detection: from n/a through 2.5.4. | 2025-04-03 | 6.5 | CVE-2025-30916 |
| enituretechnology–Small Package Quotes Worldwide Express Edition | Missing Authorization vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.19. | 2025-04-03 | 6.5 | CVE-2025-30915 |
| ERA404–StaffList | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList allows Retrieve Embedded Sensitive Data. This issue affects StaffList: from n/a through 3.2.6. | 2025-04-04 | 5.3 | CVE-2025-32255 |
| ERA404–StaffList | Missing Authorization vulnerability in ERA404 StaffList allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects StaffList: from n/a through 3.2.6. | 2025-04-04 | 4.3 | CVE-2025-32232 |
| Erez Hadas-Sonnenschein–Smartarget Popup | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Erez Hadas-Sonnenschein Smartarget Popup allows Stored XSS. This issue affects Smartarget Popup: from n/a through 1.4. | 2025-04-01 | 5.9 | CVE-2025-31853 |
| ESAFENET–CDG | A vulnerability, which was classified as critical, was found in ESAFENET CDG 3. Affected is an unknown function of the file /CDGServer3/UserAjax. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-31 | 6.3 | CVE-2025-3003 |
| eventbee–Eventbee RSVP Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in eventbee Eventbee RSVP Widget allows DOM-Based XSS. This issue affects Eventbee RSVP Widget: from n/a through 1.0. | 2025-04-01 | 6.5 | CVE-2025-31838 |
| EXEIdeas International–WP AutoKeyword | Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0. | 2025-04-01 | 5.4 | CVE-2025-31870 |
| ExpressTech Systems–Gutena Kit Gutenberg Blocks and Templates | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ExpressTech Systems Gutena Kit – Gutenberg Blocks and Templates allows Stored XSS. This issue affects Gutena Kit – Gutenberg Blocks and Templates: from n/a through 2.0.7. | 2025-04-01 | 6.5 | CVE-2025-31805 |
| Extend Themes–Colibri Page Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Extend Themes Colibri Page Builder allows Stored XSS. This issue affects Colibri Page Builder: from n/a through 1.0.319. | 2025-04-04 | 6.5 | CVE-2025-32185 |
| Fahad Mahmood–WP Docs | Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Docs: from n/a through n/a. | 2025-03-31 | 4.3 | CVE-2025-31417 |
| Fast Simon–Search, Filters & Merchandising for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Fast Simon Search, Filters & Merchandising for WooCommerce allows Stored XSS. This issue affects Search, Filters & Merchandising for WooCommerce: from n/a through 3.0.57. | 2025-04-04 | 6.5 | CVE-2025-32181 |
| fbtemplates–Nemesis All-in-One | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in fbtemplates Nemesis All-in-One allows Stored XSS. This issue affects Nemesis All-in-One: from n/a through 1.1.0. | 2025-04-01 | 6.5 | CVE-2025-31849 |
| fcba_zzm–ics-park Smart Park Management System | A vulnerability classified as critical was found in fcba_zzm ics-park Smart Park Management System 2.1. This vulnerability affects unknown code of the file /api/system/dept/update. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 6.3 | CVE-2025-3135 |
| Feedbucket–Feedbucket Website Feedback Tool | Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket – Website Feedback Tool allows Cross Site Request Forgery. This issue affects Feedbucket – Website Feedback Tool: from n/a through 1.0.6. | 2025-04-01 | 5.4 | CVE-2025-31859 |
| Filtr8–Easy Magazine | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Filtr8 Easy Magazine allows DOM-Based XSS. This issue affects Easy Magazine: from n/a through 2.1.13. | 2025-04-01 | 6.5 | CVE-2025-31741 |
| FISCO-BCOS–FISCO-BCOS | FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network. | 2025-04-06 | 4 | CVE-2024-58131 |
| flomei–Simple-Audioplayer | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in flomei Simple-Audioplayer allows Stored XSS. This issue affects Simple-Audioplayer: from n/a through 1.1. | 2025-03-31 | 6.5 | CVE-2025-31607 |
| formsintegrations–Integration of Zoho CRM and Contact Form 7 | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in formsintegrations Integration of Zoho CRM and Contact Form 7 allows Phishing. This issue affects Integration of Zoho CRM and Contact Form 7: from n/a through 1.0.6. | 2025-04-01 | 4.7 | CVE-2025-31821 |
| Fortinet–FortiNDR | A buffer copy without checking size of input (‘classic buffer overflow’) in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. | 2025-03-31 | 4.7 | CVE-2023-33302 |
| Frank P. Walentynowicz–FPW Category Thumbnails | Missing Authorization vulnerability in Frank P. Walentynowicz FPW Category Thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FPW Category Thumbnails: from n/a through 1.9.5. | 2025-04-03 | 6.3 | CVE-2025-31841 |
| freedesktop–Poppler | A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. | 2025-04-05 | 4 | CVE-2025-32364 |
| freedesktop–Poppler | Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. | 2025-04-05 | 4 | CVE-2025-32365 |
| freetobook–Freetobook Responsive Widget | Cross-Site Request Forgery (CSRF) vulnerability in freetobook Freetobook Responsive Widget allows Cross Site Request Forgery. This issue affects Freetobook Responsive Widget: from n/a through 1.1. | 2025-04-04 | 4.3 | CVE-2025-32273 |
| fromdoppler–Doppler Forms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in fromdoppler Doppler Forms allows Stored XSS. This issue affects Doppler Forms: from n/a through 2.4.5. | 2025-04-04 | 6.5 | CVE-2025-32165 |
| fumiao–opencms | A vulnerability classified as problematic has been found in fumiao opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f. Affected is an unknown function of the file opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. The manipulation of the argument path leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | 2025-04-06 | 4.3 | CVE-2025-3317 |
| FunnelCockpit–FunnelCockpit | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FunnelCockpit FunnelCockpit allows Stored XSS. This issue affects FunnelCockpit: from n/a through 1.4.2. | 2025-04-04 | 5.9 | CVE-2025-32132 |
| Gagan Deep Singh–PostmarkApp Email Integrator | Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PostmarkApp Email Integrator: from n/a through 2.4. | 2025-03-31 | 4.3 | CVE-2025-31576 |
| Galaxy Weblinks–Video Playlist For YouTube | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Galaxy Weblinks Video Playlist For YouTube allows Stored XSS. This issue affects Video Playlist For YouTube: from n/a through 6.6. | 2025-04-04 | 6.5 | CVE-2025-32183 |
| Galaxy Weblinks–WP Clone any post type | Missing Authorization vulnerability in Galaxy Weblinks WP Clone any post type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Clone any post type: from n/a through 3.4. | 2025-04-01 | 5.3 | CVE-2025-31872 |
| Galaxy Weblinks–WP Clone any post type | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Galaxy Weblinks WP Clone any post type allows Phishing. This issue affects WP Clone any post type: from n/a through 3.4. | 2025-04-01 | 4.7 | CVE-2025-31871 |
| GalleryCreator–Gallery Blocks with Lightbox | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GalleryCreator Gallery Blocks with Lightbox allows Stored XSS. This issue affects Gallery Blocks with Lightbox: from n/a through 3.2.5. | 2025-04-04 | 6.5 | CVE-2025-32176 |
| gb-plugins–GB Gallery Slideshow | Missing Authorization vulnerability in gb-plugins GB Gallery Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GB Gallery Slideshow: from n/a through 1.3. | 2025-04-01 | 4.3 | CVE-2025-31732 |
| GhozyLab–Gallery Photo Albums Plugin | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GhozyLab Gallery – Photo Albums Plugin allows Stored XSS. This issue affects Gallery – Photo Albums Plugin: from n/a through 1.3.170. | 2025-03-31 | 6.5 | CVE-2025-31586 |
| gingerplugins–Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in gingerplugins Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme allows Stored XSS. This issue affects Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme: from n/a through 1.1. | 2025-03-31 | 5.9 | CVE-2025-31610 |
| GitoxideLabs–gitoxide | gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct Git objects with colliding SHA-1 hashes would break the Git object model and integrity checks when used with gitoxide. This vulnerability is fixed in 0.42.0. | 2025-04-04 | 6.8 | CVE-2025-31130 |
| godcheese–Nimrod | A vulnerability classified as critical was found in godcheese/code-projects Nimrod 0.8. Affected by this vulnerability is an unknown functionality of the file ViewMenuCategoryRestController.java. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-06 | 6.3 | CVE-2025-3323 |
| godcheese–Nimrod | A vulnerability, which was classified as critical, has been found in godcheese/code-projects Nimrod 0.8. Affected by this issue is some unknown functionality of the file FileRestController.java. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-06 | 6.3 | CVE-2025-3324 |
| Google–Chrome | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | 2025-04-02 | 6.5 | CVE-2025-3070 |
| Gosign–Gosign Posts Slider Block | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gosign Gosign – Posts Slider Block allows Stored XSS. This issue affects Gosign – Posts Slider Block: from n/a through 1.1.0. | 2025-04-01 | 6.5 | CVE-2025-31891 |
| Greg–TailPress | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Greg TailPress allows Retrieve Embedded Sensitive Data. This issue affects TailPress: from n/a through 0.4.4. | 2025-04-03 | 5.8 | CVE-2025-31558 |
| gunnarpayday–Payday | Missing Authorization vulnerability in gunnarpayday Payday allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payday: from n/a through 3.3.12. | 2025-04-03 | 5.8 | CVE-2025-31876 |
| GuoMinJim–PersonManage | A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0. This issue affects the function preHandle of the file /login/. The manipulation of the argument Request leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | 2025-04-01 | 5.3 | CVE-2025-3043 |
| HACHI–Crypt::Salt | Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes. | 2025-04-02 | 5.3 | CVE-2025-1805 |
| HCL Software–HCL DevOps Deploy / HCL Launch | HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | 2025-04-02 | 6.3 | CVE-2025-0257 |
| HCL Software–HCL DevOps Deploy / HCL Launch | HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | 2025-04-03 | 5.4 | CVE-2025-0272 |
| HCL Software–HCL Traveler | HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests. | 2025-04-03 | 4.3 | CVE-2025-0278 |
| HCL Software–HCL Traveler | HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system’s architecture and potentially launch targeted attacks. | 2025-04-03 | 4.3 | CVE-2025-0279 |
| Hewlett Packard Enterprise (HPE)–HPE Athonet Core | An E-RAB Release Command packet containing a malformed NAS PDU will cause the Athonet MME to immediately crash, potentially due to a buffer overflow. | 2025-03-31 | 5.9 | CVE-2024-24456 |
| Hewlett Packard Enterprise (HPE)–Virtual Intranet Access (VIA) | A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). A successful exploit could allow the creation of a Denial-of-Service (DoS) condition affecting the Microsoft Windows Operating System. This vulnerability does not affect Linux and Android based clients. | 2025-04-01 | 5.5 | CVE-2025-25041 |
| hiroprot–Terms Before Download | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in hiroprot Terms Before Download allows Stored XSS. This issue affects Terms Before Download: from n/a through 1.0.4. | 2025-03-31 | 6.5 | CVE-2025-31614 |
| Hossni Mubarak–JobWP | Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.3.9. | 2025-04-04 | 4.3 | CVE-2025-32265 |
| htplugins–Insert Headers and Footers Code HT Script | The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration. | 2025-04-02 | 6.5 | CVE-2025-2779 |
| hutsixdigital–Tiger | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0. | 2025-04-04 | 6.5 | CVE-2025-31407 |
| IBM–Content Navigator | IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-04-02 | 5.4 | CVE-2024-56341 |
| IBM–Jazz Reporting Service | IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system. | 2025-04-02 | 6.6 | CVE-2024-25051 |
| IBM–Maximo Application Suite | IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. | 2025-04-05 | 5.5 | CVE-2025-1500 |
| IBM–TXSeries for Multiplatforms | IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-04-02 | 5.4 | CVE-2024-56475 |
| IBM–TXSeries for Multiplatforms | IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy. | 2025-04-02 | 5.3 | CVE-2024-56476 |
| IBM–TXSeries for Multiplatforms | IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers. | 2025-04-02 | 5.3 | CVE-2025-0154 |
| IBM–TXSeries for Multiplatforms | IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 2025-04-02 | 4.3 | CVE-2024-56474 |
| icopydoc–Maps for WP | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in icopydoc Maps for WP allows Stored XSS. This issue affects Maps for WP: from n/a through 1.2.4. | 2025-04-04 | 6.5 | CVE-2025-32179 |
| ideaboxcreations–PowerPack Elementor Addons (Free Widgets, Extensions and Templates) | The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Cursor Extension in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-01 | 6.4 | CVE-2025-1512 |
| IDX Broker–IMPress for IDX Broker | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in IDX Broker IMPress for IDX Broker allows Stored XSS. This issue affects IMPress for IDX Broker: from n/a through 3.2.3. | 2025-03-31 | 6.5 | CVE-2025-31556 |
| ILLID–Advanced Woo Labels | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ILLID Advanced Woo Labels allows Stored XSS. This issue affects Advanced Woo Labels: from n/a through 2.14. | 2025-04-04 | 6.5 | CVE-2025-32188 |
| Imtiaz Rayhan–Table Block by Tableberg | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Imtiaz Rayhan Table Block by Tableberg allows Stored XSS. This issue affects Table Block by Tableberg: from n/a through 0.6.0. | 2025-04-04 | 6.5 | CVE-2025-32171 |
| Inaba Denki Sangyo Co., Ltd.–CHOCO TEI WATCHER mini (IB-MCT001) | Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password. | 2025-03-31 | 4.6 | CVE-2025-24852 |
| InfoGiants–Simple Website Logo | Missing Authorization vulnerability in InfoGiants Simple Website Logo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Website Logo: from n/a through 1.1. | 2025-04-04 | 5.3 | CVE-2025-32258 |
| Infoway LLC–Ebook Downloader | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Infoway LLC Ebook Downloader allows Stored XSS. This issue affects Ebook Downloader: from n/a through 1.0. | 2025-04-01 | 6.5 | CVE-2025-31894 |
| inspry–Agency Toolkit | Missing Authorization vulnerability in inspry Agency Toolkit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Agency Toolkit: from n/a through 1.0.23. | 2025-04-01 | 5.3 | CVE-2025-31863 |
| InternLM–LMDeploy | A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 5.3 | CVE-2025-3162 |
| InternLM–LMDeploy | A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 5.3 | CVE-2025-3163 |
| Iqonic Design–WPBookit | Missing Authorization vulnerability in Iqonic Design WPBookit allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WPBookit: from n/a through 1.0.1. | 2025-04-04 | 5.3 | CVE-2025-32254 |
| istmoplugins–GetBookingsWP | Missing Authorization vulnerability in istmoplugins GetBookingsWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GetBookingsWP: from n/a through 1.1.27. | 2025-04-03 | 6.5 | CVE-2025-31896 |
| IT Path Solutions–SCSS WP Editor | Cross-Site Request Forgery (CSRF) vulnerability in IT Path Solutions SCSS WP Editor allows Cross Site Request Forgery. This issue affects SCSS WP Editor: from n/a through 1.1.8. | 2025-04-01 | 4.3 | CVE-2025-31808 |
| iteaj–iboot | A vulnerability, which was classified as problematic, was found in iteaj iboot 物è”网网关 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-06 | 4.3 | CVE-2025-3325 |
| itning–Student Homework Management System | A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | 2025-04-03 | 4.3 | CVE-2025-3150 |
| itsourcecode–Library Management System | A vulnerability was found in itsourcecode Library Management System 1.0. It has been rated as critical. Affected by this issue is the function Search of the file library_management/src/Library_Management/Forgot.java. The manipulation of the argument txtuname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3245 |
| J. Tyler Wiest–Jetpack Feedback Exporter | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Tyler Wiest Jetpack Feedback Exporter allows Retrieve Embedded Sensitive Data. This issue affects Jetpack Feedback Exporter: from n/a through 1.23. | 2025-04-04 | 5.3 | CVE-2025-32251 |
| Jaap Jansma–Connector to CiviCRM with CiviMcRestFace | Missing Authorization vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through 1.0.9. | 2025-03-31 | 5.3 | CVE-2025-31618 |
| jackdewey–Link Library | The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Additional Parameters in all versions up to, and including, 7.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-05 | 6.4 | CVE-2025-2889 |
| Jacob Allred–Infusionsoft Web Form JavaScript | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jacob Allred Infusionsoft Web Form JavaScript allows Stored XSS. This issue affects Infusionsoft Web Form JavaScript: from n/a through 1.1.1. | 2025-03-31 | 6.5 | CVE-2025-31629 |
| jeffikus–WooTumblog | Missing Authorization vulnerability in jeffikus WooTumblog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooTumblog: from n/a through 2.1.4. | 2025-04-03 | 6.5 | CVE-2025-31729 |
| Jenkins Project–Jenkins AsakusaSatellite Plugin | Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | 2025-04-02 | 5.5 | CVE-2025-31727 |
| Jenkins Project–Jenkins AsakusaSatellite Plugin | Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | 2025-04-02 | 5.5 | CVE-2025-31728 |
| Jenkins Project–Jenkins Cadence vManager Plugin | Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 2025-04-02 | 4.3 | CVE-2025-31724 |
| Jenkins Project–Jenkins monitor-remote-job Plugin | Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 2025-04-02 | 5.5 | CVE-2025-31725 |
| Jenkins Project–Jenkins Simple Queue Plugin | A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order. | 2025-04-02 | 4.3 | CVE-2025-31723 |
| Jenkins Project–Jenkins Stack Hammer Plugin | Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 2025-04-02 | 5.5 | CVE-2025-31726 |
| Jenkins Project–Jenkins | A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration. | 2025-04-02 | 4.3 | CVE-2025-31720 |
| Jenkins Project–Jenkins | A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration. | 2025-04-02 | 4.3 | CVE-2025-31721 |
| Jeroen Schmit–Theater for WordPress | Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theater for WordPress: from n/a through 0.18.7. | 2025-04-01 | 4.3 | CVE-2025-31846 |
| JFinal–CMS | A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains that this is not a bug but a feature. | 2025-04-04 | 4.3 | CVE-2025-3214 |
| Jinher Network–OA | A vulnerability classified as critical was found in Jinher Network OA C6. Affected by this vulnerability is an unknown functionality of the file /C6/JHSoft.Web.NetDisk/NetDiskProperty.aspx. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 6.3 | CVE-2025-3009 |
| Joao Romao–Social Share Buttons & Analytics Plugin GetSocial.io | Missing Authorization vulnerability in Joao Romao Social Share Buttons & Analytics Plugin – GetSocial.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Share Buttons & Analytics Plugin – GetSocial.io: from n/a through 4.5. | 2025-04-04 | 4.3 | CVE-2025-32239 |
| John Housholder–Emma for WordPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in John Housholder Emma for WordPress allows Stored XSS. This issue affects Emma for WordPress: from n/a through 1.3.3. | 2025-04-04 | 6.5 | CVE-2025-32166 |
| Jonathan Daggerhart–Query Wrangler | Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Daggerhart Query Wrangler allows Cross Site Request Forgery. This issue affects Query Wrangler: from n/a through 1.5.53. | 2025-04-01 | 5.4 | CVE-2025-31779 |
| JoomSky–JS Job Manager | Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2. | 2025-04-01 | 5.4 | CVE-2025-31867 |
| JoomSky–JS Job Manager | Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2. | 2025-04-01 | 5.3 | CVE-2025-31868 |
| joshix–Simplish | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in joshix Simplish allows Stored XSS.This issue affects Simplish: from n/a through 2.6.4. | 2025-04-04 | 6.5 | CVE-2025-22281 |
| josselynj–pCloud Backup | Missing Authorization vulnerability in josselynj pCloud Backup allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects pCloud Backup: from n/a through 1.0.1. | 2025-04-01 | 4.3 | CVE-2025-31755 |
| jumpserver–jumpserver | JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server controlled by the attacker. This allows the attacker to intercept and capture the Kubernetes cluster token. This can potentially allow unauthorized access to the cluster and compromise its security. This vulnerability is fixed in 4.8.0 and 3.10.18. | 2025-03-31 | 4.3 | CVE-2025-27095 |
| KaizenCoders–URL Shortify | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in KaizenCoders URL Shortify allows Stored XSS. This issue affects URL Shortify: from n/a through 1.10.4. | 2025-04-04 | 5.9 | CVE-2025-32134 |
| Kenj_Frog –company-financial-management | A vulnerability classified as critical was found in Kenj_Frog 肯尼基蛙 company-financial-management å…¬å¸è´¢åŠ¡ç®¡ç†ç³»ç»Ÿ 1.0. Affected by this vulnerability is the function page of the file src/main/java/com/controller/ShangpinleixingController.java. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | 2025-04-06 | 6.3 | CVE-2025-3318 |
| Kentico–Xperience | Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature. | 2025-04-06 | 6.4 | CVE-2025-32369 |
| Kibru Demeke–Ethiopian Calendar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kibru Demeke Ethiopian Calendar allows Stored XSS. This issue affects Ethiopian Calendar: from n/a through 1.1.1. | 2025-03-31 | 6.5 | CVE-2025-31589 |
| KingAddons.com–King Addons for Elementor | Missing Authorization vulnerability in KingAddons.com King Addons for Elementor. This issue affects King Addons for Elementor: from n/a through 24.12.58. | 2025-04-01 | 4.3 | CVE-2025-30926 |
| Kishan–WP Link Preview | Server-Side Request Forgery (SSRF) vulnerability in Kishan WP Link Preview allows Server Side Request Forgery. This issue affects WP Link Preview: from n/a through 1.4.1. | 2025-03-31 | 6.4 | CVE-2025-31527 |
| Kuppuraj–Advanced All in One Admin Search by WP Spotlight | Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight allows Cross Site Request Forgery. This issue affects Advanced All in One Admin Search by WP Spotlight: from n/a through 1.1.1. | 2025-04-04 | 4.3 | CVE-2025-32261 |
| LA-Studio–LA-Studio Element Kit for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS. This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.4.9. | 2025-04-04 | 6.5 | CVE-2025-32194 |
| LABCAT–Processing Projects | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LABCAT Processing Projects allows DOM-Based XSS. This issue affects Processing Projects: from n/a through 1.0.2. | 2025-03-31 | 6.5 | CVE-2025-31624 |
| Labinator–Labinator Content Types Duplicator | Cross-Site Request Forgery (CSRF) vulnerability in Labinator Labinator Content Types Duplicator allows Cross Site Request Forgery. This issue affects Labinator Content Types Duplicator: from n/a through 1.1.3. | 2025-04-01 | 4.3 | CVE-2025-31809 |
| Leartes.NET–Leartes TRY Exchange Rates | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Leartes.NET Leartes TRY Exchange Rates allows Stored XSS. This issue affects Leartes TRY Exchange Rates: from n/a through 2.1. | 2025-04-01 | 6.5 | CVE-2025-31783 |
| Legrand–SMS PowerView | A vulnerability, which was classified as critical, was found in Legrand SMS PowerView 1.x. Affected is an unknown function. The manipulation of the argument redirect leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-31 | 6.3 | CVE-2025-2982 |
| Legrand–SMS PowerView | A vulnerability has been found in Legrand SMS PowerView 1.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument redirect leads to os command injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-31 | 5.5 | CVE-2025-2983 |
| Magnigenie–RestroPress | Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RestroPress: from n/a through 3.1.8.4. | 2025-04-01 | 4.3 | CVE-2025-31877 |
| Maksym Marko–MX Time Zone Clocks | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Maksym Marko MX Time Zone Clocks allows Reflected XSS. This issue affects MX Time Zone Clocks: from n/a through 5.1.1. | 2025-04-01 | 6.5 | CVE-2025-31801 |
| Manuel Schmalstieg–Minimalistic Event Manager | Missing Authorization vulnerability in Manuel Schmalstieg Minimalistic Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Minimalistic Event Manager: from n/a through 1.1.1. | 2025-04-03 | 6.4 | CVE-2025-31739 |
| markkinchin–Beds24 Online Booking | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in markkinchin Beds24 Online Booking allows Stored XSS. This issue affects Beds24 Online Booking: from n/a through 2.0.26. | 2025-04-01 | 6.5 | CVE-2025-31851 |
| Mashi–Simple Map No Api | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mashi Simple Map No Api allows Stored XSS. This issue affects Simple Map No Api: from n/a through 1.9. | 2025-04-01 | 6.5 | CVE-2025-31890 |
| Matat Technologies–TextMe SMS | Missing Authorization vulnerability in Matat Technologies TextMe SMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TextMe SMS: from n/a through 1.9.1. | 2025-04-03 | 6.5 | CVE-2025-31789 |
| matthewrubin–Local Magic | Missing Authorization vulnerability in matthewrubin Local Magic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Local Magic: from n/a through 2.6.0. | 2025-04-03 | 6.5 | CVE-2025-31858 |
| matthewrubin–Review Manager | Missing Authorization vulnerability in matthewrubin Review Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Review Manager: from n/a through 2.2.0. | 2025-04-01 | 5.3 | CVE-2025-31836 |
| Mayeenul Islam–NanoSupport | Missing Authorization vulnerability in Mayeenul Islam NanoSupport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NanoSupport: from n/a through 0.6.0. | 2025-03-31 | 4.3 | CVE-2025-31376 |
| metagauss–RegistrationMagic Custom Registration Forms, User Registration, Payment, and User Login | The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘payment_method’ parameter in all versions up to, and including, 6.0.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-04 | 6.4 | CVE-2025-2836 |
| Microsoft–Microsoft Edge for iOS | Improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | 2025-04-04 | 4.3 | CVE-2025-25001 |
| Microsoft–Microsoft Edge for iOS | User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | 2025-04-04 | 4.7 | CVE-2025-29796 |
| MiKa–OSM OpenStreetMap | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MiKa OSM – OpenStreetMap allows DOM-Based XSS. This issue affects OSM – OpenStreetMap: from n/a through 6.1.6. | 2025-03-31 | 6.5 | CVE-2025-31557 |
| milan.latinovic–WP Chrono | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in milan.latinovic WP Chrono allows DOM-Based XSS. This issue affects WP Chrono: from n/a through 1.5.4. | 2025-04-01 | 6.5 | CVE-2025-31747 |
| MobSF–Mobile-Security-Framework-MobSF | Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2. | 2025-03-31 | 4.4 | CVE-2025-31116 |
| Modernaweb Studio–Black Widgets For Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS. This issue affects Black Widgets For Elementor: from n/a through 1.3.9. | 2025-04-01 | 6.5 | CVE-2025-31869 |
| MongoDB Inc–MongoDB Server | When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4 | 2025-04-01 | 6.5 | CVE-2025-3084 |
| Morgan Kay–Chamber Dashboard Business Directory | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Morgan Kay Chamber Dashboard Business Directory allows DOM-Based XSS. This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.11. | 2025-04-04 | 6.5 | CVE-2025-32162 |
| moshensky–CF7 Spreadsheets | Missing Authorization vulnerability in moshensky CF7 Spreadsheets allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 Spreadsheets: from n/a through 2.3.2. | 2025-03-31 | 5.4 | CVE-2025-31603 |
| Mozilla–Firefox | JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. | 2025-04-01 | 6.5 | CVE-2025-3028 |
| Mozilla–Firefox | An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137. | 2025-04-01 | 6.5 | CVE-2025-3031 |
| N-Media–Bulk Product Sync | Cross-Site Request Forgery (CSRF) vulnerability in N-Media Bulk Product Sync allows Cross Site Request Forgery. This issue affects Bulk Product Sync: from n/a through 8.6. | 2025-04-01 | 4.3 | CVE-2025-31852 |
| N-Media–Nmedia MailChimp | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in N-Media Nmedia MailChimp allows Stored XSS. This issue affects Nmedia MailChimp: from n/a through 5.4. | 2025-04-01 | 6.5 | CVE-2025-30613 |
| n/a–FastCMS | A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 5 | CVE-2025-3177 |
| n/a–n/a | Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload. | 2025-04-01 | 6.7 | CVE-2023-46988 |
| n/a–n/a | Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function. | 2025-04-01 | 6.3 | CVE-2025-29049 |
| n/a–n/a | SourceCodester (rems) Employee Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add_employee.php via the First Name and Address text fields. | 2025-04-02 | 6.1 | CVE-2025-29719 |
| n/a–n/a | An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote user attempts to log in via TELNET during the login wait time and an external call comes in, the system incorrectly divulges information about the call and any SMDR records generated by the system. The information provided includes the service type, extension number and other parameters, related to the call activity. | 2025-04-01 | 5.6 | CVE-2003-20001 |
| n/a–n/a | Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting (XSS) via the “Description” field during LAN configuration. | 2025-04-01 | 5.4 | CVE-2025-26054 |
| n/a–n/a | An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component. | 2025-04-01 | 5.9 | CVE-2025-29036 |
| n/a–n/a | A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with “Read-Only” access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enabling unauthorized modifications that compromise system integrity and availability. | 2025-04-01 | 4.6 | CVE-2025-28131 |
| n/a–n/a | A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing an attacker to impersonate users and perform actions on their behalf. | 2025-04-01 | 4.6 | CVE-2025-28132 |
| n/a–Projeqtor | A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.3 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains, that “this vulnerability can be exploited only on not securely installed instances, as it is adviced during product install: attachment directory should be out of web reach, so that even if executable file can be uploaded, it cannot be executed through the web.” | 2025-04-03 | 5 | CVE-2025-3169 |
| n/a–PyTorch | A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 5.3 | CVE-2025-2998 |
| n/a–PyTorch | A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 5.3 | CVE-2025-2999 |
| n/a–PyTorch | A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 5.3 | CVE-2025-3000 |
| n/a–PyTorch | A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 5.3 | CVE-2025-3001 |
| n/a–react-draft-wysiwyg | All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting (XSS) via the Embedded button which will then result in saving the payload in the <iframe> tag. | 2025-04-04 | 6.1 | CVE-2025-3191 |
| n/a–TA-Lib | A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4. This issue affects the function setInputBuffer of the file src/tools/ta_regtest/ta_test_func/test_minmax.c of the component ta_regtest. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5879180e9070ec35d52948f2f57519713256a0f1. It is recommended to apply a patch to fix this issue. | 2025-03-31 | 5.3 | CVE-2025-3017 |
| n/a–WCMS | A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-31 | 6.3 | CVE-2025-2978 |
| n/a–WonderCMS | A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains, that “[t]he philosophy has always been, admin […] bear responsibility to not install themes/plugins from untrusted sources.” | 2025-04-02 | 4.7 | CVE-2025-3123 |
| Neteuro–Turisbook Booking System | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Neteuro Turisbook Booking System allows Stored XSS. This issue affects Turisbook Booking System: from n/a through 1.3.7. | 2025-04-01 | 6.5 | CVE-2025-31803 |
| netty–netty-incubator-codec-quic | Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability (in the hash map used to manage connections) allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs). This vulnerability is fixed in 0.0.71.Final. | 2025-03-31 | 5.3 | CVE-2025-29908 |
| Nikita–Advanced WordPress Backgrounds | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Nikita Advanced WordPress Backgrounds allows Code Injection. This issue affects Advanced WordPress Backgrounds: from n/a through 1.12.4. | 2025-04-04 | 5.4 | CVE-2025-32200 |
| NiteoThemes–CLP Custom Login Page by NiteoThemes | Cross-Site Request Forgery (CSRF) vulnerability in NiteoThemes CLP – Custom Login Page by NiteoThemes allows Cross Site Request Forgery. This issue affects CLP – Custom Login Page by NiteoThemes: from n/a through 1.5.5. | 2025-04-01 | 4.3 | CVE-2025-31769 |
| Noor Alam–Magical Blocks | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Noor Alam Magical Blocks allows Stored XSS. This issue affects Magical Blocks: from n/a through 1.0.10. | 2025-04-01 | 6.5 | CVE-2025-31844 |
| NotFound–Bridge Core | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a. | 2025-04-01 | 6.5 | CVE-2025-31409 |
| NotFound–Include URL | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in NotFound Include URL allows Path Traversal. This issue affects Include URL: from n/a through 0.3.5. | 2025-04-01 | 6.5 | CVE-2025-30594 |
| NotFound–include-file | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in NotFound include-file allows Path Traversal. This issue affects include-file: from n/a through 1. | 2025-04-03 | 6.5 | CVE-2025-30596 |
| NotFound–JetBlocks For Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound JetBlocks For Elementor allows Stored XSS. This issue affects JetBlocks For Elementor: from n/a through 1.3.16. | 2025-03-31 | 6.5 | CVE-2025-30987 |
| NotFound–JetProductGallery | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound JetProductGallery allows DOM-Based XSS. This issue affects JetProductGallery: from n/a through 2.1.22. | 2025-03-31 | 6.5 | CVE-2025-31412 |
| NotFound–JetSearch | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound JetSearch allows DOM-Based XSS. This issue affects JetSearch: from n/a through 3.5.7. | 2025-03-31 | 6.5 | CVE-2025-31043 |
| Novastar–CX40 | A vulnerability was found in Novastar CX40 up to 2.44.0. It has been rated as critical. This issue affects the function getopt of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation of the argument cmd/netmask/pipeout/nettask leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-31 | 5.5 | CVE-2025-3007 |
| Novastar–CX40 | A vulnerability classified as critical has been found in Novastar CX40 up to 2.44.0. Affected is the function system/popen of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation leads to command injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-31 | 5.5 | CVE-2025-3008 |
| Oblak Studio–Srbtranslatin | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Oblak Studio Srbtranslatin allows Retrieve Embedded Sensitive Data.This issue affects Srbtranslatin: from n/a through 3.2.0. | 2025-04-04 | 5.8 | CVE-2025-31421 |
| Oliver Boyers–Pin Generator | Missing Authorization vulnerability in Oliver Boyers Pin Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pin Generator: from n/a through 2.0.0. | 2025-04-01 | 5.4 | CVE-2025-31791 |
| Open Asset Import Library–Assimp | A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0 is able to address this issue. The patch is named 7c705fde418d68cca4e8eff56be01b2617b0d6fe. It is recommended to apply a patch to fix this issue. | 2025-03-31 | 6.3 | CVE-2025-3015 |
| Open Asset Import Library–Assimp | A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 5.3 | CVE-2025-3158 |
| Open Asset Import Library–Assimp | A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is e8a6286542924e628e02749c4f5ac4f91fdae71b. It is recommended to apply a patch to fix this issue. | 2025-04-03 | 5.3 | CVE-2025-3159 |
| Open Asset Import Library–Assimp | A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 2025-04-04 | 5.3 | CVE-2025-3196 |
| Open Asset Import Library–Assimp | A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument mWidth/mHeight leads to resource consumption. The attack can be initiated remotely. Upgrading to version 6.0 is able to address this issue. The name of the patch is 5d2a7482312db2e866439a8c05a07ce1e718bed1. It is recommended to apply a patch to fix this issue. | 2025-03-31 | 4.3 | CVE-2025-3016 |
| openemr–openemr | OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting (XSS) in the AJAX Script interface\super\layout_listitems_ajax.php via the target parameter. This vulnerability is fixed in 7.0.3. | 2025-03-31 | 6.4 | CVE-2025-30149 |
| OpenMenu–OpenMenu | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in OpenMenu OpenMenu allows Stored XSS. This issue affects OpenMenu: from n/a through 3.5. | 2025-03-31 | 6.5 | CVE-2025-31593 |
| oretnom23–Apartment Visitor Management System | A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /remove-apartment.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-01 | 6.3 | CVE-2025-3045 |
| OTWthemes–Content Manager Light | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in OTWthemes Content Manager Light allows Stored XSS. This issue affects Content Manager Light: from n/a through 3.2. | 2025-04-01 | 6.5 | CVE-2025-31770 |
| OTWthemes–Post Custom Templates Lite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in OTWthemes Post Custom Templates Lite allows Stored XSS. This issue affects Post Custom Templates Lite: from n/a through 1.14. | 2025-04-01 | 6.5 | CVE-2025-31767 |
| OTWthemes–Widget Manager Light | Missing Authorization vulnerability in OTWthemes Widget Manager Light allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Widget Manager Light: from n/a through 1.18. | 2025-04-03 | 6.5 | CVE-2025-31768 |
| ouch-org–ouch | A vulnerability was found in ouch-org ouch up to 0.3.1. It has been classified as critical. This affects the function ouch::archive::zip::convert_zip_date_time of the file zip.rs. The manipulation of the argument month leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.4.0 is able to address this issue. It is recommended to upgrade the affected component. | 2025-04-01 | 5.3 | CVE-2024-13941 |
| Out the Box–Beam me up Scotty Back to Top Button | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Out the Box Beam me up Scotty – Back to Top Button allows Stored XSS. This issue affects Beam me up Scotty – Back to Top Button: from n/a through 1.0.23. | 2025-04-01 | 5.9 | CVE-2025-31864 |
| OwnerRez–OwnerRez | Cross-Site Request Forgery (CSRF) vulnerability in OwnerRez OwnerRez allows Cross Site Request Forgery. This issue affects OwnerRez: from n/a through 1.2.0. | 2025-04-01 | 4.3 | CVE-2025-31814 |
| Paolo Melchiorre–Send E-mail | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Paolo Melchiorre Send E-mail allows Stored XSS. This issue affects Send E-mail: from n/a through 1.3. | 2025-03-31 | 6.5 | CVE-2025-31592 |
| paulgpetty–wp Time Machine | The wp Time Machine plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.0. This is due to missing or incorrect nonce validation on the ‘wpTimeMachineCore.php’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-04-02 | 6.1 | CVE-2025-3097 |
| paulrosen–ABC Notation | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in paulrosen ABC Notation allows Stored XSS. This issue affects ABC Notation: from n/a through 6.1.3. | 2025-04-01 | 6.5 | CVE-2025-31895 |
| petesheppard84–Extensions for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a through 2.0.40. | 2025-04-01 | 6.5 | CVE-2025-31889 |
| pgn4web–Embed Chessboard | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in pgn4web Embed Chessboard allows Stored XSS. This issue affects Embed Chessboard: from n/a through 3.07.00. | 2025-04-04 | 6.5 | CVE-2025-32177 |
| Philip John–Author Bio Shortcode | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Philip John Author Bio Shortcode allows Stored XSS. This issue affects Author Bio Shortcode: from n/a through 2.5.3. | 2025-04-01 | 6.5 | CVE-2025-31731 |
| phires–go-guerrilla | Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is considered part of the exchange between client and server, so the client is free to send further PROXY commands with whatever data it pleases. go-guerrilla will treat these as coming from the reverse proxy, allowing a client to spoof its IP address. This vulnerability is fixed in 1.6.7. | 2025-04-01 | 5.3 | CVE-2025-31135 |
| PhotoShelter–PhotoShelter for Photographers Blog Feed Plugin | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PhotoShelter PhotoShelter for Photographers Blog Feed Plugin allows Stored XSS. This issue affects PhotoShelter for Photographers Blog Feed Plugin: from n/a through 1.5.7. | 2025-04-01 | 6.5 | CVE-2025-31766 |
| PHPGurukul–e-Diary Management System | A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3242 |
| PHPGurukul–Old Age Home Management System | A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3235 |
| PHPGurukul–Restaurant Table Booking System | A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-04 | 6.3 | CVE-2025-3215 |
| PHPGurukul–Restaurant Table Booking System | A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /edit-subadmin.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-04 | 4.7 | CVE-2025-3229 |
| phpIPAM–phpIPAM | phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts. | 2025-03-31 | 5.4 | CVE-2024-55093 |
| PickPlugins–Job Board Manager | Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60. | 2025-04-01 | 5.3 | CVE-2025-31862 |
| PickPlugins–Question Answer | Missing Authorization vulnerability in PickPlugins Question Answer allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Question Answer: from n/a through 1.2.70. | 2025-04-01 | 5.3 | CVE-2025-31810 |
| PickPlugins–Wishlist | Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Wishlist allows Cross Site Request Forgery. This issue affects Wishlist: from n/a through 1.0.44. | 2025-04-04 | 4.3 | CVE-2025-32272 |
| pietro–Mobile App Canvas | Missing Authorization vulnerability in pietro Mobile App Canvas allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile App Canvas: from n/a through 3.8.1. | 2025-04-01 | 5.4 | CVE-2025-31816 |
| piotnetdotcom–Piotnet Addons For Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in piotnetdotcom Piotnet Addons For Elementor allows Stored XSS. This issue affects Piotnet Addons For Elementor: from n/a through 2.4.34. | 2025-04-04 | 6.5 | CVE-2025-32197 |
| piotnetdotcom–Piotnet Forms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in piotnetdotcom Piotnet Forms allows Stored XSS. This issue affects Piotnet Forms: from n/a through 1.0.30. | 2025-04-01 | 5.9 | CVE-2025-31792 |
| piotnetdotcom–Piotnet Forms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in piotnetdotcom Piotnet Forms allows Stored XSS. This issue affects Piotnet Forms: from n/a through 1.0.30. | 2025-04-01 | 5.9 | CVE-2025-31793 |
| PixelDima–Dima Take Action | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PixelDima Dima Take Action allows Stored XSS. This issue affects Dima Take Action: from n/a through 1.0.5. | 2025-04-01 | 5.9 | CVE-2025-31742 |
| pixelgrade–Category Icon | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in pixelgrade Category Icon allows Path Traversal. This issue affects Category Icon: from n/a through 1.0.0. | 2025-04-03 | 4.9 | CVE-2025-31825 |
| pixelgrade–Nova Blocks by Pixelgrade | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in pixelgrade Nova Blocks by Pixelgrade. This issue affects Nova Blocks by Pixelgrade: from n/a through 2.1.8. | 2025-04-01 | 6.5 | CVE-2025-31819 |
| Plugin Devs–Shopify to WooCommerce Migration | Missing Authorization vulnerability in Plugin Devs Shopify to WooCommerce Migration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shopify to WooCommerce Migration: from n/a through 1.3.0. | 2025-04-03 | 6.5 | CVE-2025-31795 |
| Pluginic–FancyPost | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pluginic FancyPost allows DOM-Based XSS. This issue affects FancyPost: from n/a through 6.0.1. | 2025-04-01 | 6.5 | CVE-2025-31875 |
| posimyththemes–WDesignKit Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder | The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom widgets in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-01 | 6.4 | CVE-2024-12189 |
| Preliot–Cache control by Cacholong | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Preliot Cache control by Cacholong allows Stored XSS. This issue affects Cache control by Cacholong: from n/a through 5.4.1. | 2025-04-01 | 5.9 | CVE-2025-31764 |
| Preliot–Cache control by Cacholong | Cross-Site Request Forgery (CSRF) vulnerability in Preliot Cache control by Cacholong allows Cross Site Request Forgery. This issue affects Cache control by Cacholong: from n/a through 5.4.1. | 2025-04-01 | 4.3 | CVE-2025-31763 |
| PressTigers–Simple Owl Carousel | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PressTigers Simple Owl Carousel allows DOM-Based XSS. This issue affects Simple Owl Carousel: from n/a through 1.1.1. | 2025-03-31 | 6.5 | CVE-2025-31535 |
| Project Worlds–Online Time Table Generator | A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_student.php. The manipulation of the argument pic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 6.3 | CVE-2025-3040 |
| Project Worlds–Online Time Table Generator | A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /admin/updatestudent.php. The manipulation of the argument pic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-01 | 6.3 | CVE-2025-3041 |
| Project Worlds–Online Time Table Generator | A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. This vulnerability affects unknown code of the file /student/updateprofile.php. The manipulation of the argument pic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-01 | 6.3 | CVE-2025-3042 |
| promoz73–Exit Popup Free | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in promoz73 Exit Popup Free allows Stored XSS. This issue affects Exit Popup Free: from n/a through 1.0. | 2025-03-31 | 5.9 | CVE-2025-31591 |
| publitio–Publitio | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in publitio Publitio allows Path Traversal. This issue affects Publitio: from n/a through 2.1.8. | 2025-04-03 | 6.5 | CVE-2025-31800 |
| publitio–Publitio | Missing Authorization vulnerability in publitio Publitio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Publitio: from n/a through 2.1.8. | 2025-04-01 | 4.3 | CVE-2025-31798 |
| publitio–Publitio | Missing Authorization vulnerability in publitio Publitio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Publitio: from n/a through 2.1.8. | 2025-04-01 | 4.3 | CVE-2025-31799 |
| pupunzi–mb.YTPlayer | Missing Authorization vulnerability in pupunzi mb.YTPlayer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects mb.YTPlayer: from n/a through 3.3.8. | 2025-04-01 | 5.4 | CVE-2025-31782 |
| qinguoyi–TinyWebServer | A vulnerability, which was classified as critical, was found in qinguoyi TinyWebServer up to 1.0. This affects an unknown part of the file /http/http_conn.cpp. The manipulation of the argument name/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3267 |
| qinguoyi–TinyWebServer | A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/http_conn.cpp. The manipulation of the argument m_url_real leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 5.3 | CVE-2025-3268 |
| Qu L 91–Administrator Z | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Quý Lê 91 Administrator Z allows DOM-Based XSS. This issue affects Administrator Z: from n/a through 2025.03.04. | 2025-04-04 | 6.5 | CVE-2025-32187 |
| Qu L 91–Administrator Z | Cross-Site Request Forgery (CSRF) vulnerability in Quý Lê 91 Administrator Z allows Cross Site Request Forgery. This issue affects Administrator Z: from n/a through 2025.03.04. | 2025-04-04 | 4.3 | CVE-2025-32276 |
| raphaelheide–Donate Me | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in raphaelheide Donate Me allows Reflected XSS. This issue affects Donate Me: from n/a through 1.2.5. | 2025-04-01 | 6.5 | CVE-2025-31778 |
| Rashid–Slider Path for Elementor | Missing Authorization vulnerability in Rashid Slider Path for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slider Path for Elementor: from n/a through 3.0.0. | 2025-03-31 | 4.3 | CVE-2025-31529 |
| RealMag777–TableOn WordPress Posts Table Filterable | Missing Authorization vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.4. | 2025-04-04 | 5.4 | CVE-2025-32218 |
| Red Hat–Red Hat Enterprise Linux 6 | A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. | 2025-04-03 | 6.5 | CVE-2025-3155 |
| Red Hat–Red Hat Enterprise Linux 6 | A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. | 2025-04-03 | 6.5 | CVE-2025-32052 |
| Red Hat–Red Hat Enterprise Linux 6 | A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. | 2025-04-03 | 6.5 | CVE-2025-32053 |
| Red Hat–Red Hat Enterprise Linux 6 | A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. | 2025-04-03 | 5.9 | CVE-2025-32050 |
| Red Hat–Red Hat Enterprise Linux 6 | A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS). | 2025-04-03 | 5.9 | CVE-2025-32051 |
| Red Hat–Red Hat OpenShift distributed tracing 3.5.1 | A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users’ permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gathering information for further attacks. | 2025-04-02 | 4.3 | CVE-2025-2786 |
| Red Hat–Red Hat OpenShift distributed tracing 3.5.1 | A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be exploited if a user has ‘create’ permissions on TempoStack and ‘get’ permissions on Secret in a namespace (for example, a user has ClusterAdmin permissions for a specific namespace), as the user can read the token of the Tempo service account and therefore has access to see all cluster metrics. | 2025-04-02 | 4.3 | CVE-2025-2842 |
| RedefiningTheWeb–PDF Generator Addon for Elementor Page Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder allows Stored XSS. This issue affects PDF Generator Addon for Elementor Page Builder: from n/a through 1.7.5. | 2025-04-01 | 6.5 | CVE-2025-31850 |
| reDim GmbH–CookieHint WP | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in reDim GmbH CookieHint WP allows Stored XSS. This issue affects CookieHint WP: from n/a through 1.0.0. | 2025-03-31 | 6.5 | CVE-2025-31608 |
| Repuso–Social proof testimonials and reviews by Repuso | Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social proof testimonials and reviews by Repuso: from n/a through 5.21. | 2025-04-01 | 4.3 | CVE-2025-31886 |
| richtexteditor–Rich Text Editor | Missing Authorization vulnerability in richtexteditor Rich Text Editor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rich Text Editor: from n/a through 1.0.1. | 2025-04-03 | 6.5 | CVE-2025-31736 |
| Robert D Payne–RDP Wiki Embed | Cross-Site Request Forgery (CSRF) vulnerability in Robert D Payne RDP Wiki Embed allows Cross Site Request Forgery. This issue affects RDP Wiki Embed: from n/a through 1.2.20. | 2025-04-04 | 4.3 | CVE-2025-32262 |
| rocketelements–Split Test For Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in rocketelements Split Test For Elementor allows Stored XSS. This issue affects Split Test For Elementor: from n/a through 1.8.3. | 2025-04-04 | 5.9 | CVE-2025-32135 |
| Rohit Choudhary–Theme Duplicator | Cross-Site Request Forgery (CSRF) vulnerability in Rohit Choudhary Theme Duplicator allows Cross Site Request Forgery. This issue affects Theme Duplicator: from n/a through 1.1. | 2025-04-01 | 4.3 | CVE-2025-31845 |
| rollbar–Rollbar | Cross-Site Request Forgery (CSRF) vulnerability in rollbar Rollbar allows Cross Site Request Forgery. This issue affects Rollbar: from n/a through 2.7.1. | 2025-04-04 | 5.4 | CVE-2025-32250 |
| romik84–Demo Awesome | The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins.. | 2025-04-02 | 6.5 | CVE-2024-13637 |
| rpetersen29–Simple Banner Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website | The Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-04-04 | 4.4 | CVE-2024-13898 |
| RRWO–Linux::Statm::Tiny | Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory (‘.’) to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Linux::Statm::Tiny uses Mite to produce the affected code section due to CVE-2025-30672 | 2025-04-01 | 6.5 | CVE-2025-3051 |
| Rudy Susanto–Embed Extended Embed Maps, Videos, Websites, Source Codes, and more | Cross-Site Request Forgery (CSRF) vulnerability in Rudy Susanto Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more allows Cross Site Request Forgery. This issue affects Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more: from n/a through 1.4.0. | 2025-04-01 | 4.3 | CVE-2025-31784 |
| rustaurius–Front End Users | The Front End Users plugin for WordPress is vulnerable to SQL Injection via the ‘UserSearchField’ parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-04-02 | 4.9 | CVE-2024-12410 |
| Ryo–Arkhe Blocks | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ryo Arkhe Blocks allows Stored XSS. This issue affects Arkhe Blocks: from n/a through 2.27.1. | 2025-04-04 | 6.5 | CVE-2025-32161 |
| Saiful Islam–UltraAddons Elementor Lite | Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam UltraAddons Elementor Lite allows Cross Site Request Forgery. This issue affects UltraAddons Elementor Lite: from n/a through 2.0.0. | 2025-04-04 | 4.3 | CVE-2025-32264 |
| Salesmate.io–Salesmate Add-On for Gravity Forms | Missing Authorization vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Salesmate Add-On for Gravity Forms: from n/a through 2.0.3. | 2025-03-31 | 5.3 | CVE-2025-31533 |
| Sandeep Kumar–WP Video Playlist | Missing Authorization vulnerability in Sandeep Kumar WP Video Playlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Video Playlist: from n/a through 1.1.2. | 2025-04-03 | 6.5 | CVE-2025-31581 |
| Shaharia Azam–Auto Post After Image Upload | Missing Authorization vulnerability in Shaharia Azam Auto Post After Image Upload allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Post After Image Upload: from n/a through 1.6. | 2025-03-31 | 4.3 | CVE-2025-31611 |
| Sharaz Shahid–Simple Sticky Add To Cart For WooCommerce | Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through 1.4.5. | 2025-04-01 | 4.3 | CVE-2025-31854 |
| sheetdb–SheetDB | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sheetdb SheetDB allows Stored XSS. This issue affects SheetDB: from n/a through 1.3.3. | 2025-04-01 | 6.5 | CVE-2025-31873 |
| Ship Depot–ShipDepot for WooCommerce | Missing Authorization vulnerability in Ship Depot ShipDepot for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ShipDepot for WooCommerce: from n/a through 1.2.19. | 2025-04-01 | 4.3 | CVE-2025-31866 |
| Shiptimize–Shiptimize for WooCommerce | Missing Authorization vulnerability in Shiptimize Shiptimize for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shiptimize for WooCommerce: from n/a through 3.1.86. | 2025-04-01 | 5.4 | CVE-2025-31802 |
| Shiptrack–Booking Calendar and Notification | Missing Authorization vulnerability in shiptrack Booking Calendar and Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through 4.0.3. | 2025-04-04 | 6.5 | CVE-2025-31381 |
| shivammani–Privyr CRM | Missing Authorization vulnerability in shivammani Privyr CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Privyr CRM: from n/a through 1.0.1. | 2025-04-04 | 5.4 | CVE-2025-32224 |
| ShortPixel–ShortPixel Adaptive Images | Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ShortPixel Adaptive Images: from n/a through 3.10.0. | 2025-04-01 | 5.4 | CVE-2025-30853 |
| Simplepress–Simple:Press | Missing Authorization vulnerability in Simplepress Simple:Press allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple:Press: from n/a through 6.10.11. | 2025-03-31 | 5.3 | CVE-2025-31386 |
| SlicedInvoices–Sliced Invoices | Missing Authorization vulnerability in SlicedInvoices Sliced Invoices. This issue affects Sliced Invoices: from n/a through 3.9.4. | 2025-04-01 | 5.3 | CVE-2025-31628 |
| smackcoders–AIO Performance Profiler, Monitor, Optimize, Compress & Debug | Insertion of Sensitive Information into Log File vulnerability in smackcoders AIO Performance Profiler, Monitor, Optimize, Compress & Debug allows Retrieve Embedded Sensitive Data. This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through 1.2. | 2025-04-01 | 5.3 | CVE-2025-31788 |
| smackcoders–Google SEO Pressor Snippet | Missing Authorization vulnerability in smackcoders Google SEO Pressor Snippet allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Google SEO Pressor Snippet: from n/a through 2.0. | 2025-03-31 | 4.3 | CVE-2025-31530 |
| smackcoders–Google SEO Pressor Snippet | Cross-Site Request Forgery (CSRF) vulnerability in smackcoders Google SEO Pressor Snippet allows Cross Site Request Forgery. This issue affects Google SEO Pressor Snippet: from n/a through 2.0. | 2025-04-01 | 4.3 | CVE-2025-31775 |
| smartpixels–Smart Icons For WordPress | The Smart Icons For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-04-02 | 6.4 | CVE-2025-2513 |
| smartwpress–Musician’s Pack for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in smartwpress Musician’s Pack for Elementor allows DOM-Based XSS. This issue affects Musician’s Pack for Elementor: from n/a through 1.8.4. | 2025-04-04 | 6.5 | CVE-2025-32190 |
| snapwidget–SnapWidget Social Photo Feed Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in snapwidget SnapWidget Social Photo Feed Widget allows DOM-Based XSS. This issue affects SnapWidget Social Photo Feed Widget: from n/a through 1.1.0. | 2025-04-01 | 6.5 | CVE-2025-31760 |
| socialintents–Social Intents | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in socialintents Social Intents allows Stored XSS. This issue affects Social Intents: from n/a through 1.6.14. | 2025-04-04 | 5.9 | CVE-2025-32131 |
| SoftHopper–Custom Content Scrollbar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SoftHopper Custom Content Scrollbar allows Stored XSS. This issue affects Custom Content Scrollbar: from n/a through 1.3. | 2025-03-31 | 6.5 | CVE-2025-31574 |
| softnwords–SMM API | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in softnwords SMM API allows Stored XSS. This issue affects SMM API: from n/a through 6.0.27. | 2025-04-01 | 6.5 | CVE-2025-31855 |
| softpulseinfotech–SP Blog Designer | Missing Authorization vulnerability in softpulseinfotech SP Blog Designer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SP Blog Designer: from n/a through 1.0.0. | 2025-03-31 | 4.8 | CVE-2025-31606 |
| sonaar–MP3 Audio Player for Music, Radio & Podcast by Sonaar | Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.9.4. | 2025-04-04 | 4.3 | CVE-2025-32235 |
| SourceCodester–Apartment Visitor Management System | A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument buildingno leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. | 2025-04-03 | 6.3 | CVE-2025-3142 |
| SourceCodester–Apartment Visitor Management System | A vulnerability classified as critical has been found in SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-entry.php. The manipulation of the argument visname/address leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. | 2025-04-03 | 6.3 | CVE-2025-3143 |
| SourceCodester–Apartment Visitors Management System | A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument apartmentno leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-02 | 6.3 | CVE-2025-3120 |
| SourceCodester–Online Eyewear Shop | A vulnerability, which was classified as critical, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 6.3 | CVE-2025-3018 |
| SourceCodester–Online Eyewear Shop | A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=delete_customer. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-05 | 6.3 | CVE-2025-3296 |
| SourceCodester–Online Eyewear Shop | A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Registration Handler. The manipulation of the argument email leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-05 | 4.3 | CVE-2025-3298 |
| SourceCodester–Online Medicine Ordering System | A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /view_category.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 6.3 | CVE-2025-3140 |
| SourceCodester–Online Medicine Ordering System | A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 6.3 | CVE-2025-3141 |
| SourceCodester–Online Tutor Portal | A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been classified as critical. This affects an unknown part of the file /tutor/courses/view_course.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-02 | 6.3 | CVE-2025-3118 |
| SourceCodester–Online Tutor Portal | A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /tutor/courses/manage_course.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-02 | 6.3 | CVE-2025-3119 |
| SourceCodester–Web-based Pharmacy Product Management System | A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add-admin.php of the component Create User Page. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3244 |
| specialk–User Submitted Posts Enable Users to Submit Posts from the Front End | The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20240319 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-04-03 | 4.4 | CVE-2025-2874 |
| Spider Themes–Spider Elements Addons for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Spider Themes Spider Elements – Addons for Elementor allows Stored XSS. This issue affects Spider Elements – Addons for Elementor: from n/a through 1.6.2. | 2025-04-04 | 6.5 | CVE-2025-32182 |
| STMicroelectronics–X-CUBE-AZRT-H7RS | A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Web Component HTTP server v 1.1.0. This HTTP server implementation is contained in this file – x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c | 2025-04-02 | 6.5 | CVE-2024-50384 |
| STMicroelectronics–X-CUBE-AZRT-H7RS | A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Component HTTP Server HTTP server v 1.1.0. This HTTP server implementation is contained in this file – x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c | 2025-04-02 | 6.5 | CVE-2024-50385 |
| STMicroelectronics–X-CUBE-AZRT-H7RS | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c | 2025-04-02 | 4.3 | CVE-2024-50594 |
| STMicroelectronics–X-CUBE-AZRT-H7RS | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c | 2025-04-02 | 4.3 | CVE-2024-50595 |
| STMicroelectronics–X-CUBE-AZRT-H7RS | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c | 2025-04-02 | 4.3 | CVE-2024-50596 |
| STMicroelectronics–X-CUBE-AZRT-H7RS | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c | 2025-04-02 | 4.3 | CVE-2024-50597 |
| Stylemix–Cost Calculator Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stylemix Cost Calculator Builder allows Stored XSS. This issue affects Cost Calculator Builder: from n/a through 3.2.65. | 2025-03-31 | 6.5 | CVE-2025-31414 |
| Stylemix–MasterStudy LMS | Missing Authorization vulnerability in Stylemix MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.5.23. | 2025-04-04 | 4.3 | CVE-2025-32237 |
| Stylemix–Motors | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stylemix Motors allows Stored XSS. This issue affects Motors: from n/a through 1.4.65. | 2025-04-04 | 6.5 | CVE-2025-32170 |
| Stylemix–Pearl | Missing Authorization vulnerability in Stylemix Pearl allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pearl: from n/a through 1.3.9. | 2025-04-01 | 5.4 | CVE-2025-31881 |
| Stylemix–Pearl | Cross-Site Request Forgery (CSRF) vulnerability in Stylemix Pearl allows Cross Site Request Forgery. This issue affects Pearl: from n/a through 1.3.9. | 2025-04-01 | 4.3 | CVE-2025-31880 |
| Sultan Nasir Uddin–Team Members for Elementor Page Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Sultan Nasir Uddin Team Members for Elementor Page Builder allows Stored XSS. This issue affects Team Members for Elementor Page Builder: from n/a through 1.0.4. | 2025-04-01 | 6.5 | CVE-2025-31771 |
| supsystic–Easy Google Maps | Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps allows XML Injection. This issue affects Easy Google Maps: from n/a through 1.11.17. | 2025-04-04 | 6.6 | CVE-2025-32138 |
| Suresh Prasad–Showeblogin Social | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Suresh Prasad Showeblogin Social allows DOM-Based XSS. This issue affects Showeblogin Social: from n/a through 7.0. | 2025-04-04 | 6.5 | CVE-2025-32169 |
| SwiftXR–SwiftXR (3D/AR/VR) Viewer | Cross-Site Request Forgery (CSRF) vulnerability in SwiftXR SwiftXR (3D/AR/VR) Viewer allows Cross Site Request Forgery. This issue affects SwiftXR (3D/AR/VR) Viewer: from n/a through 1.0.7. | 2025-04-04 | 5.4 | CVE-2025-32248 |
| Syed Balkhi–Simple Post Expiration | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Syed Balkhi Simple Post Expiration allows DOM-Based XSS. This issue affects Simple Post Expiration: from n/a through 1.0.1. | 2025-04-01 | 6.5 | CVE-2025-31734 |
| Syntactics, Inc.–eaSYNC | Missing Authorization vulnerability in Syntactics, Inc. eaSYNC allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eaSYNC: from n/a through 1.3.19. | 2025-04-04 | 5.4 | CVE-2025-32219 |
| Team AtomChat–AtomChat | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Team AtomChat AtomChat allows Stored XSS. This issue affects AtomChat: from n/a through 1.1.6. | 2025-03-31 | 6.5 | CVE-2025-31532 |
| Team AtomChat–AtomChat | Missing Authorization vulnerability in Team AtomChat AtomChat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AtomChat: from n/a through 1.1.6. | 2025-04-01 | 4.3 | CVE-2025-31831 |
| Tencent Music Entertainment–SuperSonic | A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 4.7 | CVE-2025-3164 |
| Tenda–AC23 | A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 6.5 | CVE-2025-3167 |
| Tenda–FH1202 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/AdvSetWrl of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 5.3 | CVE-2025-2989 |
| Tenda–FH1202 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 5.3 | CVE-2025-2990 |
| Tenda–FH1202 | A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an unknown function of the file /goform/AdvSetWrlmacfilter of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 5.3 | CVE-2025-2991 |
| Tenda–FH1202 | A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is an unknown functionality of the file /goform/AdvSetWrlsafeset of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 5.3 | CVE-2025-2992 |
| Tenda–FH1202 | A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 5.3 | CVE-2025-2993 |
| Tenda–FH1202 | A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 5.3 | CVE-2025-2994 |
| Tenda–FH1202 | A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 5.3 | CVE-2025-2995 |
| Tenda–FH1202 | A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 5.3 | CVE-2025-2996 |
| Tenda–FH1202 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 5.3 | CVE-2025-3236 |
| Tenda–FH1202 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 5.3 | CVE-2025-3237 |
| Tenda–W18E | A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 4.3 | CVE-2025-3203 |
| termel–Bulk Fields Editor | Missing Authorization vulnerability in termel Bulk Fields Editor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Fields Editor: from n/a through 1.8.0. | 2025-04-01 | 4.3 | CVE-2025-31752 |
| TheInnovs Team–ElementsCSS Addons for Elementor | Server-Side Request Forgery (SSRF) vulnerability in TheInnovs Team ElementsCSS Addons for Elementor allows Server Side Request Forgery. This issue affects ElementsCSS Addons for Elementor: from n/a through 1.0.8.7. | 2025-04-01 | 5.4 | CVE-2025-31796 |
| theluckywp–LuckyWP Table of Contents | The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to missing or incorrect nonce validation on the ‘ajaxEdit’ function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-04-03 | 6.1 | CVE-2025-2299 |
| themefusion–Avada (Fusion) Builder | The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin’s shortcodes in all versions up to, and including, 3.11.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-01 | 6.4 | CVE-2025-1665 |
| themeglow–JobBoard Job listing | Missing Authorization vulnerability in themeglow JobBoard Job listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBoard Job listing: from n/a through 1.2.7. | 2025-04-01 | 5.3 | CVE-2025-31834 |
| themeglow–JobBoard Job listing | Authorization Bypass Through User-Controlled Key vulnerability in themeglow JobBoard Job listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBoard Job listing: from n/a through 1.2.7. | 2025-04-01 | 4.9 | CVE-2025-31833 |
| Themeix–Churel | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeix Churel allows DOM-Based XSS.This issue affects Churel: from n/a through 1.0.8. | 2025-03-31 | 6.5 | CVE-2025-31419 |
| themelooks–mFolio Lite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in themelooks mFolio Lite allows DOM-Based XSS. This issue affects mFolio Lite: from n/a through 1.2.2. | 2025-04-01 | 6.5 | CVE-2025-31847 |
| themeqx–GDPR Cookie Notice | Missing Authorization vulnerability in themeqx GDPR Cookie Notice allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR Cookie Notice: from n/a through 1.2.0. | 2025-04-01 | 5.3 | CVE-2025-31765 |
| Themesflat–Themesflat Addons For Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS. This issue affects Themesflat Addons For Elementor: from n/a through 2.2.5. | 2025-03-31 | 6.5 | CVE-2025-31567 |
| Themeum–WP Crowdfunding | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeum WP Crowdfunding allows Stored XSS. This issue affects WP Crowdfunding: from n/a through 2.1.13. | 2025-04-01 | 6.5 | CVE-2025-31892 |
| Think201–Clients | Missing Authorization vulnerability in Think201 Clients allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clients: from n/a through 1.1.4. | 2025-04-03 | 6.4 | CVE-2025-31746 |
| thom4–WP-LESS | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in thom4 WP-LESS allows Retrieve Embedded Sensitive Data. This issue affects WP-LESS: from 1.9.3 through 3. | 2025-04-01 | 5.8 | CVE-2025-31550 |
| thu-pacman–chitu | A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckpt_path/quant_ckpt_dir leads to deserialization. An attack has to be approached locally. | 2025-04-03 | 5.3 | CVE-2025-3165 |
| Tim Nguyen–1-Click Backup & Restore Database | Missing Authorization vulnerability in Tim Nguyen 1-Click Backup & Restore Database allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 1-Click Backup & Restore Database: from n/a through 1.0.3. | 2025-04-04 | 5.4 | CVE-2025-32246 |
| tinuzz–Trackserver | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in tinuzz Trackserver allows DOM-Based XSS.This issue affects Trackserver: from n/a through 5.0.3. | 2025-03-31 | 6.5 | CVE-2025-30961 |
| TOBYINK–Mite | Mite for Perl before 0.013000 generates code with the current working directory (‘.’) added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite. | 2025-04-01 | 6.5 | CVE-2025-30672 |
| TOBYINK–Sub::HandlesVia | Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory (‘.’) to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672 | 2025-04-01 | 6.5 | CVE-2025-30673 |
| Tockify–Tockify Events Calendar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tockify Tockify Events Calendar allows DOM-Based XSS. This issue affects Tockify Events Calendar: from n/a through 2.2.13. | 2025-04-04 | 6.5 | CVE-2025-32174 |
| Tomas–BuddyPress Members Only | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tomas BuddyPress Members Only allows Stored XSS. This issue affects BuddyPress Members Only: from n/a through 3.5.3. | 2025-04-01 | 6.5 | CVE-2025-31812 |
| TOTOLINK–A6000R | A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3249 |
| trainingbusinesspros–WordPress CRM, Email & Marketing Automation for WordPress | Award Winner Groundhogg | The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label’ parameter in versions up to, and including, 3.7.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-04-01 | 5.5 | CVE-2025-1267 |
| Travis–Simple Icons | Missing Authorization vulnerability in Travis Simple Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Icons: from n/a through 2.8.4. | 2025-04-01 | 5.3 | CVE-2025-31786 |
| Turbo Addons–Turbo Addons for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Turbo Addons Turbo Addons for Elementor allows DOM-Based XSS. This issue affects Turbo Addons for Elementor: from n/a through 1.7.1. | 2025-04-04 | 6.5 | CVE-2025-32186 |
| turitop–TuriTop Booking System | Missing Authorization vulnerability in turitop TuriTop Booking System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TuriTop Booking System: from n/a through 1.0.10. | 2025-04-03 | 6.5 | CVE-2025-31541 |
| tuyennv–TZ PlusGallery | Cross-Site Request Forgery (CSRF) vulnerability in tuyennv TZ PlusGallery allows Cross Site Request Forgery. This issue affects TZ PlusGallery: from n/a through 1.5.5. | 2025-04-01 | 4.3 | CVE-2025-31756 |
| Twice Commerce–Twice Commerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Twice Commerce Twice Commerce allows DOM-Based XSS. This issue affects Twice Commerce: from n/a through 1.3.1. | 2025-03-31 | 6.5 | CVE-2025-31543 |
| ulshamim–Video Url | The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-04-02 | 6.1 | CVE-2025-3098 |
| UltraPress–Ultra Addons Lite for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in UltraPress Ultra Addons Lite for Elementor allows Stored XSS. This issue affects Ultra Addons Lite for Elementor: from n/a through 1.1.8. | 2025-04-04 | 6.5 | CVE-2025-32192 |
| unitecms–Unlimited Elements For Elementor | The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-03 | 6.4 | CVE-2025-1663 |
| Unknown–Gutentor | The Gutentor WordPress plugin before 3.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | 2025-04-01 | 4.1 | CVE-2025-1986 |
| Unknown–Lana Downloads Manager | The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server | 2025-04-01 | 4.1 | CVE-2025-2048 |
| Unknown–MapPress Maps for WordPress | The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. | 2025-04-03 | 6.8 | CVE-2025-2055 |
| Unknown–Maps | The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-04-04 | 5.9 | CVE-2025-2279 |
| Unknown–Photo Gallery by 10Web | The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed | 2025-03-31 | 6.1 | CVE-2025-0613 |
| Uriahs Victor–Printus | Missing Authorization vulnerability in Uriahs Victor Printus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printus: from n/a through 1.2.6. | 2025-04-01 | 4.3 | CVE-2025-31830 |
| uSystems–Webling | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in uSystems Webling allows Stored XSS. This issue affects Webling: from n/a through 3.9.0. | 2025-04-01 | 5.9 | CVE-2025-31806 |
| Utkarsh Kukreti–Advanced Typekit | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Utkarsh Kukreti Advanced Typekit allows Stored XSS. This issue affects Advanced Typekit: from n/a through 1.0.1. | 2025-04-03 | 6.5 | CVE-2025-31622 |
| v20202020–Multi Days Events and Multi Events in One Day Calendar | Cross-Site Request Forgery (CSRF) vulnerability in v20202020 Multi Days Events and Multi Events in One Day Calendar allows Cross Site Request Forgery. This issue affects Multi Days Events and Multi Events in One Day Calendar: from n/a through 1.1.3. | 2025-03-31 | 4.3 | CVE-2025-31572 |
| Vasilis Triantafyllou–Flag Icons | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vasilis Triantafyllou Flag Icons allows Stored XSS. This issue affects Flag Icons: from n/a through 2.2. | 2025-03-31 | 5.9 | CVE-2025-31575 |
| vcita–Online Booking & Scheduling Calendar for WordPress by vcita | Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Retrieve Embedded Sensitive Data. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.2. | 2025-04-04 | 4.3 | CVE-2025-32238 |
| Vektor,Inc.–VK Filter Search | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vektor,Inc. VK Filter Search allows Stored XSS. This issue affects VK Filter Search: from n/a through 2.14.1.0. | 2025-04-04 | 6.5 | CVE-2025-32175 |
| viralloops–Viral Loops WP Integration | Insertion of Sensitive Information Into Sent Data vulnerability in viralloops Viral Loops WP Integration allows Retrieve Embedded Sensitive Data. This issue affects Viral Loops WP Integration: from n/a through 3.4.0. | 2025-04-01 | 5.3 | CVE-2025-31842 |
| vitejs–vite | Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using –host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11. | 2025-03-31 | 5.3 | CVE-2025-31125 |
| vitejs–vite | Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest: script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than build.assetsInlineLimit (default: 4kB) and when using Vite 6.0+. Only apps explicitly exposing the Vite dev server to the network (using –host or server.host config option) are affected. This vulnerability is fixed in 4.5.12, 5.4.17, 6.0.14, 6.1.4, and 6.2.5. | 2025-04-03 | 5.3 | CVE-2025-31486 |
| vlad.olaru–Fonto | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in vlad.olaru Fonto allows Path Traversal. This issue affects Fonto: from n/a through 1.2.2. | 2025-04-03 | 4.9 | CVE-2025-31827 |
| wcmp–MultiVendorX Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace Build the Next Amazon, eBay, Etsy | The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19. This makes it possible for unauthenticated attackers to delete Table Rates that can impact the shipping cost calculations. | 2025-04-05 | 5.3 | CVE-2025-2789 |
| Web Ready Now–WR Price List Manager For Woocommerce | Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WR Price List Manager For Woocommerce: from n/a through 1.0.8. | 2025-04-03 | 5.4 | CVE-2025-31794 |
| webangon–News Element Elementor Blog Magazine | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in webangon News Element Elementor Blog Magazine allows DOM-Based XSS. This issue affects News Element Elementor Blog Magazine: from n/a through 1.0.7. | 2025-04-04 | 6.5 | CVE-2025-32191 |
| webdevstudios–Automatic Featured Images from Videos | Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Automatic Featured Images from Videos: from n/a through 1.2.4. | 2025-04-01 | 4.3 | CVE-2025-31820 |
| WeblineIndia–Welcome Popup | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WeblineIndia Welcome Popup allows Stored XSS. This issue affects Welcome Popup: from n/a through 1.0.10. | 2025-03-31 | 5.9 | CVE-2025-31605 |
| WebProtect.ai–Astra Security Suite | Missing Authorization vulnerability in WebProtect.ai Astra Security Suite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Astra Security Suite: from n/a through 0.2. | 2025-04-01 | 5.3 | CVE-2025-31774 |
| Website366.com–WPSHARE247 Elementor Addons | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Website366.com WPSHARE247 Elementor Addons allows Stored XSS. This issue affects WPSHARE247 Elementor Addons: from n/a through 2.1. | 2025-04-01 | 6.5 | CVE-2025-31813 |
| weDevs–WP Project Manager | Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager allows Cross Site Request Forgery. This issue affects WP Project Manager: from n/a through 2.6.22. | 2025-04-04 | 4.3 | CVE-2025-32280 |
| Wilson–OpenAI Tools for WordPress & WooCommerce | Missing Authorization vulnerability in Wilson OpenAI Tools for WordPress & WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OpenAI Tools for WordPress & WooCommerce: from n/a through 2.1.5. | 2025-04-01 | 4.3 | CVE-2025-31843 |
| WofficeIO–Woffice Core | The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incorrect nonce validation on the ‘woffice_handle_user_approval_actions’ function. This makes it possible for unauthenticated attackers to approve registration for any user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-04-04 | 5.4 | CVE-2025-2797 |
| wokamoto–StaticPress | Missing Authorization vulnerability in wokamoto StaticPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects StaticPress: from n/a through 0.4.5. | 2025-03-31 | 4.3 | CVE-2025-31528 |
| Wombat Plugins–WP Optin Wheel | Server-Side Request Forgery (SSRF) vulnerability in Wombat Plugins WP Optin Wheel allows Server Side Request Forgery. This issue affects WP Optin Wheel: from n/a through 1.4.7. | 2025-04-01 | 5.4 | CVE-2025-31824 |
| WP Chill–Revive.so Bulk Rewrite and Republish Blog Posts | Missing Authorization vulnerability in WP Chill Revive.so – Bulk Rewrite and Republish Blog Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Revive.so – Bulk Rewrite and Republish Blog Posts: from n/a through 2.0.3. | 2025-04-04 | 4.3 | CVE-2025-32233 |
| WP CMS Ninja–Norse Rune Oracle Plugin | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP CMS Ninja Norse Rune Oracle Plugin allows Stored XSS. This issue affects Norse Rune Oracle Plugin: from n/a through 1.4.3. | 2025-04-01 | 6.5 | CVE-2025-31884 |
| WP Codeus–WP Proposals | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Codeus WP Proposals allows Stored XSS. This issue affects WP Proposals: from n/a through 2.3. | 2025-04-01 | 5.9 | CVE-2025-31837 |
| WP Event Manager–WP Event Manager | Missing Authorization vulnerability in WP Event Manager WP Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Event Manager: from n/a through 3.1.47. | 2025-04-04 | 5.3 | CVE-2025-32225 |
| WP Messiah–Ai Image Alt Text Generator for WP | Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8. | 2025-04-04 | 5.4 | CVE-2025-32217 |
| WP Messiah–Safe Ai Malware Protection for WP | Missing Authorization vulnerability in WP Messiah Safe Ai Malware Protection for WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Safe Ai Malware Protection for WP: from n/a through 1.0.20. | 2025-03-31 | 5.4 | CVE-2025-31545 |
| WP Messiah–Swiss Toolkit For WP | Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Swiss Toolkit For WP: from n/a through 1.3.0. | 2025-03-31 | 4.3 | CVE-2025-31544 |
| WP Messiah–Swiss Toolkit For WP | Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Swiss Toolkit For WP: from n/a through 1.3.0. | 2025-03-31 | 4.3 | CVE-2025-31546 |
| WP Messiah–WP Mobile Bottom Menu | Missing Authorization vulnerability in WP Messiah WP Mobile Bottom Menu allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Mobile Bottom Menu: from n/a through 1.2.9. | 2025-04-01 | 4.3 | CVE-2025-31525 |
| wp-buy–404 Image Redirection (Replace Broken Images) | Cross-Site Request Forgery (CSRF) vulnerability in wp-buy 404 Image Redirection (Replace Broken Images) allows Cross Site Request Forgery. This issue affects 404 Image Redirection (Replace Broken Images): from n/a through 1.4. | 2025-04-04 | 4.3 | CVE-2025-32266 |
| WPBean–Our Team Members | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPBean Our Team Members. This issue affects Our Team Members: from n/a through 2.2. | 2025-04-01 | 4.3 | CVE-2025-30802 |
| wpchill–Modula Image Gallery | The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s bundled FancyBox JavaScript library (versions <= 5.0.36) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-03 | 6.4 | CVE-2024-9416 |
| wpdiscover–Timeline Event History | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpdiscover Timeline Event History allows Stored XSS. This issue affects Timeline Event History: from n/a through 3.2. | 2025-03-31 | 6.5 | CVE-2025-31595 |
| WPeka–WP AdCenter | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPeka WP AdCenter allows Stored XSS. This issue affects WP AdCenter: from n/a through 2.5.9. | 2025-04-01 | 6.5 | CVE-2025-31860 |
| WPelite–HMH Footer Builder For Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPelite HMH Footer Builder For Elementor allows Stored XSS. This issue affects HMH Footer Builder For Elementor: from n/a through 1.0. | 2025-04-01 | 6.5 | CVE-2025-31749 |
| WPExperts.io–WP Multistore Locator | Cross-Site Request Forgery (CSRF) vulnerability in WPExperts.io WP Multistore Locator allows Cross Site Request Forgery. This issue affects WP Multistore Locator: from n/a through 2.5.2. | 2025-04-01 | 4.3 | CVE-2025-31888 |
| WPFactory–Quantity Dynamic Pricing & Bulk Discounts for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Quantity Dynamic Pricing & Bulk Discounts for WooCommerce allows Stored XSS. This issue affects Quantity Dynamic Pricing & Bulk Discounts for WooCommerce: from n/a through 4.0.0. | 2025-03-31 | 6.5 | CVE-2025-31598 |
| WPFactory–WordPress Adverts Plugin | Missing Authorization vulnerability in WPFactory WordPress Adverts Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Adverts Plugin: from n/a through 1.4. | 2025-04-01 | 5.3 | CVE-2025-31848 |
| WPMinds–Simple WP Events | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPMinds Simple WP Events allows Stored XSS. This issue affects Simple WP Events: from n/a through 1.8.17. | 2025-04-04 | 6.5 | CVE-2025-32193 |
| wpopal–Opal Portfolio | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpopal Opal Portfolio allows Stored XSS. This issue affects Opal Portfolio: from n/a through 1.0.4. | 2025-04-01 | 6.5 | CVE-2025-31748 |
| wpoperations–WPoperation Elementor Addons | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpoperations WPoperation Elementor Addons allows Stored XSS. This issue affects WPoperation Elementor Addons: from n/a through 1.1.9. | 2025-04-01 | 6.5 | CVE-2025-31823 |
| WPOrbit Support–Perfect Font Awesome Integration | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPOrbit Support Perfect Font Awesome Integration allows Stored XSS. This issue affects Perfect Font Awesome Integration: from n/a through 2.2. | 2025-04-01 | 6.5 | CVE-2025-31861 |
| wprio–Table Block by RioVizual | Cross-Site Request Forgery (CSRF) vulnerability in wprio Table Block by RioVizual allows Cross Site Request Forgery. This issue affects Table Block by RioVizual: from n/a through 2.1.7. | 2025-04-04 | 4.3 | CVE-2025-32278 |
| wpszaki–Lightweight and Responsive Youtube Embed | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpszaki Lightweight and Responsive Youtube Embed allows Stored XSS. This issue affects Lightweight and Responsive Youtube Embed: from n/a through 1.0.0. | 2025-04-01 | 6.5 | CVE-2025-31743 |
| wpszaki–Lightweight and Responsive Youtube Embed | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpszaki Lightweight and Responsive Youtube Embed allows Stored XSS. This issue affects Lightweight and Responsive Youtube Embed: from n/a through 1.0.0. | 2025-04-01 | 6.5 | CVE-2025-31744 |
| wpWax–Directorist AddonsKit for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpWax Directorist AddonsKit for Elementor allows Stored XSS. This issue affects Directorist AddonsKit for Elementor: from n/a through 1.1.6. | 2025-04-01 | 6.5 | CVE-2025-31857 |
| WPWebinarSystem–WebinarPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPWebinarSystem WebinarPress allows Stored XSS. This issue affects WebinarPress: from n/a through 1.33.27. | 2025-04-01 | 5.9 | CVE-2025-31883 |
| WPWebinarSystem–WebinarPress | Missing Authorization vulnerability in WPWebinarSystem WebinarPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WebinarPress: from n/a through 1.33.27. | 2025-04-01 | 4.3 | CVE-2025-31882 |
| WPWheels–BlockWheels | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPWheels BlockWheels allows DOM-Based XSS. This issue affects BlockWheels: from n/a through 1.0.1. | 2025-04-01 | 6.5 | CVE-2025-31817 |
| wpzinc–Post to Social Media WordPress to Hootsuite | Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media – WordPress to Hootsuite allows Cross Site Request Forgery. This issue affects Post to Social Media – WordPress to Hootsuite: from n/a through 1.5.8. | 2025-04-04 | 4.3 | CVE-2025-32267 |
| www.15.to–QR Code Tag for WC | Cross-Site Request Forgery (CSRF) vulnerability in www.15.to QR Code Tag for WC allows Cross Site Request Forgery. This issue affects QR Code Tag for WC: from n/a through 1.9.36. | 2025-04-04 | 4.3 | CVE-2025-32268 |
| Xorcom–CompletePBX | Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35 | 2025-03-31 | 6.7 | CVE-2025-30005 |
| Xorcom–CompletePBX | Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35 | 2025-03-31 | 6.1 | CVE-2025-30006 |
| Xorcom–CompletePBX | Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35. | 2025-03-31 | 4.9 | CVE-2025-2292 |
| Xpro–Xpro Elementor Addons | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Xpro Xpro Elementor Addons allows Stored XSS. This issue affects Xpro Elementor Addons: from n/a through 1.4.9. | 2025-04-04 | 6.5 | CVE-2025-32163 |
| Xpro–Xpro Theme Builder | Missing Authorization vulnerability in Xpro Xpro Theme Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Xpro Theme Builder: from n/a through 1.2.8.3. | 2025-04-04 | 4.3 | CVE-2025-32201 |
| xtreeme–Planyo online reservation system | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in xtreeme Planyo online reservation system allows Stored XSS. This issue affects Planyo online reservation system: from n/a through 3.0. | 2025-04-01 | 6.5 | CVE-2025-31811 |
| xujiangfei–admintwo | A vulnerability was found in xujiangfei admintwo 1.0. It has been classified as critical. Affected is an unknown function of the file /resource/add. The manipulation of the argument description leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3254 |
| xujiangfei–admintwo | A vulnerability was found in xujiangfei admintwo 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/updateSet. The manipulation of the argument email leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3256 |
| xujiangfei–admintwo | A vulnerability was found in xujiangfei admintwo 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /user/home. The manipulation of the argument ID leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 4.3 | CVE-2025-3255 |
| xujiangfei–admintwo | A vulnerability classified as problematic has been found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 4.3 | CVE-2025-3257 |
| yazamodeveloper–LeadQuizzes | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in yazamodeveloper LeadQuizzes allows Stored XSS. This issue affects LeadQuizzes: from n/a through 1.1.0. | 2025-04-01 | 6.5 | CVE-2025-31738 |
| Yuri Baranov–YaMaps for WordPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS. This issue affects YaMaps for WordPress: from n/a through 0.6.31. | 2025-04-04 | 6.5 | CVE-2025-32172 |
| yzk2356911358–StudentServlet-JSP | A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | 2025-03-31 | 4.3 | CVE-2025-3037 |
| Zammad–Zammad | In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for. | 2025-04-05 | 4.3 | CVE-2025-32357 |
| Zammad–Zammad | In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This could be abused by an attacker to cause GET requests for example in the local network. | 2025-04-05 | 4 | CVE-2025-32358 |
| Zammad–Zammad | In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not when using the API directly. | 2025-04-05 | 4.8 | CVE-2025-32359 |
| Zammad–Zammad | In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information, and also to manipulate them via API. | 2025-04-05 | 4.2 | CVE-2025-32360 |
| Zend–ZendTo | A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt. | 2025-04-05 | 4.8 | CVE-2025-32352 |
| zhangyanbo2007–youkefu | A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been classified as critical. Affected is an unknown function of the file /res/url. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 6.3 | CVE-2025-2997 |
| zhangyanbo2007–youkefu | A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the argument routercontent leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 6.3 | CVE-2025-3241 |
| zitadel–zitadel | Zitadel is open-source identity infrastructure software. ZITADEL administrators can enable a setting called “Ignoring unknown usernames” which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn’t exist and report “Username or Password invalid”. While the setting was correctly respected during the login flow, the user’s username was normalized leading to a disclosure of the user’s existence. This vulnerability is fixed in 2.71.6, 2.70.8, 2.69.9, 2.68.9, 2.67.13, 2.66.16, 2.65.7, 2.64.6, and 2.63.9. | 2025-03-31 | 5.3 | CVE-2025-31124 |
| Zoho Flow–Zoho Flow | Missing Authorization vulnerability in Zoho Flow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho Flow: from n/a through 2.13.3. | 2025-04-01 | 4.3 | CVE-2025-31408 |
| zookatron–MyBookProgress by Stormhill Media | Missing Authorization vulnerability in zookatron MyBookProgress by Stormhill Media allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyBookProgress by Stormhill Media: from n/a through 1.0.8. | 2025-04-01 | 4.3 | CVE-2025-31887 |
| ZoomIt–ZoomSounds – WordPress Wave Audio Player with Playlist | The ZoomSounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 6.91 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-04-05 | 6.4 | CVE-2025-0839 |
Low Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| apple — ipados | This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen. | 2025-03-31 | 2.4 | CVE-2025-30469 |
| apple — macos | The issue was addressed with improved handling of protocols. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An attacker in a privileged network position can track a user’s activity. | 2025-03-31 | 2.7 | CVE-2024-40864 |
| Apple–iOS and iPadOS | This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos. | 2025-03-31 | 2.4 | CVE-2025-24193 |
| caipeichao–ThinkOX | A vulnerability classified as problematic has been found in caipeichao ThinkOX 1.0. This affects an unknown part of the file /ThinkOX-master/index.php?s=/Weibo/Index/search.html of the component Search. The manipulation of the argument keywords leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 3.5 | CVE-2025-3152 |
| CodeCanyon–Perfex CRM | A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contract of the component Contracts. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 3.5 | CVE-2025-2974 |
| CodeCanyon–Perfex CRM | A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /perfex/clients/project/2 of the component Project Discussions Module. The manipulation of the argument description leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 3.5 | CVE-2025-3219 |
| codeprojects–Product Management System | A vulnerability was found in codeprojects Product Management System 1.0 and classified as problematic. This issue affects some unknown processing of the component Login. The manipulation of the argument Str1 leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 3.3 | CVE-2025-3148 |
| ConnMan–ConnMan | In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and memcpy(response+offset,*end,*rdlen). | 2025-04-05 | 3.7 | CVE-2025-32366 |
| GFI–KerioConnect | A vulnerability was found in GFI KerioConnect 10.0.6 and classified as problematic. This issue affects some unknown processing of the file Settings/Email/Signature/EditHtmlSource of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-31 | 3.5 | CVE-2025-2975 |
| GFI–KerioConnect | A vulnerability was found in GFI KerioConnect 10.0.6. It has been classified as problematic. Affected is an unknown function of the component File Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-31 | 3.5 | CVE-2025-2976 |
| GFI–KerioConnect | A vulnerability was found in GFI KerioConnect 10.0.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-31 | 3.5 | CVE-2025-2977 |
| GNU–Binutils | A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue. | 2025-04-04 | 3.3 | CVE-2025-3198 |
| HCL Software–HCL Connections | HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | 2025-04-04 | 3.5 | CVE-2024-42208 |
| Intelbras–WRN 150 | A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. It has been rated as problematic. This issue affects some unknown processing of the component Wireless Menu. The manipulation of the argument SSID leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor was contacted early about this issue and explains that the latest version is not affected. | 2025-04-03 | 2.4 | CVE-2025-3157 |
| itning–Student Homework Management System | A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shw_war/fileupload of the component Edit Job Page. The manipulation of the argument Course leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-04-03 | 2.4 | CVE-2025-3149 |
| JetBrains–IntelliJ IDEA | In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file | 2025-04-03 | 3.3 | CVE-2025-32054 |
| Khronos Group–glslang | A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file glslang/MachineIndependent/Intermediate.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 3.3 | CVE-2025-3010 |
| Legrand–SMS PowerView | A vulnerability classified as problematic was found in Legrand SMS PowerView 1.x. This vulnerability affects unknown code. The manipulation of the argument redirect leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-31 | 3.5 | CVE-2025-2980 |
| Legrand–SMS PowerView | A vulnerability, which was classified as problematic, has been found in Legrand SMS PowerView 1.x. This issue affects some unknown processing. The manipulation of the argument redirect leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-31 | 3.5 | CVE-2025-2981 |
| MongoDB Inc–MongoDB Server | A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4. | 2025-04-01 | 3.1 | CVE-2025-3082 |
| n/a–ConcreteCMS | A vulnerability classified as problematic was found in ConcreteCMS up to 9.3.9. Affected by this vulnerability is an unknown functionality of the component List Block Handler. The manipulation of the argument Name/Description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-31 | 3.5 | CVE-2025-2971 |
| n/a–MindSpore | A vulnerability classified as problematic was found in MindSpore 2.5.0. Affected by this vulnerability is the function mindspore.numpy.fft.hfftn. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 3.3 | CVE-2025-3144 |
| n/a–MindSpore | A vulnerability, which was classified as problematic, has been found in MindSpore 2.5.0. Affected by this issue is the function mindspore.numpy.fft.rfft2. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 3.3 | CVE-2025-3145 |
| n/a–PyTorch | A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | 2025-04-02 | 3.3 | CVE-2025-3121 |
| n/a–PyTorch | A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | 2025-04-03 | 3.3 | CVE-2025-3136 |
| n/a–WCMS | A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-03-31 | 2.4 | CVE-2025-2979 |
| Open Asset Import Library–Assimp | A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as a0993658f40d8e13ff5823990c30b43c82a5daf0. It is recommended to apply a patch to fix this issue. | 2025-04-03 | 3.3 | CVE-2025-3160 |
| Sayski–ForestBlog | A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 3.5 | CVE-2025-3004 |
| Sayski–ForestBlog | A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this issue is some unknown functionality of the component Friend Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-03-31 | 3.5 | CVE-2025-3005 |
| SourceCodester–Online Eyewear Shop | A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_product. The manipulation of the argument brand leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-04-05 | 3.5 | CVE-2025-3297 |
| WebAssembly–wabt | A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | 2025-04-02 | 3.1 | CVE-2025-3122 |
| xujiangfei–admintwo | A vulnerability, which was classified as problematic, was found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation of the argument motto leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 3.5 | CVE-2025-3251 |
| xujiangfei–admintwo | A vulnerability has been found in xujiangfei admintwo 1.0 and classified as problematic. This vulnerability affects unknown code of the file /resource/add. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 3.5 | CVE-2025-3252 |
| xujiangfei–admintwo | A vulnerability was found in xujiangfei admintwo 1.0 and classified as problematic. This issue affects some unknown processing of the file /ztree/insertTree. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-04-04 | 3.5 | CVE-2025-3253 |
| Yubico–YubiKey | Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification. | 2025-04-03 | 2.2 | CVE-2025-29991 |
| yzk2356911358–StudentServlet-JSP | A vulnerability, which was classified as problematic, was found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991. This affects an unknown part of the component Student Management Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | 2025-03-31 | 2.4 | CVE-2025-3036 |
| zulip–zulip | Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1. | 2025-03-31 | 2.7 | CVE-2025-30368 |
| zulip–zulip | Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete custom profile fields belonging to a different organization. This is fixed in Zulip Server 10.1. | 2025-03-31 | 2.7 | CVE-2025-30369 |
Severity Not Yet Assigned
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Apache Software Foundation–Apache ActiveMQ Artemis | A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn’t have the createAddress permission for that particular address. When combined with the send permission and automatic queue creation a user could successfully send a message with a routing-type not supported by the address when that message should actually be rejected on the basis that the user doesn’t have permission to change the routing-type of the address. This issue affects Apache ActiveMQ Artemis from 2.0.0 through 2.39.0. Users are recommended to upgrade to version 2.40.0 which fixes the issue. | 2025-04-01 | not yet calculated | CVE-2025-27427 |
| Apache Software Foundation–Apache Parquet Java | Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue. | 2025-04-01 | not yet calculated | CVE-2025-30065 |
| Apache Software Foundation–Apache Pinot | Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H “Content-Type: application/json” -d {\”username\”:\”hack2\”,\”password\”:\”hack\”,\”component\”:\”CONTROLLER\”,\”role\”:\”ADMIN\”,\”tables\”:[],\”permissions\”:[],\”usernameWithComponent\”:\”hack_CONTROLLER\”} http://{server_ip}:9000/users Return: {“code”:401,”error”:”HTTP 401 Unauthorized”} Malicious Request and Response Example curl -X POST -H “Content-Type: application/json” -d ‘{\”username\”:\”hack\”,\”password\”:\”hack\”,\”component\”:\”CONTROLLER\”,\”role\”:\”ADMIN\”,\”tables\”:[],\”permissions\”:[],\”usernameWithComponent\”:\”hack_CONTROLLER\”}’ http://{serverip}:9000/users; http://{serverip}:9000/users; . Return: {“users”:{}} A new user gets added bypassing authentication, enabling the user to control Pinot. | 2025-04-01 | not yet calculated | CVE-2024-56325 |
| Apache Software Foundation–Apache Traffic Server | Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue. | 2025-04-03 | not yet calculated | CVE-2024-53868 |
| Apple–iOS and iPadOS | This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network. | 2025-03-31 | not yet calculated | CVE-2025-31184 |
| Apple–macOS | A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to bypass Privacy preferences. | 2025-03-31 | not yet calculated | CVE-2025-31188 |
| appleple inc.–a-blog cms (Ver.3.1.x series) | Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server. | 2025-03-31 | not yet calculated | CVE-2025-31103 |
| arduino–arduino-ide | Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting (XSS) vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the Preferences -> Settings section of the Arduino IDE interface. In the vulnerable versions, any values entered in this field are directly displayed to the user through a notification tooltip object, without a proper output encoding routine, due to the underlying ElectronJS engine interpretation. This vulnerability exposes the input parameter to Self-XSS attacks, which may lead to security risks depending on where the malicious payload is injected. This vulnerability is fixed in 2.3.5. | 2025-04-02 | not yet calculated | CVE-2025-27608 |
| Bitdefender–GravityZone Console | A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1. | 2025-04-04 | not yet calculated | CVE-2025-2243 |
| Bitdefender–GravityZone Console | A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write, and gain arbitrary command execution on the host system. | 2025-04-04 | not yet calculated | CVE-2025-2244 |
| Bitdefender–GravityZone Update Server | A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems. | 2025-04-04 | not yet calculated | CVE-2025-2245 |
| Black Duck–Coverity | Coverity versions prior to 2024.9.0 are vulnerable to stored cross-site scripting (XSS) in various administrative interfaces. The impact of exploitation may result in the compromise of local accounts managed by the Coverity platform as well as other standard impacts resulting from cross-site scripting. | 2025-03-31 | not yet calculated | CVE-2024-12021 |
| Century Systems Co., Ltd.–FutureNet NXR-1420 | UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files. | 2025-04-03 | not yet calculated | CVE-2025-30485 |
| Concrete CMS–Concrete CMS | Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified. Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable. The fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be “live” if there were successful exploits added under previous versions; a database search is recommended. The Concrete CMS security team gave this vulnerability CVSS v.4.0 score of 5.1 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Thanks Myq Larson for reporting. | 2025-04-03 | not yet calculated | CVE-2025-3153 |
| conda-forge–infrastructure | conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure’s cf-staging access. This bug meant that any feedstock maintainer could upload a package to the conda-forge channel, bypassing our feedstock-token + upload process. The security logs on anaconda.org were check for any packages that were not copied from the cf-staging to the conda-forge channel and none were found. | 2025-04-02 | not yet calculated | CVE-2025-31484 |
| DoWISP–DoWISP | Stored Cross-Site Scripting (XSS) in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it. | 2025-04-04 | not yet calculated | CVE-2025-3189 |
| Drupal–Access code | Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4. | 2025-04-02 | not yet calculated | CVE-2025-3129 |
| Drupal–AI (Artificial Intelligence) | Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2. | 2025-03-31 | not yet calculated | CVE-2025-31677 |
| Drupal–AI (Artificial Intelligence) | Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3. | 2025-03-31 | not yet calculated | CVE-2025-31678 |
| Drupal–Authenticator Login | Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6. | 2025-03-31 | not yet calculated | CVE-2025-31681 |
| Drupal–Cache Utility | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.This issue affects Cache Utility: from 0.0.0 before 1.2.1. | 2025-03-31 | not yet calculated | CVE-2025-31690 |
| Drupal–Configuration Split | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuration Split allows Cross Site Request Forgery.This issue affects Configuration Split: from 0.0.0 before 1.10.0, from 2.0.0 before 2.0.2. | 2025-03-31 | not yet calculated | CVE-2025-31688 |
| Drupal–Drupal core | Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. | 2025-03-31 | not yet calculated | CVE-2025-31673 |
| Drupal–Drupal core | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5. | 2025-03-31 | not yet calculated | CVE-2025-31675 |
| Drupal–Email TFA | Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3. | 2025-03-31 | not yet calculated | CVE-2025-31676 |
| Drupal–Flattern Multipurpose Bootstrap Business Profile | Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile: *.*. | 2025-03-31 | not yet calculated | CVE-2025-3060 |
| Drupal–Formatter Suite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Formatter Suite allows Cross-Site Scripting (XSS).This issue affects Formatter Suite: from 0.0.0 before 2.1.0. | 2025-03-31 | not yet calculated | CVE-2025-31697 |
| Drupal–General Data Protection Regulation | Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2. | 2025-03-31 | not yet calculated | CVE-2025-31689 |
| Drupal–Google Tag | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Google Tag allows Cross-Site Scripting (XSS).This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8. | 2025-03-31 | not yet calculated | CVE-2025-31682 |
| Drupal–Google Tag | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8. | 2025-03-31 | not yet calculated | CVE-2025-31683 |
| Drupal–Ignition Error Pages | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Ignition Error Pages allows Cross-Site Scripting (XSS).This issue affects Ignition Error Pages: from 0.0.0 before 1.0.4. | 2025-03-31 | not yet calculated | CVE-2025-31679 |
| Drupal–Link field display mode formatter | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting (XSS).This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0. | 2025-03-31 | not yet calculated | CVE-2025-31695 |
| Drupal–Matomo Analytics | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from 0.0.0 before 1.24.0. | 2025-03-31 | not yet calculated | CVE-2025-31680 |
| Drupal–OAuth2 Client | Cross-Site Request Forgery (CSRF) vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.This issue affects OAuth2 Client: from 0.0.0 before 4.1.3. | 2025-03-31 | not yet calculated | CVE-2025-31684 |
| Drupal–OAuth2 Server | Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0. | 2025-03-31 | not yet calculated | CVE-2025-31691 |
| Drupal–Open Social | Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10. | 2025-03-31 | not yet calculated | CVE-2025-31685 |
| Drupal–Open Social | Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10. | 2025-03-31 | not yet calculated | CVE-2025-31686 |
| Drupal–Profile Private | Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*. | 2025-03-31 | not yet calculated | CVE-2025-3059 |
| Drupal–RapiDoc OAS Field Formatter | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting (XSS).This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1. | 2025-03-31 | not yet calculated | CVE-2025-31696 |
| Drupal–SpamSpan filter | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal SpamSpan filter allows Cross-Site Scripting (XSS).This issue affects SpamSpan filter: from 0.0.0 before 3.2.1. | 2025-03-31 | not yet calculated | CVE-2025-31687 |
| Drupal–Two-factor Authentication (TFA) | Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0. | 2025-03-31 | not yet calculated | CVE-2025-31694 |
| e-solutions–e-management | Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the ‘file’ parameter in the /downloadReport.php endpoint. | 2025-03-31 | not yet calculated | CVE-2025-3021 |
| e-solutions–e-management | Os command injection vulnerability in e-solutions e-management. This vulnerability allows an attacker to execute arbitrary commands on the server via the ‘client’ parameter in the /data/apache/e-management/api/api3.php endpoint. | 2025-03-31 | not yet calculated | CVE-2025-3022 |
| Eclipse Foundation–ThreadX | In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support. This issue follows an uncomplete fix in CVE-2025-0728. | 2025-04-06 | not yet calculated | CVE-2025-2258 |
| Eclipse Foundation–ThreadX | In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. This issue follows an incomplete fix of CVE-2025-0727 | 2025-04-06 | not yet calculated | CVE-2025-2259 |
| Eclipse Foundation–ThreadX | In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users can work-around the issue by disabling the PUT request support. This issue follows an incomplete fix of CVE-2025-0726. | 2025-04-06 | not yet calculated | CVE-2025-2260 |
| ELLIOTT–Net::Xero | Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is “Useful mostly for test programs”. Data::Random uses the rand() function. | 2025-04-05 | not yet calculated | CVE-2024-56370 |
| Facebook–WhatsApp Desktop for Windows | A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. | 2025-04-05 | not yet calculated | CVE-2025-30401 |
| FAST LTA–FAST LTA Silent Brick WebUI | A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are “hd” and “pi”. | 2025-03-31 | not yet calculated | CVE-2025-2071 |
| FAST LTA–FAST LTA Silent Brick WebUI | A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in FAST LTA Silent Brick WebUI, allowing attackers to inject malicious JavaScript code into web pages viewed by users. This issue arises when user-supplied input is improperly handled and reflected directly in the output of a web page without proper sanitization or encoding. Exploiting this vulnerability, an attacker can execute arbitrary JavaScript in the context of the victim’s browser, potentially leading to session hijacking, data theft, and other malicious actions. Affected WebUI parameters are “h”, “hd”, “p”, “pi”, “s”, “t”, “x”, “y”. | 2025-03-31 | not yet calculated | CVE-2025-2072 |
| FPT Software–NightWolf Penetration Platform | Insecure Direct Object References (IDOR) in access control in Customer Portal before 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references. | 2025-03-31 | not yet calculated | CVE-2025-3013 |
| FPT Software–NightWolf Penetration Platform | Insecure Direct Object References (IDOR) in access control in Tracking 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references. | 2025-03-31 | not yet calculated | CVE-2025-3014 |
| Google–Chrome | Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | 2025-04-02 | not yet calculated | CVE-2025-3071 |
| Google–Chrome | Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 2025-04-02 | not yet calculated | CVE-2025-3072 |
| Google–Chrome | Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 2025-04-02 | not yet calculated | CVE-2025-3073 |
| Google–Chrome | Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 2025-04-02 | not yet calculated | CVE-2025-3074 |
| Hammock Corporation–AssetView | Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker. | 2025-04-02 | not yet calculated | CVE-2025-25060 |
| Hammock Corporation–AssetView | AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker. | 2025-04-02 | not yet calculated | CVE-2025-27244 |
| Hex-Dragon–PCL2 | Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE background to access the specified webpage without knowing it. This vulnerability is fixed in 2.9.3. | 2025-04-06 | not yet calculated | CVE-2025-31488 |
| Imagination Technologies–Graphics DDK | Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour. | 2025-04-04 | not yet calculated | CVE-2025-0468 |
| Imagination Technologies–Graphics DDK | Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption. | 2025-04-04 | not yet calculated | CVE-2025-25178 |
| JTEKT ELECTRONICS CORPORATION–HMI ViewJet C-more series | Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product’s web pages. | 2025-04-04 | not yet calculated | CVE-2025-24310 |
| JTEKT ELECTRONICS CORPORATION–HMI ViewJet C-more series | Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition. | 2025-04-04 | not yet calculated | CVE-2025-24317 |
| JTEKT ELECTRONICS CORPORATION–HMI ViewJet C-more series | Unintended proxy or intermediary (‘Confused Deputy’) issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack. | 2025-04-04 | not yet calculated | CVE-2025-25061 |
| JTEKT ELECTRONICS CORPORATION–HMI ViewJet C-more series | Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker. | 2025-04-04 | not yet calculated | CVE-2025-26401 |
| KNIME–KNIME Business Hub | A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.2 or later * 1.12.3 or later * 1.11.3 or later * 1.10.3 or later | 2025-03-31 | not yet calculated | CVE-2025-2402 |
| KNIME–KNIME Business Hub | KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user’s permissions. This can lead to information loss and/or modification of existing data. The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.3 or later * 1.12.4 or later | 2025-03-31 | not yet calculated | CVE-2025-3019 |
| LEV–Web::API | Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is “Useful mostly for test programs”. Data::Random uses the rand() function. | 2025-04-05 | not yet calculated | CVE-2024-57868 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC Actually ENETC VFs do not support HWTSTAMP_TX_ONESTEP_SYNC because only ENETC PF can access PMa_SINGLE_STEP registers. And there will be a crash if VFs are used to test one-step timestamp, the crash log as follows. [ 129.110909] Unable to handle kernel paging request at virtual address 00000000000080c0 [ 129.287769] Call trace: [ 129.290219] enetc_port_mac_wr+0x30/0xec (P) [ 129.294504] enetc_start_xmit+0xda4/0xe74 [ 129.298525] enetc_xmit+0x70/0xec [ 129.301848] dev_hard_start_xmit+0x98/0x118 | 2025-04-01 | not yet calculated | CVE-2025-21894 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Syskaller triggers a warning due to prev_epc->pmu != next_epc->pmu in perf_event_swap_task_ctx_data(). vmcore shows that two lists have the same perf_event_pmu_context, but not in the same order. The problem is that the order of pmu_ctx_list for the parent is impacted by the time when an event/PMU is added. While the order for a child is impacted by the event order in the pinned_groups and flexible_groups. So the order of pmu_ctx_list in the parent and child may be different. To fix this problem, insert the perf_event_pmu_context to its proper place after iteration of the pmu_ctx_list. The follow testcase can trigger above warning: # perf record -e cycles –call-graph lbr — taskset -c 3 ./a.out & # perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out test.c void main() { int count = 0; pid_t pid; printf(“%d running\n”, getpid()); sleep(30); printf(“running\n”); pid = fork(); if (pid == -1) { printf(“fork error\n”); return; } if (pid == 0) { while (1) { count++; } } else { while (1) { count++; } } } The testcase first opens an LBR event, so it will allocate task_ctx_data, and then open tracepoint and software events, so the parent context will have 3 different perf_event_pmu_contexts. On inheritance, child ctx will insert the perf_event_pmu_context in another order and the warning will trigger. [ mingo: Tidied up the changelog. ] | 2025-04-01 | not yet calculated | CVE-2025-21895 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: fuse: revert back to __readahead_folio() for readahead In commit 3eab9d7bc2f4 (“fuse: convert readahead to use folios”), the logic was converted to using the new folio readahead code, which drops the reference on the folio once it is locked, using an inferred reference on the folio. Previously we held a reference on the folio for the entire duration of the readpages call. This is fine, however for the case for splice pipe responses where we will remove the old folio and splice in the new folio (see fuse_try_move_page()), we assume that there is a reference held on the folio for ap->folios, which is no longer the case. To fix this, revert back to __readahead_folio() which allows us to hold the reference on the folio for the duration of readpages until either we drop the reference ourselves in fuse_readpages_end() or the reference is dropped after it’s replaced in the page cache in the splice case. This will fix the UAF bug that was reported. | 2025-04-01 | not yet calculated | CVE-2025-21896 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix pick_task_scx() picking non-queued tasks when it’s called without balance() a6250aa251ea (“sched_ext: Handle cases where pick_task_scx() is called without preceding balance_scx()”) added a workaround to handle the cases where pick_task_scx() is called without prececing balance_scx() which is due to a fair class bug where pick_taks_fair() may return NULL after a true return from balance_fair(). The workaround detects when pick_task_scx() is called without preceding balance_scx() and emulates SCX_RQ_BAL_KEEP and triggers kicking to avoid stalling. Unfortunately, the workaround code was testing whether @prev was on SCX to decide whether to keep the task running. This is incorrect as the task may be on SCX but no longer runnable. This could lead to a non-runnable task to be returned from pick_task_scx() which cause interesting confusions and failures. e.g. A common failure mode is the task ending up with (!on_rq && on_cpu) state which can cause potential wakers to busy loop, which can easily lead to deadlocks. Fix it by testing whether @prev has SCX_TASK_QUEUED set. This makes @prev_on_scx only used in one place. Open code the usage and improve the comment while at it. | 2025-04-01 | not yet calculated | CVE-2025-21897 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_stat_show() Check whether denominator expression x * (x – 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case. For now don’t care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will likely happen earlier. | 2025-04-01 | not yet calculated | CVE-2025-21898 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: tracing: Fix bad hist from corrupting named_triggers list The following commands causes a crash: ~# cd /sys/kernel/tracing/events/rcu/rcu_callback ~# echo ‘hist:name=bad:keys=common_pid:onmax(bogus).save(common_pid)’ > trigger bash: echo: write error: Invalid argument ~# echo ‘hist:name=bad:keys=common_pid’ > trigger Because the following occurs: event_trigger_write() { trigger_process_regex() { event_hist_trigger_parse() { data = event_trigger_alloc(..); event_trigger_register(.., data) { cmd_ops->reg(.., data, ..) [hist_register_trigger()] { data->ops->init() [event_hist_trigger_init()] { save_named_trigger(name, data) { list_add(&data->named_list, &named_triggers); } } } } ret = create_actions(); (return -EINVAL) if (ret) goto out_unreg; [..] ret = hist_trigger_enable(data, …) { list_add_tail_rcu(&data->list, &file->triggers); <<<—- SKIPPED!!! (this is important!) [..] out_unreg: event_hist_unregister(.., data) { cmd_ops->unreg(.., data, ..) [hist_unregister_trigger()] { list_for_each_entry(iter, &file->triggers, list) { if (!hist_trigger_match(data, iter, named_data, false)) <- never matches continue; [..] test = iter; } if (test && test->ops->free) <<<– test is NULL test->ops->free(test) [event_hist_trigger_free()] { [..] if (data->name) del_named_trigger(data) { list_del(&data->named_list); <<<<– NEVER gets removed! } } } } [..] kfree(data); <<<– frees item but it is still on list The next time a hist with name is registered, it causes an u-a-f bug and the kernel can crash. Move the code around such that if event_trigger_register() succeeds, the next thing called is hist_trigger_enable() which adds it to the list. A bunch of actions is called if get_named_trigger_data() returns false. But that doesn’t need to be called after event_trigger_register(), so it can be moved up, allowing event_trigger_register() to be called just before hist_trigger_enable() keeping them together and allowing the file->triggers to be properly populated. | 2025-04-01 | not yet calculated | CVE-2025-21899 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a deadlock when recovering state on a sillyrenamed file If the file is sillyrenamed, and slated for delete on close, it is possible for a server reboot to triggeer an open reclaim, with can again race with the application call to close(). When that happens, the call to put_nfs_open_context() can trigger a synchronous delegreturn call which deadlocks because it is not marked as privileged. Instead, ensure that the call to nfs4_inode_return_delegation_on_close() catches the delegreturn, and schedules it asynchronously. | 2025-04-01 | not yet calculated | CVE-2025-21900 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add sanity checks on rdev validity There is a possibility that ulp_irq_stop and ulp_irq_start callbacks will be called when the device is in detached state. This can cause a crash due to NULL pointer dereference as the rdev is already freed. | 2025-04-01 | not yet calculated | CVE-2025-21901 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a ->poll_cci method For the ACPI backend of UCSI the UCSI “registers” are just a memory copy of the register values in an opregion. The ACPI implementation in the BIOS ensures that the opregion contents are synced to the embedded controller and it ensures that the registers (in particular CCI) are synced back to the opregion on notifications. While there is an ACPI call that syncs the actual registers to the opregion there is rarely a need to do this and on some ACPI implementations it actually breaks in various interesting ways. The only reason to force a sync from the embedded controller is to poll CCI while notifications are disabled. Only the ucsi core knows if this is the case and guessing based on the current command is suboptimal, i.e. leading to the following spurious assertion splat: WARNING: CPU: 3 PID: 76 at drivers/usb/typec/ucsi/ucsi.c:1388 ucsi_reset_ppm+0x1b4/0x1c0 [typec_ucsi] CPU: 3 UID: 0 PID: 76 Comm: kworker/3:0 Not tainted 6.12.11-200.fc41.x86_64 #1 Hardware name: LENOVO 21D0/LNVNB161216, BIOS J6CN45WW 03/17/2023 Workqueue: events_long ucsi_init_work [typec_ucsi] RIP: 0010:ucsi_reset_ppm+0x1b4/0x1c0 [typec_ucsi] Call Trace: <TASK> ucsi_init_work+0x3c/0xac0 [typec_ucsi] process_one_work+0x179/0x330 worker_thread+0x252/0x390 kthread+0xd2/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Thus introduce a ->poll_cci() method that works like ->read_cci() with an additional forced sync and document that this should be used when polling with notifications disabled. For all other backends that presumably don’t have this issue use the same implementation for both methods. | 2025-04-01 | not yet calculated | CVE-2025-21902 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mctp i3c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet should be dropped. saddr will usually be set by MCTP core, but check for NULL in case a packet is transmitted by a different protocol. | 2025-04-01 | not yet calculated | CVE-2025-21903 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: caif_virtio: fix wrong pointer check in cfv_probe() del_vqs() frees virtqueues, therefore cfv->vq_tx pointer should be checked for NULL before calling it, not cfv->vdev. Also the current implementation is redundant because the pointer cfv->vdev is dereferenced before it is checked for NULL. Fix this by checking cfv->vq_tx for NULL instead of cfv->vdev before calling del_vqs(). | 2025-04-01 | not yet calculated | CVE-2025-21904 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There’s no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that’s the last TLV in the file, it can perhaps even read beyond the end of the file buffer. Fix that by limiting the print format to the size of the buffer we have. | 2025-04-01 | not yet calculated | CVE-2025-21905 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: clean up ROC on failure If the firmware fails to start the session protection, then we do call iwl_mvm_roc_finished() here, but that won’t do anything at all because IWL_MVM_STATUS_ROC_P2P_RUNNING was never set. Set IWL_MVM_STATUS_ROC_P2P_RUNNING in the failure/stop path. If it started successfully before, it’s already set, so that doesn’t matter, and if it didn’t start it needs to be set to clean up. Not doing so will lead to a WARN_ON() later on a fresh remain- on-channel, since the link is already active when activated as it was never deactivated. | 2025-04-01 | not yet calculated | CVE-2025-21906 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mm: memory-failure: update ttu flag inside unmap_poisoned_folio Patch series “mm: memory_failure: unmap poisoned folio during migrate properly”, v3. Fix two bugs during folio migration if the folio is poisoned. This patch (of 3): Commit 6da6b1d4a7df (“mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON”) introduce TTU_HWPOISON to replace TTU_IGNORE_HWPOISON in order to stop send SIGBUS signal when accessing an error page after a memory error on a clean folio. However during page migration, anon folio must be set with TTU_HWPOISON during unmap_*(). For pagecache we need some policy just like the one in hwpoison_user_mappings to set this flag. So move this policy from hwpoison_user_mappings to unmap_poisoned_folio to handle this warning properly. Warning will be produced during unamp poison folio with the following log: ————[ cut here ]———— WARNING: CPU: 1 PID: 365 at mm/rmap.c:1847 try_to_unmap_one+0x8fc/0xd3c Modules linked in: CPU: 1 UID: 0 PID: 365 Comm: bash Tainted: G W 6.13.0-rc1-00018-gacdb4bbda7ab #42 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=–) pc : try_to_unmap_one+0x8fc/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0x8fc/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c —[ end trace 0000000000000000 ]— [[email protected]: unmap_poisoned_folio(): remove shadowed local `mapping’, per Miaohe] Link: https://lkml.kernel.org/r/[email protected] | 2025-04-01 | not yet calculated | CVE-2025-21907 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Add PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so nfs_release_folio() can skip calling nfs_wb_folio() from kcompactd. Otherwise NFS can deadlock waiting for kcompactd enduced writeback which recurses back to NFS (which triggers writeback to NFSD via NFS loopback mount on the same host, NFSD blocks waiting for XFS’s call to __filemap_get_folio): 6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds. {— [58] “kcompactd0” [<0>] folio_wait_bit+0xe8/0x200 [<0>] folio_wait_writeback+0x2b/0x80 [<0>] nfs_wb_folio+0x80/0x1b0 [nfs] [<0>] nfs_release_folio+0x68/0x130 [nfs] [<0>] split_huge_page_to_list_to_order+0x362/0x840 [<0>] migrate_pages_batch+0x43d/0xb90 [<0>] migrate_pages_sync+0x9a/0x240 [<0>] migrate_pages+0x93c/0x9f0 [<0>] compact_zone+0x8e2/0x1030 [<0>] compact_node+0xdb/0x120 [<0>] kcompactd+0x121/0x2e0 [<0>] kthread+0xcf/0x100 [<0>] ret_from_fork+0x31/0x40 [<0>] ret_from_fork_asm+0x1a/0x30 —} [[email protected]: fix build] | 2025-04-01 | not yet calculated | CVE-2025-21908 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject cooked mode if it is set along with other flags It is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE flags simultaneously on the same monitor interface from the userspace. This causes a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit set because the monitor interface is in the cooked state and it takes precedence over all other states. When the interface is then being deleted the kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing that bit. Fix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with other flags. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. | 2025-04-01 | not yet calculated | CVE-2025-21909 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue [1] that occurs when erroneous symbols sent from userspace get through into user_alpha2[] via regulatory_hint_user() call. Such invalid regulatory hints should be rejected. While a sanity check from commit 47caf685a685 (“cfg80211: regulatory: reject invalid hints”) looks to be enough to deter these very cases, there is a way to get around it due to 2 reasons. 1) The way isalpha() works, symbols other than latin lower and upper letters may be used to determine a country/domain. For instance, greek letters will also be considered upper/lower letters and for such characters isalpha() will return true as well. However, ISO-3166-1 alpha2 codes should only hold latin characters. 2) While processing a user regulatory request, between reg_process_hint_user() and regulatory_hint_user() there happens to be a call to queue_regulatory_request() which modifies letters in request->alpha2[] with toupper(). This works fine for latin symbols, less so for weird letter characters from the second part of _ctype[]. Syzbot triggers a warning in is_user_regdom_saved() by first sending over an unexpected non-latin letter that gets malformed by toupper() into a character that ends up failing isalpha() check. Prevent this by enhancing is_an_alpha2() to ensure that incoming symbols are latin letters and nothing else. [1] Syzbot report: ————[ cut here ]———— Unexpected user alpha2: A� WARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 is_user_regdom_saved net/wireless/reg.c:440 [inline] WARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_alpha2 net/wireless/reg.c:3424 [inline] WARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516 Modules linked in: CPU: 1 UID: 0 PID: 964 Comm: kworker/1:2 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events_power_efficient crda_timeout_work RIP: 0010:is_user_regdom_saved net/wireless/reg.c:440 [inline] RIP: 0010:restore_alpha2 net/wireless/reg.c:3424 [inline] RIP: 0010:restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516 … Call Trace: <TASK> crda_timeout_work+0x27/0x50 net/wireless/reg.c:542 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f2/0x390 kernel/kthread.c:389 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> | 2025-04-01 | not yet calculated | CVE-2025-21910 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/imagination: avoid deadlock on fence release Do scheduler queue fence release processing on a workqueue, rather than in the release function itself. Fixes deadlock issues such as the following: [ 607.400437] ============================================ [ 607.405755] WARNING: possible recursive locking detected [ 607.415500] ——————————————– [ 607.420817] weston:zfq0/24149 is trying to acquire lock: [ 607.426131] ffff000017d041a0 (reservation_ww_class_mutex){+.+.}-{3:3}, at: pvr_gem_object_vunmap+0x40/0xc0 [powervr] [ 607.436728] but task is already holding lock: [ 607.442554] ffff000017d105a0 (reservation_ww_class_mutex){+.+.}-{3:3}, at: dma_buf_ioctl+0x250/0x554 [ 607.451727] other info that might help us debug this: [ 607.458245] Possible unsafe locking scenario: [ 607.464155] CPU0 [ 607.466601] —- [ 607.469044] lock(reservation_ww_class_mutex); [ 607.473584] lock(reservation_ww_class_mutex); [ 607.478114] *** DEADLOCK *** | 2025-04-01 | not yet calculated | CVE-2025-21911 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: gpio: rcar: Use raw_spinlock to protect register access Use raw_spinlock in order to fix spurious messages about invalid context when spinlock debugging is enabled. The lock is only used to serialize register access. [ 4.239592] ============================= [ 4.239595] [ BUG: Invalid wait context ] [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted [ 4.239603] —————————– [ 4.239606] kworker/u8:5/76 is trying to lock: [ 4.239609] ffff0000091898a0 (&p->lock){….}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164 [ 4.239641] other info that might help us debug this: [ 4.239643] context-{5:5} [ 4.239646] 5 locks held by kworker/u8:5/76: [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property ‘frame-master’ with a value. [ 4.254094] #1: ffff80008299bd80 ((work_completion)(&entry->work)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c [ 4.254109] #2: ffff00000920c8f8 [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property ‘bitclock-master’ with a value. [ 4.264803] (&dev->mutex){….}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690 [ 4.264840] #4: [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property ‘frame-master’ with a value. [ 4.273275] ffff00000a50c8c8 (lock_class){….}-{2:2}, at: __setup_irq+0xc4/0x690 [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz [ 4.304082] stack backtrace: [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT) [ 4.304097] Workqueue: async async_run_entry_fn [ 4.304106] Call trace: [ 4.304110] show_stack+0x14/0x20 (C) [ 4.304122] dump_stack_lvl+0x6c/0x90 [ 4.304131] dump_stack+0x14/0x1c [ 4.304138] __lock_acquire+0xdfc/0x1584 [ 4.426274] lock_acquire+0x1c4/0x33c [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80 [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164 [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8 [ 4.444422] __irq_set_trigger+0x5c/0x178 [ 4.448435] __setup_irq+0x2e4/0x690 [ 4.452012] request_threaded_irq+0xc4/0x190 [ 4.456285] devm_request_threaded_irq+0x7c/0xf4 [ 4.459398] ata1: link resume succeeded after 1 retries [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0 [ 4.470660] mmc_start_host+0x50/0xac [ 4.474327] mmc_add_host+0x80/0xe4 [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440 [ 4.482094] renesas_sdhi_probe+0x488/0x6f4 [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78 [ 4.491509] platform_probe+0x64/0xd8 [ 4.495178] really_probe+0xb8/0x2a8 [ 4.498756] __driver_probe_device+0x74/0x118 [ 4.503116] driver_probe_device+0x3c/0x154 [ 4.507303] __device_attach_driver+0xd4/0x160 [ 4.511750] bus_for_each_drv+0x84/0xe0 [ 4.515588] __device_attach_async_helper+0xb0/0xdc [ 4.520470] async_run_entry_fn+0x30/0xd8 [ 4.524481] process_one_work+0x210/0x62c [ 4.528494] worker_thread+0x1ac/0x340 [ 4.532245] kthread+0x10c/0x110 [ 4.535476] ret_from_fork+0x10/0x20 | 2025-04-01 | not yet calculated | CVE-2025-21912 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Xen doesn’t offer MSR_FAM10H_MMIO_CONF_BASE to all guests. This results in the following warning: unchecked MSR access error: RDMSR from 0xc0010058 at rIP: 0xffffffff8101d19f (xen_do_read_msr+0x7f/0xa0) Call Trace: xen_read_msr+0x1e/0x30 amd_get_mmconfig_range+0x2b/0x80 quirk_amd_mmconfig_area+0x28/0x100 pnp_fixup_device+0x39/0x50 __pnp_add_device+0xf/0x150 pnp_add_device+0x3d/0x100 pnpacpi_add_device_handler+0x1f9/0x280 acpi_ns_get_device_callback+0x104/0x1c0 acpi_ns_walk_namespace+0x1d0/0x260 acpi_get_devices+0x8a/0xb0 pnpacpi_init+0x50/0x80 do_one_initcall+0x46/0x2e0 kernel_init_freeable+0x1da/0x2f0 kernel_init+0x16/0x1b0 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1b/0x30 based on quirks for a “PNP0c01” device. Treating MMCFG as disabled is the right course of action, so no change is needed there. This was most likely exposed by fixing the Xen MSR accessors to not be silently-safe. | 2025-04-01 | not yet calculated | CVE-2025-21913 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: slimbus: messaging: Free transaction ID in delayed interrupt scenario In case of interrupt delay for any reason, slim_do_transfer() returns timeout error but the transaction ID (TID) is not freed. This results into invalid memory access inside qcom_slim_ngd_rx_msgq_cb() due to invalid TID. Fix the issue by freeing the TID in slim_do_transfer() before returning timeout error to avoid invalid memory access. Call trace: __memcpy_fromio+0x20/0x190 qcom_slim_ngd_rx_msgq_cb+0x130/0x290 [slim_qcom_ngd_ctrl] vchan_complete+0x2a0/0x4a0 tasklet_action_common+0x274/0x700 tasklet_action+0x28/0x3c _stext+0x188/0x620 run_ksoftirqd+0x34/0x74 smpboot_thread_fn+0x1d8/0x464 kthread+0x178/0x238 ret_from_fork+0x10/0x20 Code: aa0003e8 91000429 f100044a 3940002b (3800150b) —[ end trace 0fe00bec2b975c99 ]— Kernel panic – not syncing: Oops: Fatal exception in interrupt. | 2025-04-01 | not yet calculated | CVE-2025-21914 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c This function driver_override_show() is part of DEVICE_ATTR_RW, which includes both driver_override_show() and driver_override_store(). These functions can be executed concurrently in sysfs. The driver_override_store() function uses driver_set_override() to update the driver_override value, and driver_set_override() internally locks the device (device_lock(dev)). If driver_override_show() reads cdx_dev->driver_override without locking, it could potentially access a freed pointer if driver_override_store() frees the string concurrently. This could lead to printing a kernel address, which is a security risk since DEVICE_ATTR can be read by all users. Additionally, a similar pattern is used in drivers/amba/bus.c, as well as many other bus drivers, where device_lock() is taken in the show function, and it has been working without issues. This potential bug was detected by our experimental static analysis tool, which analyzes locking APIs and paired functions to identify data races and atomicity violations. | 2025-04-01 | not yet calculated | CVE-2025-21915 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see [1]. This time the issue stems from a commit authored by me (2eabb655a968 (“usb: atm: cxacru: fix endpoint checking in cxacru_bind()”)). While using usb_find_common_endpoints() may usually be enough to discard devices with wrong endpoints, in this case one needs more than just finding and identifying the sufficient number of endpoints of correct types – one needs to check the endpoint’s address as well. Since cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind, switch the endpoint verification approach to usb_check_XXX_endpoints() instead to fix incomplete ep testing. [1] Syzbot report: usb 5-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 … RIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 … Call Trace: <TASK> cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649 cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline] cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223 usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058 cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377 usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396 really_probe+0x2b9/0xad0 drivers/base/dd.c:658 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800 driver_probe_device+0x50/0x430 drivers/base/dd.c:830 … | 2025-04-01 | not yet calculated | CVE-2025-21916 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Flush the notify_hotplug_work When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message “Unable to handle kernel NULL pointer dereference at virtual address” may occur. This issue points to the usbhsc_notify_hotplug() function. Flush the delayed work to avoid its execution when driver resources are unavailable. | 2025-04-01 | not yet calculated | CVE-2025-21917 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should be released only after all threads that utilize them have been destroyed. This commit ensures that resources are not released prematurely by waiting for the associated workqueue to complete before deallocating them. | 2025-04-01 | not yet calculated | CVE-2025-21918 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a ‘prev’ pointer to a cfs_rq. This ‘prev’ pointer can originate from struct rq’s leaf_cfs_rq_list, making the conversion invalid and potentially leading to memory corruption. Depending on the relative positions of leaf_cfs_rq_list and the task group (tg) pointer within the struct, this can cause a memory fault or access garbage data. The issue arises in list_add_leaf_cfs_rq, where both cfs_rq->leaf_cfs_rq_list and rq->leaf_cfs_rq_list are added to the same leaf list. Also, rq->tmp_alone_branch can be set to rq->leaf_cfs_rq_list. This adds a check `if (prev == &rq->leaf_cfs_rq_list)` after the main conditional in child_cfs_rq_on_list. This ensures that the container_of operation will convert a correct cfs_rq struct. This check is sufficient because only cfs_rqs on the same CPU are added to the list, so verifying the ‘prev’ pointer against the current rq’s list head is enough. Fixes a potential memory corruption issue that due to current struct layout might not be manifesting as a crash but could lead to unpredictable behavior when the layout changes. | 2025-04-01 | not yet calculated | CVE-2025-21919 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: vlan: enforce underlying device type Currently, VLAN devices can be created on top of non-ethernet devices. Besides the fact that it doesn’t make much sense, this also causes a bug which leaks the address of a kernel function to usermode. When creating a VLAN device, we initialize GARP (garp_init_applicant) and MRP (mrp_init_applicant) for the underlying device. As part of the initialization process, we add the multicast address of each applicant to the underlying device, by calling dev_mc_add. __dev_mc_add uses dev->addr_len to determine the length of the new multicast address. This causes an out-of-bounds read if dev->addr_len is greater than 6, since the multicast addresses provided by GARP and MRP are only 6 bytes long. This behaviour can be reproduced using the following commands: ip tunnel add gretest mode ip6gre local ::1 remote ::2 dev lo ip l set up dev gretest ip link add link gretest name vlantest type vlan id 100 Then, the following command will display the address of garp_pdu_rcv: ip maddr show | grep 01:80:c2:00:00:21 Fix the bug by enforcing the type of the underlying device during VLAN device initialization. | 2025-04-01 | not yet calculated | CVE-2025-21920 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device ethnl_req_get_phydev() is used to lookup a phy_device, in the case an ethtool netlink command targets a specific phydev within a netdev’s topology. It takes as a parameter a const struct nlattr *header that’s used for error handling : if (!phydev) { NL_SET_ERR_MSG_ATTR(extack, header, “no phy matching phyindex”); return ERR_PTR(-ENODEV); } In the notify path after a ->set operation however, there’s no request attributes available. The typical callsite for the above function looks like: phydev = ethnl_req_get_phydev(req_base, tb[ETHTOOL_A_XXX_HEADER], info->extack); So, when tb is NULL (such as in the ethnl notify path), we have a nice crash. It turns out that there’s only the PLCA command that is in that case, as the other phydev-specific commands don’t have a notification. This commit fixes the crash by passing the cmd index and the nlattr array separately, allowing NULL-checking it directly inside the helper. | 2025-04-01 | not yet calculated | CVE-2025-21921 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ppp: Fix KMSAN uninit-value warning with bpf Syzbot caught an “KMSAN: uninit-value” warning [1], which is caused by the ppp driver not initializing a 2-byte header when using socket filter. The following code can generate a PPP filter BPF program: ”’ struct bpf_program fp; pcap_t *handle; handle = pcap_open_dead(DLT_PPP_PPPD, 65535); pcap_compile(handle, &fp, “ip and outbound”, 0, 0); bpf_dump(&fp, 1); ”’ Its output is: ”’ (000) ldh [2] (001) jeq #0x21 jt 2 jf 5 (002) ldb [0] (003) jeq #0x1 jt 4 jf 5 (004) ret #65535 (005) ret #0 ”’ Wen can find similar code at the following link: https://github.com/ppp-project/ppp/blob/master/pppd/options.c#L1680 The maintainer of this code repository is also the original maintainer of the ppp driver. As you can see the BPF program skips 2 bytes of data and then reads the ‘Protocol’ field to determine if it’s an IP packet. Then it read the first byte of the first 2 bytes to determine the direction. The issue is that only the first byte indicating direction is initialized in current ppp driver code while the second byte is not initialized. For normal BPF programs generated by libpcap, uninitialized data won’t be used, so it’s not a problem. However, for carefully crafted BPF programs, such as those generated by syzkaller [2], which start reading from offset 0, the uninitialized data will be used and caught by KMSAN. [1] https://syzkaller.appspot.com/bug?extid=853242d9c9917165d791 [2] https://syzkaller.appspot.com/text?tag=ReproC&x=11994913980000 | 2025-04-01 | not yet calculated | CVE-2025-21922 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: HID: hid-steam: Fix use-after-free when detaching device When a hid-steam device is removed it must clean up the client_hdev used for intercepting hidraw access. This can lead to scheduling deferred work to reattach the input device. Though the cleanup cancels the deferred work, this was done before the client_hdev itself is cleaned up, so it gets rescheduled. This patch fixes the ordering to make sure the deferred work is properly canceled. | 2025-04-01 | not yet calculated | CVE-2025-21923 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error During the initialization of ptp, hclge_ptp_get_cycle might return an error and returned directly without unregister clock and free it. To avoid that, call hclge_ptp_destroy_clock to unregist and free clock if hclge_ptp_get_cycle failed. | 2025-04-01 | not yet calculated | CVE-2025-21924 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: llc: do not use skb_get() before dev_queue_xmit() syzbot is able to crash hosts [1], using llc and devices not supporting IFF_TX_SKB_SHARING. In this case, e1000 driver calls eth_skb_pad(), while the skb is shared. Simply replace skb_get() by skb_clone() in net/llc/llc_s_ac.c Note that e1000 driver might have an issue with pktgen, because it does not clear IFF_TX_SKB_SHARING, this is an orthogonal change. We need to audit other skb_get() uses in net/llc. [1] kernel BUG at net/core/skbuff.c:2178 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 16371 Comm: syz.2.2764 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:pskb_expand_head+0x6ce/0x1240 net/core/skbuff.c:2178 Call Trace: <TASK> __skb_pad+0x18a/0x610 net/core/skbuff.c:2466 __skb_put_padto include/linux/skbuff.h:3843 [inline] skb_put_padto include/linux/skbuff.h:3862 [inline] eth_skb_pad include/linux/etherdevice.h:656 [inline] e1000_xmit_frame+0x2d99/0x5800 drivers/net/ethernet/intel/e1000/e1000_main.c:3128 __netdev_start_xmit include/linux/netdevice.h:5151 [inline] netdev_start_xmit include/linux/netdevice.h:5160 [inline] xmit_one net/core/dev.c:3806 [inline] dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3822 sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343 __dev_xmit_skb net/core/dev.c:4045 [inline] __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4621 dev_queue_xmit include/linux/netdevice.h:3313 [inline] llc_sap_action_send_test_c+0x268/0x320 net/llc/llc_s_ac.c:144 llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline] llc_sap_next_state net/llc/llc_sap.c:182 [inline] llc_sap_state_process+0x239/0x510 net/llc/llc_sap.c:209 llc_ui_sendmsg+0xd0d/0x14e0 net/llc/af_llc.c:993 sock_sendmsg_nosec net/socket.c:718 [inline] | 2025-04-01 | not yet calculated | CVE-2025-21925 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: gso: fix ownership in __udp_gso_segment In __udp_gso_segment the skb destructor is removed before segmenting the skb but the socket reference is kept as-is. This is an issue if the original skb is later orphaned as we can hit the following bug: kernel BUG at ./include/linux/skbuff.h:3312! (skb_orphan) RIP: 0010:ip_rcv_core+0x8b2/0xca0 Call Trace: ip_rcv+0xab/0x6e0 __netif_receive_skb_one_core+0x168/0x1b0 process_backlog+0x384/0x1100 __napi_poll.constprop.0+0xa1/0x370 net_rx_action+0x925/0xe50 The above can happen following a sequence of events when using OpenVSwitch, when an OVS_ACTION_ATTR_USERSPACE action precedes an OVS_ACTION_ATTR_OUTPUT action: 1. OVS_ACTION_ATTR_USERSPACE is handled (in do_execute_actions): the skb goes through queue_gso_packets and then __udp_gso_segment, where its destructor is removed. 2. The segments’ data are copied and sent to userspace. 3. OVS_ACTION_ATTR_OUTPUT is handled (in do_execute_actions) and the same original skb is sent to its path. 4. If it later hits skb_orphan, we hit the bug. Fix this by also removing the reference to the socket in __udp_gso_segment. | 2025-04-01 | not yet calculated | CVE-2025-21926 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn’t check the validity of the header length. When header digests are enabled, a target might send a packet with an invalid header length (e.g. 255), causing nvme_tcp_verify_hdgst() to access memory outside the allocated area and cause memory corruptions by overwriting it with the calculated digest. Fix this by rejecting packets with an unexpected header length. | 2025-04-01 | not yet calculated | CVE-2025-21927 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freeing in the ishtp_hid_remove() function. The function currently frees the `driver_data` directly within the loop that destroys the HID devices, which can lead to accessing freed memory. Specifically, `hid_destroy_device()` uses `driver_data` when it calls `hid_ishtp_set_feature()` to power off the sensor, so freeing `driver_data` beforehand can result in accessing invalid memory. This patch resolves the issue by storing the `driver_data` in a temporary variable before calling `hid_destroy_device()`, and then freeing the `driver_data` after the device is destroyed. | 2025-04-01 | not yet calculated | CVE-2025-21928 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the `rmmod` operation for the `intel_ishtp_hid` driver, a use-after-free issue can occur in the hid_ishtp_cl_remove() function. The function hid_ishtp_cl_deinit() is called before ishtp_hid_remove(), which can lead to accessing freed memory or resources during the removal process. Call Trace: ? ishtp_cl_send+0x168/0x220 [intel_ishtp] ? hid_output_report+0xe3/0x150 [hid] hid_ishtp_set_feature+0xb5/0x120 [intel_ishtp_hid] ishtp_hid_request+0x7b/0xb0 [intel_ishtp_hid] hid_hw_request+0x1f/0x40 [hid] sensor_hub_set_feature+0x11f/0x190 [hid_sensor_hub] _hid_sensor_power_state+0x147/0x1e0 [hid_sensor_trigger] hid_sensor_runtime_resume+0x22/0x30 [hid_sensor_trigger] sensor_hub_remove+0xa8/0xe0 [hid_sensor_hub] hid_device_remove+0x49/0xb0 [hid] hid_destroy_device+0x6f/0x90 [hid] ishtp_hid_remove+0x42/0x70 [intel_ishtp_hid] hid_ishtp_cl_remove+0x6b/0xb0 [intel_ishtp_hid] ishtp_cl_device_remove+0x4a/0x60 [intel_ishtp] … Additionally, ishtp_hid_remove() is a HID level power off, which should occur before the ISHTP level disconnect. This patch resolves the issue by reordering the calls in hid_ishtp_cl_remove(). The function ishtp_hid_remove() is now called before hid_ishtp_cl_deinit(). | 2025-04-01 | not yet calculated | CVE-2025-21929 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don’t try to talk to a dead firmware This fixes: bad state = 0 WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwl_trans_send_cmd+0xba/0xe0 [iwlwifi] Call Trace: <TASK> ? __warn+0xca/0x1c0 ? iwl_trans_send_cmd+0xba/0xe0 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4] iwl_fw_dbg_clear_monitor_buf+0xd7/0x110 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4] _iwl_dbgfs_fw_dbg_clear_write+0xe2/0x120 [iwlmvm 0e8adb18cea92d2c341766bcc10b18699290068a] Ask whether the firmware is alive before sending a command. | 2025-04-01 | not yet calculated | CVE-2025-21930 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 (“hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is not locked during unmap: ————[ cut here ]———— kernel BUG at ./include/linux/swapops.h:400! Internal error: Oops – BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=–) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) —[ end trace 0000000000000000 ]— | 2025-04-01 | not yet calculated | CVE-2025-21931 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mm: abort vma_modify() on merge out of memory failure The remainder of vma_modify() relies upon the vmg state remaining pristine after a merge attempt. Usually this is the case, however in the one edge case scenario of a merge attempt failing not due to the specified range being unmergeable, but rather due to an out of memory error arising when attempting to commit the merge, this assumption becomes untrue. This results in vmg->start, end being modified, and thus the proceeding attempts to split the VMA will be done with invalid start/end values. Thankfully, it is likely practically impossible for us to hit this in reality, as it would require a maple tree node pre-allocation failure that would likely never happen due to it being ‘too small to fail’, i.e. the kernel would simply keep retrying reclaim until it succeeded. However, this scenario remains theoretically possible, and what we are doing here is wrong so we must correct it. The safest option is, when this scenario occurs, to simply give up the operation. If we cannot allocate memory to merge, then we cannot allocate memory to split either (perhaps moreso!). Any scenario where this would be happening would be under very extreme (likely fatal) memory pressure, so it’s best we give up early. So there is no doubt it is appropriate to simply bail out in this scenario. However, in general we must if at all possible never assume VMG state is stable after a merge attempt, since merge operations update VMG fields. As a result, additionally also make this clear by storing start, end in local variables. The issue was reported originally by syzkaller, and by Brad Spengler (via an off-list discussion), and in both instances it manifested as a triggering of the assert: VM_WARN_ON_VMG(start >= end, vmg); In vma_merge_existing_range(). It seems at least one scenario in which this is occurring is one in which the merge being attempted is due to an madvise() across multiple VMAs which looks like this: start end |<——>| |———-|——| | vma | next | |———-|——| When madvise_walk_vmas() is invoked, we first find vma in the above (determining prev to be equal to vma as we are offset into vma), and then enter the loop. We determine the end of vma that forms part of the range we are madvise()’ing by setting ‘tmp’ to this value: /* Here vma->vm_start <= start < (end|vma->vm_end) */ tmp = vma->vm_end; We then invoke the madvise() operation via visit(), letting prev get updated to point to vma as part of the operation: /* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */ error = visit(vma, &prev, start, tmp, arg); Where the visit() function pointer in this instance is madvise_vma_behavior(). As observed in syzkaller reports, it is ultimately madvise_update_vma() that is invoked, calling vma_modify_flags_name() and vma_modify() in turn. Then, in vma_modify(), we attempt the merge: merged = vma_merge_existing_range(vmg); if (merged) return merged; We invoke this with vmg->start, end set to start, tmp as such: start tmp |<—>| |———-|——| | vma | next | |———-|——| We find ourselves in the merge right scenario, but the one in which we cannot remove the middle (we are offset into vma). Here we have a special case where vmg->start, end get set to perhaps unintuitive values – we intended to shrink the middle VMA and expand the next. This means vmg->start, end are set to… vma->vm_start, start. Now the commit_merge() fails, and vmg->start, end are left like this. This means we return to the rest of vma_modify() with vmg->start, end (here denoted as start’, end’) set as: start’ end’ |<–>| |———-|——| | vma | next | |———-|——| So we now erroneously try to split accordingly. This is where the unfortunate —truncated— | 2025-04-01 | not yet calculated | CVE-2025-21932 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: arm: pgtable: fix NULL pointer dereference issue When update_mmu_cache_range() is called by update_mmu_cache(), the vmf parameter is NULL, which will cause a NULL pointer dereference issue in adjust_pte(): Unable to handle kernel NULL pointer dereference at virtual address 00000030 when read Hardware name: Atmel AT91SAM9 PC is at update_mmu_cache_range+0x1e0/0x278 LR is at pte_offset_map_rw_nolock+0x18/0x2c Call trace: update_mmu_cache_range from remove_migration_pte+0x29c/0x2ec remove_migration_pte from rmap_walk_file+0xcc/0x130 rmap_walk_file from remove_migration_ptes+0x90/0xa4 remove_migration_ptes from migrate_pages_batch+0x6d4/0x858 migrate_pages_batch from migrate_pages+0x188/0x488 migrate_pages from compact_zone+0x56c/0x954 compact_zone from compact_node+0x90/0xf0 compact_node from kcompactd+0x1d4/0x204 kcompactd from kthread+0x120/0x12c kthread from ret_from_fork+0x14/0x38 Exception stack(0xc0d8bfb0 to 0xc0d8bff8) To fix it, do not rely on whether ‘ptl’ is equal to decide whether to hold the pte lock, but decide it by whether CONFIG_SPLIT_PTE_PTLOCKS is enabled. In addition, if two vmas map to the same PTE page, there is no need to hold the pte lock again, otherwise a deadlock will occur. Just add the need_lock parameter to let adjust_pte() know this information. | 2025-04-01 | not yet calculated | CVE-2025-21933 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: rapidio: fix an API misues when rio_add_net() fails rio_add_net() calls device_register() and fails when device_register() fails. Thus, put_device() should be used rather than kfree(). Add “mport->net = NULL;” to avoid a use after free issue. | 2025-04-01 | not yet calculated | CVE-2025-21934 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: rapidio: add check for rio_add_net() in rio_scan_alloc_net() The return value of rio_add_net() should be checked. If it fails, put_device() should be called to free the memory and give up the reference initialized in rio_add_net(). | 2025-04-01 | not yet calculated | CVE-2025-21935 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Add check for the return value of mgmt_alloc_skb() in mgmt_device_connected() to prevent null pointer dereference. | 2025-04-01 | not yet calculated | CVE-2025-21936 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Add check for the return value of mgmt_alloc_skb() in mgmt_remote_name() to prevent null pointer dereference. | 2025-04-01 | not yet calculated | CVE-2025-21937 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix ‘scheduling while atomic’ in mptcp_pm_nl_append_new_local_addr If multiple connection requests attempt to create an implicit mptcp endpoint in parallel, more than one caller may end up in mptcp_pm_nl_append_new_local_addr because none found the address in local_addr_list during their call to mptcp_pm_nl_get_local_id. In this case, the concurrent new_local_addr calls may delete the address entry created by the previous caller. These deletes use synchronize_rcu, but this is not permitted in some of the contexts where this function may be called. During packet recv, the caller may be in a rcu read critical section and have preemption disabled. An example stack: BUG: scheduling while atomic: swapper/2/0/0x00000302 Call Trace: <IRQ> dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1)) dump_stack (lib/dump_stack.c:124) __schedule_bug (kernel/sched/core.c:5943) schedule_debug.constprop.0 (arch/x86/include/asm/preempt.h:33 kernel/sched/core.c:5970) __schedule (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 kernel/sched/features.h:29 kernel/sched/core.c:6621) schedule (arch/x86/include/asm/preempt.h:84 kernel/sched/core.c:6804 kernel/sched/core.c:6818) schedule_timeout (kernel/time/timer.c:2160) wait_for_completion (kernel/sched/completion.c:96 kernel/sched/completion.c:116 kernel/sched/completion.c:127 kernel/sched/completion.c:148) __wait_rcu_gp (include/linux/rcupdate.h:311 kernel/rcu/update.c:444) synchronize_rcu (kernel/rcu/tree.c:3609) mptcp_pm_nl_append_new_local_addr (net/mptcp/pm_netlink.c:966 net/mptcp/pm_netlink.c:1061) mptcp_pm_nl_get_local_id (net/mptcp/pm_netlink.c:1164) mptcp_pm_get_local_id (net/mptcp/pm.c:420) subflow_check_req (net/mptcp/subflow.c:98 net/mptcp/subflow.c:213) subflow_v4_route_req (net/mptcp/subflow.c:305) tcp_conn_request (net/ipv4/tcp_input.c:7216) subflow_v4_conn_request (net/mptcp/subflow.c:651) tcp_rcv_state_process (net/ipv4/tcp_input.c:6709) tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1934) tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2334) ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205 (discriminator 1)) ip_local_deliver_finish (include/linux/rcupdate.h:813 net/ipv4/ip_input.c:234) ip_local_deliver (include/linux/netfilter.h:314 include/linux/netfilter.h:308 net/ipv4/ip_input.c:254) ip_sublist_rcv_finish (include/net/dst.h:461 net/ipv4/ip_input.c:580) ip_sublist_rcv (net/ipv4/ip_input.c:640) ip_list_rcv (net/ipv4/ip_input.c:675) __netif_receive_skb_list_core (net/core/dev.c:5583 net/core/dev.c:5631) netif_receive_skb_list_internal (net/core/dev.c:5685 net/core/dev.c:5774) napi_complete_done (include/linux/list.h:37 include/net/gro.h:449 include/net/gro.h:444 net/core/dev.c:6114) igb_poll (drivers/net/ethernet/intel/igb/igb_main.c:8244) igb __napi_poll (net/core/dev.c:6582) net_rx_action (net/core/dev.c:6653 net/core/dev.c:6787) handle_softirqs (kernel/softirq.c:553) __irq_exit_rcu (kernel/softirq.c:588 kernel/softirq.c:427 kernel/softirq.c:636) irq_exit_rcu (kernel/softirq.c:651) common_interrupt (arch/x86/kernel/irq.c:247 (discriminator 14)) </IRQ> This problem seems particularly prevalent if the user advertises an endpoint that has a different external vs internal address. In the case where the external address is advertised and multiple connections already exist, multiple subflow SYNs arrive in parallel which tends to trigger the race during creation of the first local_addr_list entries which have the internal address instead. Fix by skipping the replacement of an existing implicit local address if called via mptcp_pm_nl_get_local_id. | 2025-04-01 | not yet calculated | CVE-2025-21938 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/xe/hmm: Don’t dereference struct page pointers without notifier lock The pnfs that we obtain from hmm_range_fault() point to pages that we don’t have a reference on, and the guarantee that they are still in the cpu page-tables is that the notifier lock must be held and the notifier seqno is still valid. So while building the sg table and marking the pages accesses / dirty we need to hold this lock with a validated seqno. However, the lock is reclaim tainted which makes sg_alloc_table_from_pages_segment() unusable, since it internally allocates memory. Instead build the sg-table manually. For the non-iommu case this might lead to fewer coalesces, but if that’s a problem it can be fixed up later in the resource cursor code. For the iommu case, the whole sg-table may still be coalesced to a single contigous device va region. This avoids marking pages that we don’t own dirty and accessed, and it also avoid dereferencing struct pages that we don’t own. v2: – Use assert to check whether hmm pfns are valid (Matthew Auld) – Take into account that large pages may cross range boundaries (Matthew Auld) v3: – Don’t unnecessarily check for a non-freed sg-table. (Matthew Auld) – Add a missing up_read() in an error path. (Matthew Auld) (cherry picked from commit ea3e66d280ce2576664a862693d1da8fd324c317) | 2025-04-01 | not yet calculated | CVE-2025-21939 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence when calling kfd_queue_acquire_buffers. (cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530) | 2025-04-01 | not yet calculated | CVE-2025-21940 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Null pointer dereference issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure ‘pipe_ctx->plane_state’ is not null before accessing. This prevents a null pointer dereference. Found by code review. (cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092) | 2025-04-01 | not yet calculated | CVE-2025-21941 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix extent range end unlock in cow_file_range() Running generic/751 on the for-next branch often results in a hang like below. They are both stack by locking an extent. This suggests someone forget to unlock an extent. INFO: task kworker/u128:1:12 blocked for more than 323 seconds. Not tainted 6.13.0-BTRFS-ZNS+ #503 “echo 0 > /proc/sys/kernel/hung_task_timeout_secs” disables this message. task:kworker/u128:1 state:D stack:0 pid:12 tgid:12 ppid:2 flags:0x00004000 Workqueue: btrfs-fixup btrfs_work_helper [btrfs] Call Trace: <TASK> __schedule+0x534/0xdd0 schedule+0x39/0x140 __lock_extent+0x31b/0x380 [btrfs] ? __pfx_autoremove_wake_function+0x10/0x10 btrfs_writepage_fixup_worker+0xf1/0x3a0 [btrfs] btrfs_work_helper+0xff/0x480 [btrfs] ? lock_release+0x178/0x2c0 process_one_work+0x1ee/0x570 ? srso_return_thunk+0x5/0x5f worker_thread+0x1d1/0x3b0 ? __pfx_worker_thread+0x10/0x10 kthread+0x10b/0x230 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> INFO: task kworker/u134:0:184 blocked for more than 323 seconds. Not tainted 6.13.0-BTRFS-ZNS+ #503 “echo 0 > /proc/sys/kernel/hung_task_timeout_secs” disables this message. task:kworker/u134:0 state:D stack:0 pid:184 tgid:184 ppid:2 flags:0x00004000 Workqueue: writeback wb_workfn (flush-btrfs-4) Call Trace: <TASK> __schedule+0x534/0xdd0 schedule+0x39/0x140 __lock_extent+0x31b/0x380 [btrfs] ? __pfx_autoremove_wake_function+0x10/0x10 find_lock_delalloc_range+0xdb/0x260 [btrfs] writepage_delalloc+0x12f/0x500 [btrfs] ? srso_return_thunk+0x5/0x5f extent_write_cache_pages+0x232/0x840 [btrfs] btrfs_writepages+0x72/0x130 [btrfs] do_writepages+0xe7/0x260 ? srso_return_thunk+0x5/0x5f ? lock_acquire+0xd2/0x300 ? srso_return_thunk+0x5/0x5f ? find_held_lock+0x2b/0x80 ? wbc_attach_and_unlock_inode.part.0+0x102/0x250 ? wbc_attach_and_unlock_inode.part.0+0x102/0x250 __writeback_single_inode+0x5c/0x4b0 writeback_sb_inodes+0x22d/0x550 __writeback_inodes_wb+0x4c/0xe0 wb_writeback+0x2f6/0x3f0 wb_workfn+0x32a/0x510 process_one_work+0x1ee/0x570 ? srso_return_thunk+0x5/0x5f worker_thread+0x1d1/0x3b0 ? __pfx_worker_thread+0x10/0x10 kthread+0x10b/0x230 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> This happens because we have another success path for the zoned mode. When there is no active zone available, btrfs_reserve_extent() returns -EAGAIN. In this case, we have two reactions. (1) If the given range is never allocated, we can only wait for someone to finish a zone, so wait on BTRFS_FS_NEED_ZONE_FINISH bit and retry afterward. (2) Or, if some allocations are already done, we must bail out and let the caller to send IOs for the allocation. This is because these IOs may be necessary to finish a zone. The commit 06f364284794 (“btrfs: do proper folio cleanup when cow_file_range() failed”) moved the unlock code from the inside of the loop to the outside. So, previously, the allocated extents are unlocked just after the allocation and so before returning from the function. However, they are no longer unlocked on the case (2) above. That caused the hang issue. Fix the issue by modifying the ‘end’ to the end of the allocated range. Then, we can exit the loop and the same unlock code can properly handle the case. | 2025-04-01 | not yet calculated | CVE-2025-21942 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: gpio: aggregator: protect driver attr handlers against module unload Both new_device_store and delete_device_store touch module global resources (e.g. gpio_aggregator_lock). To prevent race conditions with module unload, a reference needs to be held. Add try_module_get() in these handlers. For new_device_store, this eliminates what appears to be the most dangerous scenario: if an id is allocated from gpio_aggregator_idr but platform_device_register has not yet been called or completed, a concurrent module unload could fail to unregister/delete the device, leaving behind a dangling platform device/GPIO forwarder. This can result in various issues. The following simple reproducer demonstrates these problems: #!/bin/bash while :; do # note: whether ‘gpiochip0 0’ exists or not does not matter. echo ‘gpiochip0 0’ > /sys/bus/platform/drivers/gpio-aggregator/new_device done & while :; do modprobe gpio-aggregator modprobe -r gpio-aggregator done & wait Starting with the following warning, several kinds of warnings will appear and the system may become unstable: ————[ cut here ]———— list_del corruption, ffff888103e2e980->next is LIST_POISON1 (dead000000000100) WARNING: CPU: 1 PID: 1327 at lib/list_debug.c:56 __list_del_entry_valid_or_report+0xa3/0x120 […] RIP: 0010:__list_del_entry_valid_or_report+0xa3/0x120 […] Call Trace: <TASK> ? __list_del_entry_valid_or_report+0xa3/0x120 ? __warn.cold+0x93/0xf2 ? __list_del_entry_valid_or_report+0xa3/0x120 ? report_bug+0xe6/0x170 ? __irq_work_queue_local+0x39/0xe0 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x13/0x60 ? asm_exc_invalid_op+0x16/0x20 ? __list_del_entry_valid_or_report+0xa3/0x120 gpiod_remove_lookup_table+0x22/0x60 new_device_store+0x315/0x350 [gpio_aggregator] kernfs_fop_write_iter+0x137/0x1f0 vfs_write+0x262/0x430 ksys_write+0x60/0xd0 do_syscall_64+0x6c/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e […] </TASK> —[ end trace 0000000000000000 ]— | 2025-04-01 | not yet calculated | CVE-2025-21943 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix bug on trap in smb2_lock If lock count is greater than 1, flags could be old value. It should be checked with flags of smb_lock, not flags. It will cause bug-on trap from locks_free_lock in error handling routine. | 2025-04-01 | not yet calculated | CVE-2025-21944 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2_lock If smb_lock->zero_len has value, ->llist of smb_lock is not delete and flock is old one. It will cause use-after-free on error handling routine. | 2025-04-01 | not yet calculated | CVE-2025-21945 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds in parse_sec_desc() If osidoffset, gsidoffset and dacloffset could be greater than smb_ntsd struct size. If it is smaller, It could cause slab-out-of-bounds. And when validating sid, It need to check it included subauth array size. | 2025-04-01 | not yet calculated | CVE-2025-21946 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix type confusion via race condition when using ipc_msg_send_request req->handle is allocated using ksmbd_acquire_id(&ipc_ida), based on ida_alloc. req->handle from ksmbd_ipc_login_request and FSCTL_PIPE_TRANSCEIVE ioctl can be same and it could lead to type confusion between messages, resulting in access to unexpected parts of memory after an incorrect delivery. ksmbd check type of ipc response but missing add continue to check next ipc reponse. | 2025-04-01 | not yet calculated | CVE-2025-21947 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: HID: appleir: Fix potential NULL dereference at raw event handle Syzkaller reports a NULL pointer dereference issue in input_event(). BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: null-ptr-deref in is_event_supported drivers/input/input.c:67 [inline] BUG: KASAN: null-ptr-deref in input_event+0x42/0xa0 drivers/input/input.c:395 Read of size 8 at addr 0000000000000028 by task syz-executor199/2949 CPU: 0 UID: 0 PID: 2949 Comm: syz-executor199 Not tainted 6.13.0-rc4-syzkaller-00076-gf097a36ef88d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 kasan_report+0xd9/0x110 mm/kasan/report.c:602 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:68 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] is_event_supported drivers/input/input.c:67 [inline] input_event+0x42/0xa0 drivers/input/input.c:395 input_report_key include/linux/input.h:439 [inline] key_down drivers/hid/hid-appleir.c:159 [inline] appleir_raw_event+0x3e5/0x5e0 drivers/hid/hid-appleir.c:232 __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2111 hid_ctrl+0x49f/0x550 drivers/hid/usbhid/hid-core.c:484 __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650 usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734 dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1993 __run_hrtimer kernel/time/hrtimer.c:1739 [inline] __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1803 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1820 handle_softirqs+0x206/0x8d0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 __mod_timer+0x8f6/0xdc0 kernel/time/timer.c:1185 add_timer+0x62/0x90 kernel/time/timer.c:1295 schedule_timeout+0x11f/0x280 kernel/time/sleep_timeout.c:98 usbhid_wait_io+0x1c7/0x380 drivers/hid/usbhid/hid-core.c:645 usbhid_init_reports+0x19f/0x390 drivers/hid/usbhid/hid-core.c:784 hiddev_ioctl+0x1133/0x15b0 drivers/hid/usbhid/hiddev.c:794 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> This happens due to the malformed report items sent by the emulated device which results in a report, that has no fields, being added to the report list. Due to this appleir_input_configured() is never called, hidinput_connect() fails which results in the HID_CLAIMED_INPUT flag is not being set. However, it does not make appleir_probe() fail and lets the event callback to be called without the associated input device. Thus, add a check for the HID_CLAIMED_INPUT flag and leave the event hook early if the driver didn’t claim any input_dev for some reason. Moreover, some other hid drivers accessing input_dev in their event callbacks do have similar checks, too. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. | 2025-04-01 | not yet calculated | CVE-2025-21948 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set hugetlb mmap base address aligned with pmd size With ltp test case “testcases/bin/hugefork02”, there is a dmesg error report message such as: kernel BUG at mm/hugetlb.c:5550! Oops – BUG[#1]: CPU: 0 UID: 0 PID: 1517 Comm: hugefork02 Not tainted 6.14.0-rc2+ #241 Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 pc 90000000004eaf1c ra 9000000000485538 tp 900000010edbc000 sp 900000010edbf940 a0 900000010edbfb00 a1 9000000108d20280 a2 00007fffe9474000 a3 00007ffff3474000 a4 0000000000000000 a5 0000000000000003 a6 00000000003cadd3 a7 0000000000000000 t0 0000000001ffffff t1 0000000001474000 t2 900000010ecd7900 t3 00007fffe9474000 t4 00007fffe9474000 t5 0000000000000040 t6 900000010edbfb00 t7 0000000000000001 t8 0000000000000005 u0 90000000004849d0 s9 900000010edbfa00 s0 9000000108d20280 s1 00007fffe9474000 s2 0000000002000000 s3 9000000108d20280 s4 9000000002b38b10 s5 900000010edbfb00 s6 00007ffff3474000 s7 0000000000000406 s8 900000010edbfa08 ra: 9000000000485538 unmap_vmas+0x130/0x218 ERA: 90000000004eaf1c __unmap_hugepage_range+0x6f4/0x7d0 PRMD: 00000004 (PPLV0 +PIE -PWE) EUEN: 00000007 (+FPE +SXE +ASXE -BTE) ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7) ESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0) PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) Process hugefork02 (pid: 1517, threadinfo=00000000a670eaf4, task=000000007a95fc64) Call Trace: [<90000000004eaf1c>] __unmap_hugepage_range+0x6f4/0x7d0 [<9000000000485534>] unmap_vmas+0x12c/0x218 [<9000000000494068>] exit_mmap+0xe0/0x308 [<900000000025fdc4>] mmput+0x74/0x180 [<900000000026a284>] do_exit+0x294/0x898 [<900000000026aa30>] do_group_exit+0x30/0x98 [<900000000027bed4>] get_signal+0x83c/0x868 [<90000000002457b4>] arch_do_signal_or_restart+0x54/0xfa0 [<90000000015795e8>] irqentry_exit_to_user_mode+0xb8/0x138 [<90000000002572d0>] tlb_do_page_fault_1+0x114/0x1b4 The problem is that base address allocated from hugetlbfs is not aligned with pmd size. Here add a checking for hugetlbfs and align base address with pmd size. After this patch the test case “testcases/bin/hugefork02” passes to run. This is similar to the commit 7f24cbc9c4d42db8a3c8484d1 (“mm/mmap: teach generic_get_unmapped_area{_topdown} to handle hugetlb mappings”). | 2025-04-01 | not yet calculated | CVE-2025-21949 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl In the “pmcmd_ioctl” function, three memory objects allocated by kmalloc are initialized by “hcall_get_cpu_state”, which are then copied to user space. The initializer is indeed implemented in “acrn_hypercall2” (arch/x86/include/asm/acrn.h). There is a risk of information leakage due to uninitialized bytes. | 2025-04-01 | not yet calculated | CVE-2025-21950 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock There are multiple places from where the recovery work gets scheduled asynchronously. Also, there are multiple places where the caller waits synchronously for the recovery to be completed. One such place is during the PM shutdown() callback. If the device is not alive during recovery_work, it will try to reset the device using pci_reset_function(). This function internally will take the device_lock() first before resetting the device. By this time, if the lock has already been acquired, then recovery_work will get stalled while waiting for the lock. And if the lock was already acquired by the caller which waits for the recovery_work to be completed, it will lead to deadlock. This is what happened on the X1E80100 CRD device when the device died before shutdown() callback. Driver core calls the driver’s shutdown() callback while holding the device_lock() leading to deadlock. And this deadlock scenario can occur on other paths as well, like during the PM suspend() callback, where the driver core would hold the device_lock() before calling driver’s suspend() callback. And if the recovery_work was already started, it could lead to deadlock. This is also observed on the X1E80100 CRD. So to fix both issues, use pci_try_reset_function() in recovery_work. This function first checks for the availability of the device_lock() before trying to reset the device. If the lock is available, it will acquire it and reset the device. Otherwise, it will return -EAGAIN. If that happens, recovery_work will fail with the error message “Recovery failed” as not much could be done. | 2025-04-01 | not yet calculated | CVE-2025-21951 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Update power supply values with a unified work handler corsair_void_process_receiver can be called from an interrupt context, locking battery_mutex in it was causing a kernel panic. Fix it by moving the critical section into its own work, sharing this work with battery_add_work and battery_remove_work to remove the need for any locking | 2025-04-01 | not yet calculated | CVE-2025-21952 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: mana: cleanup mana struct after debugfs_remove() When on a MANA VM hibernation is triggered, as part of hibernate_snapshot(), mana_gd_suspend() and mana_gd_resume() are called. If during this mana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs pointer does not get reinitialized and ends up pointing to older, cleaned-up dentry. Further in the hibernation path, as part of power_down(), mana_gd_shutdown() is triggered. This call, unaware of the failures in resume, tries to cleanup the already cleaned up mana_port_debugfs value and hits the following bug: [ 191.359296] mana 7870:00:00.0: Shutdown was called [ 191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098 [ 191.360584] #PF: supervisor write access in kernel mode [ 191.361125] #PF: error_code(0x0002) – not-present page [ 191.361727] PGD 1080ea067 P4D 0 [ 191.362172] Oops: Oops: 0002 [#1] SMP NOPTI [ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2 [ 191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024 [ 191.364124] RIP: 0010:down_write+0x19/0x50 [ 191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 <f0> 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d [ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246 [ 191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000 [ 191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098 [ 191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001 [ 191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000 [ 191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020 [ 191.369549] FS: 00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000 [ 191.370213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0 [ 191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 [ 191.372906] Call Trace: [ 191.373262] <TASK> [ 191.373621] ? show_regs+0x64/0x70 [ 191.374040] ? __die+0x24/0x70 [ 191.374468] ? page_fault_oops+0x290/0x5b0 [ 191.374875] ? do_user_addr_fault+0x448/0x800 [ 191.375357] ? exc_page_fault+0x7a/0x160 [ 191.375971] ? asm_exc_page_fault+0x27/0x30 [ 191.376416] ? down_write+0x19/0x50 [ 191.376832] ? down_write+0x12/0x50 [ 191.377232] simple_recursive_removal+0x4a/0x2a0 [ 191.377679] ? __pfx_remove_one+0x10/0x10 [ 191.378088] debugfs_remove+0x44/0x70 [ 191.378530] mana_detach+0x17c/0x4f0 [ 191.378950] ? __flush_work+0x1e2/0x3b0 [ 191.379362] ? __cond_resched+0x1a/0x50 [ 191.379787] mana_remove+0xf2/0x1a0 [ 191.380193] mana_gd_shutdown+0x3b/0x70 [ 191.380642] pci_device_shutdown+0x3a/0x80 [ 191.381063] device_shutdown+0x13e/0x230 [ 191.381480] kernel_power_off+0x35/0x80 [ 191.381890] hibernate+0x3c6/0x470 [ 191.382312] state_store+0xcb/0xd0 [ 191.382734] kobj_attr_store+0x12/0x30 [ 191.383211] sysfs_kf_write+0x3e/0x50 [ 191.383640] kernfs_fop_write_iter+0x140/0x1d0 [ 191.384106] vfs_write+0x271/0x440 [ 191.384521] ksys_write+0x72/0xf0 [ 191.384924] __x64_sys_write+0x19/0x20 [ 191.385313] x64_sys_call+0x2b0/0x20b0 [ 191.385736] do_syscall_64+0x79/0x150 [ 191.386146] ? __mod_memcg_lruvec_state+0xe7/0x240 [ 191.386676] ? __lruvec_stat_mod_folio+0x79/0xb0 [ 191.387124] ? __pfx_lru_add+0x10/0x10 [ 191.387515] ? queued_spin_unlock+0x9/0x10 [ 191.387937] ? do_anonymous_page+0x33c/0xa00 [ 191.388374] ? __handle_mm_fault+0xcf3/0x1210 [ 191.388805] ? __count_memcg_events+0xbe/0x180 [ 191.389235] ? handle_mm_fault+0xae/0x300 [ 19 —truncated— | 2025-04-01 | not yet calculated | CVE-2025-21953 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: netmem: prevent TX of unreadable skbs Currently on stable trees we have support for netmem/devmem RX but not TX. It is not safe to forward/redirect an RX unreadable netmem packet into the device’s TX path, as the device may call dma-mapping APIs on dma addrs that should not be passed to it. Fix this by preventing the xmit of unreadable skbs. Tested by configuring tc redirect: sudo tc qdisc add dev eth1 ingress sudo tc filter add dev eth1 ingress protocol ip prio 1 flower ip_proto \ tcp src_ip 192.168.1.12 action mirred egress redirect dev eth1 Before, I see unreadable skbs in the driver’s TX path passed to dma mapping APIs. After, I don’t see unreadable skbs in the driver’s TX path passed to dma mapping APIs. | 2025-04-01 | not yet calculated | CVE-2025-21954 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent connection release during oplock break notification ksmbd_work could be freed when after connection release. Increment r_count of ksmbd_conn to indicate that requests are not finished yet and to not release the connection. | 2025-04-01 | not yet calculated | CVE-2025-21955 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign normalized_pix_clk when color depth = 14 [WHY & HOW] A warning message “WARNING: CPU: 4 PID: 459 at … /dc_resource.c:3397 calculate_phy_pix_clks+0xef/0x100 [amdgpu]” occurs because the display_color_depth == COLOR_DEPTH_141414 is not handled. This is observed in Radeon RX 6600 XT. It is fixed by assigning pix_clk * (14 * 3) / 24 – same as the rests. Also fixes the indentation in get_norm_pix_clk. (cherry picked from commit 274a87eb389f58eddcbc5659ab0b180b37e92775) | 2025-04-01 | not yet calculated | CVE-2025-21956 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level > 2 A null dereference or oops exception will eventually occur when qla1280.c driver is compiled with DEBUG_QLA1280 enabled and ql_debug_level > 2. I think its clear from the code that the intention here is sg_dma_len(s) not length of sg_next(s) when printing the debug info. | 2025-04-01 | not yet calculated | CVE-2025-21957 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Revert “openvswitch: switch to per-action label counting in conntrack” Currently, ovs_ct_set_labels() is only called for confirmed conntrack entries (ct) within ovs_ct_commit(). However, if the conntrack entry does not have the labels_ext extension, attempting to allocate it in ovs_ct_get_conn_labels() for a confirmed entry triggers a warning in nf_ct_ext_add(): WARN_ON(nf_ct_is_confirmed(ct)); This happens when the conntrack entry is created externally before OVS increments net->ct.labels_used. The issue has become more likely since commit fcb1aa5163b1 (“openvswitch: switch to per-action label counting in conntrack”), which changed to use per-action label counting and increment net->ct.labels_used when a flow with ct action is added. Since there’s no straightforward way to fully resolve this issue at the moment, this reverts the commit to avoid breaking existing use cases. | 2025-04-01 | not yet calculated | CVE-2025-21958 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Since commit b36e4523d4d5 (“netfilter: nf_conncount: fix garbage collection confirm race”), `cpu` and `jiffies32` were introduced to the struct nf_conncount_tuple. The commit made nf_conncount_add() initialize `conn->cpu` and `conn->jiffies32` when allocating the struct. In contrast, count_tree() was not changed to initialize them. By commit 34848d5c896e (“netfilter: nf_conncount: Split insert and traversal”), count_tree() was split and the relevant allocation code now resides in insert_tree(). Initialize `conn->cpu` and `conn->jiffies32` in insert_tree(). BUG: KMSAN: uninit-value in find_or_evict net/netfilter/nf_conncount.c:117 [inline] BUG: KMSAN: uninit-value in __nf_conncount_add+0xd9c/0x2850 net/netfilter/nf_conncount.c:143 find_or_evict net/netfilter/nf_conncount.c:117 [inline] __nf_conncount_add+0xd9c/0x2850 net/netfilter/nf_conncount.c:143 count_tree net/netfilter/nf_conncount.c:438 [inline] nf_conncount_count+0x82f/0x1e80 net/netfilter/nf_conncount.c:521 connlimit_mt+0x7f6/0xbd0 net/netfilter/xt_connlimit.c:72 __nft_match_eval net/netfilter/nft_compat.c:403 [inline] nft_match_eval+0x1a5/0x300 net/netfilter/nft_compat.c:433 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x426/0x2290 net/netfilter/nf_tables_core.c:288 nft_do_chain_ipv4+0x1a5/0x230 net/netfilter/nft_chain_filter.c:23 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook_slow_list+0x24d/0x860 net/netfilter/core.c:663 NF_HOOK_LIST include/linux/netfilter.h:350 [inline] ip_sublist_rcv+0x17b7/0x17f0 net/ipv4/ip_input.c:633 ip_list_rcv+0x9ef/0xa40 net/ipv4/ip_input.c:669 __netif_receive_skb_list_ptype net/core/dev.c:5936 [inline] __netif_receive_skb_list_core+0x15c5/0x1670 net/core/dev.c:5983 __netif_receive_skb_list net/core/dev.c:6035 [inline] netif_receive_skb_list_internal+0x1085/0x1700 net/core/dev.c:6126 netif_receive_skb_list+0x5a/0x460 net/core/dev.c:6178 xdp_recv_frames net/bpf/test_run.c:280 [inline] xdp_test_run_batch net/bpf/test_run.c:361 [inline] bpf_test_run_xdp_live+0x2e86/0x3480 net/bpf/test_run.c:390 bpf_prog_test_run_xdp+0xf1d/0x1ae0 net/bpf/test_run.c:1316 bpf_prog_test_run+0x5e5/0xa30 kernel/bpf/syscall.c:4407 __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5813 __do_sys_bpf kernel/bpf/syscall.c:5902 [inline] __se_sys_bpf kernel/bpf/syscall.c:5900 [inline] __ia32_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5900 ia32_sys_call+0x394d/0x4180 arch/x86/include/generated/asm/syscalls_32.h:358 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] __do_fast_syscall_32+0xb0/0x110 arch/x86/entry/common.c:387 do_fast_syscall_32+0x38/0x80 arch/x86/entry/common.c:412 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:450 entry_SYSENTER_compat_after_hwframe+0x84/0x8e Uninit was created at: slab_post_alloc_hook mm/slub.c:4121 [inline] slab_alloc_node mm/slub.c:4164 [inline] kmem_cache_alloc_noprof+0x915/0xe10 mm/slub.c:4171 insert_tree net/netfilter/nf_conncount.c:372 [inline] count_tree net/netfilter/nf_conncount.c:450 [inline] nf_conncount_count+0x1415/0x1e80 net/netfilter/nf_conncount.c:521 connlimit_mt+0x7f6/0xbd0 net/netfilter/xt_connlimit.c:72 __nft_match_eval net/netfilter/nft_compat.c:403 [inline] nft_match_eval+0x1a5/0x300 net/netfilter/nft_compat.c:433 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x426/0x2290 net/netfilter/nf_tables_core.c:288 nft_do_chain_ipv4+0x1a5/0x230 net/netfilter/nft_chain_filter.c:23 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook_slow_list+0x24d/0x860 net/netfilter/core.c:663 NF_HOOK_LIST include/linux/netfilter.h:350 [inline] ip_sublist_rcv+0x17b7/0x17f0 net/ipv4/ip_input.c:633 ip_list_rcv+0x9ef/0xa40 net/ip —truncated— | 2025-04-01 | not yet calculated | CVE-2025-21959 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() The bnxt_rx_pkt() updates ip_summed value at the end if checksum offload is enabled. When the XDP-MB program is attached and it returns XDP_PASS, the bnxt_xdp_build_skb() is called to update skb_shared_info. The main purpose of bnxt_xdp_build_skb() is to update skb_shared_info, but it updates ip_summed value too if checksum offload is enabled. This is actually duplicate work. When the bnxt_rx_pkt() updates ip_summed value, it checks if ip_summed is CHECKSUM_NONE or not. It means that ip_summed should be CHECKSUM_NONE at this moment. But ip_summed may already be updated to CHECKSUM_UNNECESSARY in the XDP-MB-PASS path. So the by skb_checksum_none_assert() WARNS about it. This is duplicate work and updating ip_summed in the bnxt_xdp_build_skb() is not needed. Splat looks like: WARNING: CPU: 3 PID: 5782 at ./include/linux/skbuff.h:5155 bnxt_rx_pkt+0x479b/0x7610 [bnxt_en] Modules linked in: bnxt_re bnxt_en rdma_ucm rdma_cm iw_cm ib_cm ib_uverbs veth xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_] CPU: 3 UID: 0 PID: 5782 Comm: socat Tainted: G W 6.14.0-rc4+ #27 Tainted: [W]=WARN Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021 RIP: 0010:bnxt_rx_pkt+0x479b/0x7610 [bnxt_en] Code: 54 24 0c 4c 89 f1 4c 89 ff c1 ea 1f ff d3 0f 1f 00 49 89 c6 48 85 c0 0f 84 4c e5 ff ff 48 89 c7 e8 ca 3d a0 c8 e9 8f f4 ff ff <0f> 0b f RSP: 0018:ffff88881ba09928 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 00000000c7590303 RCX: 0000000000000000 RDX: 1ffff1104e7d1610 RSI: 0000000000000001 RDI: ffff8881c91300b8 RBP: ffff88881ba09b28 R08: ffff888273e8b0d0 R09: ffff888273e8b070 R10: ffff888273e8b010 R11: ffff888278b0f000 R12: ffff888273e8b080 R13: ffff8881c9130e00 R14: ffff8881505d3800 R15: ffff888273e8b000 FS: 00007f5a2e7be080(0000) GS:ffff88881ba00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff2e708ff8 CR3: 000000013e3b0000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <IRQ> ? __warn+0xcd/0x2f0 ? bnxt_rx_pkt+0x479b/0x7610 ? report_bug+0x326/0x3c0 ? handle_bug+0x53/0xa0 ? exc_invalid_op+0x14/0x50 ? asm_exc_invalid_op+0x16/0x20 ? bnxt_rx_pkt+0x479b/0x7610 ? bnxt_rx_pkt+0x3e41/0x7610 ? __pfx_bnxt_rx_pkt+0x10/0x10 ? napi_complete_done+0x2cf/0x7d0 __bnxt_poll_work+0x4e8/0x1220 ? __pfx___bnxt_poll_work+0x10/0x10 ? __pfx_mark_lock.part.0+0x10/0x10 bnxt_poll_p5+0x36a/0xfa0 ? __pfx_bnxt_poll_p5+0x10/0x10 __napi_poll.constprop.0+0xa0/0x440 net_rx_action+0x899/0xd00 … Following ping.py patch adds xdp-mb-pass case. so ping.py is going to be able to reproduce this issue. | 2025-04-01 | not yet calculated | CVE-2025-21960 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix truesize for mb-xdp-pass case When mb-xdp is set and return is XDP_PASS, packet is converted from xdp_buff to sk_buff with xdp_update_skb_shared_info() in bnxt_xdp_build_skb(). bnxt_xdp_build_skb() passes incorrect truesize argument to xdp_update_skb_shared_info(). The truesize is calculated as BNXT_RX_PAGE_SIZE * sinfo->nr_frags but the skb_shared_info was wiped by napi_build_skb() before. So it stores sinfo->nr_frags before bnxt_xdp_build_skb() and use it instead of getting skb_shared_info from xdp_get_shared_info_from_buff(). Splat looks like: ————[ cut here ]———— WARNING: CPU: 2 PID: 0 at net/core/skbuff.c:6072 skb_try_coalesce+0x504/0x590 Modules linked in: xt_nat xt_tcpudp veth af_packet xt_conntrack nft_chain_nat xt_MASQUERADE nf_conntrack_netlink xfrm_user xt_addrtype nft_coms CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.14.0-rc2+ #3 RIP: 0010:skb_try_coalesce+0x504/0x590 Code: 4b fd ff ff 49 8b 34 24 40 80 e6 40 0f 84 3d fd ff ff 49 8b 74 24 48 40 f6 c6 01 0f 84 2e fd ff ff 48 8d 4e ff e9 25 fd ff ff <0f> 0b e99 RSP: 0018:ffffb62c4120caa8 EFLAGS: 00010287 RAX: 0000000000000003 RBX: ffffb62c4120cb14 RCX: 0000000000000ec0 RDX: 0000000000001000 RSI: ffffa06e5d7dc000 RDI: 0000000000000003 RBP: ffffa06e5d7ddec0 R08: ffffa06e6120a800 R09: ffffa06e7a119900 R10: 0000000000002310 R11: ffffa06e5d7dcec0 R12: ffffe4360575f740 R13: ffffe43600000000 R14: 0000000000000002 R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffffa0755f700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f147b76b0f8 CR3: 00000001615d4000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <IRQ> ? __warn+0x84/0x130 ? skb_try_coalesce+0x504/0x590 ? report_bug+0x18a/0x1a0 ? handle_bug+0x53/0x90 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? skb_try_coalesce+0x504/0x590 inet_frag_reasm_finish+0x11f/0x2e0 ip_defrag+0x37a/0x900 ip_local_deliver+0x51/0x120 ip_sublist_rcv_finish+0x64/0x70 ip_sublist_rcv+0x179/0x210 ip_list_rcv+0xf9/0x130 How to reproduce: <Node A> ip link set $interface1 xdp obj xdp_pass.o ip link set $interface1 mtu 9000 up ip a a 10.0.0.1/24 dev $interface1 <Node B> ip link set $interfac2 mtu 9000 up ip a a 10.0.0.2/24 dev $interface2 ping 10.0.0.1 -s 65000 Following ping.py patch adds xdp-mb-pass case. so ping.py is going to be able to reproduce this issue. | 2025-04-01 | not yet calculated | CVE-2025-21961 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option User-provided mount parameter closetimeo of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. | 2025-04-01 | not yet calculated | CVE-2025-21962 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. | 2025-04-01 | not yet calculated | CVE-2025-21963 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. | 2025-04-01 | not yet calculated | CVE-2025-21964 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl() If a BPF scheduler provides an invalid CPU (outside the nr_cpu_ids range) as prev_cpu to scx_bpf_select_cpu_dfl() it can cause a kernel crash. To prevent this, validate prev_cpu in scx_bpf_select_cpu_dfl() and trigger an scx error if an invalid CPU is specified. | 2025-04-01 | not yet calculated | CVE-2025-21965 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature Fix memory corruption due to incorrect parameter being passed to bio_init | 2025-04-01 | not yet calculated | CVE-2025-21966 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_free_work_struct ->interim_entry of ksmbd_work could be deleted after oplock is freed. We don’t need to manage it with linked list. The interim request could be immediately sent whenever a oplock break wait is needed. | 2025-04-01 | not yet calculated | CVE-2025-21967 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free on hdcp_work [Why] A slab-use-after-free is reported when HDCP is destroyed but the property_validate_dwork queue is still running. [How] Cancel the delayed work when destroying workqueue. (cherry picked from commit 725a04ba5a95e89c89633d4322430cfbca7ce128) | 2025-04-01 | not yet calculated | CVE-2025-21968 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive data work queue references the released l2cap_conn when sending to the upper layer. Add hci dev lock to the hci receive data work queue to synchronize the two. [1] BUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954 Read of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837 CPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: hci1 hci_rx_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline] l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954 l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline] l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline] l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817 hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline] hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 5837: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329 kmalloc_noprof include/linux/slab.h:901 [inline] kzalloc_noprof include/linux/slab.h:1037 [inline] l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860 l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239 hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline] hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726 hci_event_func net/bluetooth/hci_event.c:7473 [inline] hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525 hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 54: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2353 [inline] slab_free mm/slub.c:4613 [inline] kfree+0x196/0x430 mm/slub.c:4761 l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235 hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline] hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266 hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603 hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr —truncated— | 2025-04-01 | not yet calculated | CVE-2025-21969 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Bridge, fix the crash caused by LAG state check When removing LAG device from bridge, NETDEV_CHANGEUPPER event is triggered. Driver finds the lower devices (PFs) to flush all the offloaded entries. And mlx5_lag_is_shared_fdb is checked, it returns false if one of PF is unloaded. In such case, mlx5_esw_bridge_lag_rep_get() and its caller return NULL, instead of the alive PF, and the flush is skipped. Besides, the bridge fdb entry’s lastuse is updated in mlx5 bridge event handler. But this SWITCHDEV_FDB_ADD_TO_BRIDGE event can be ignored in this case because the upper interface for bond is deleted, and the entry will never be aged because lastuse is never updated. To make things worse, as the entry is alive, mlx5 bridge workqueue keeps sending that event, which is then handled by kernel bridge notifier. It causes the following crash when accessing the passed bond netdev which is already destroyed. To fix this issue, remove such checks. LAG state is already checked in commit 15f8f168952f (“net/mlx5: Bridge, verify LAG state when adding bond to bridge”), driver still need to skip offload if LAG becomes invalid state after initialization. Oops: stack segment: 0000 [#1] SMP CPU: 3 UID: 0 PID: 23695 Comm: kworker/u40:3 Tainted: G OE 6.11.0_mlnx #1 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5_bridge_wq mlx5_esw_bridge_update_work [mlx5_core] RIP: 0010:br_switchdev_event+0x2c/0x110 [bridge] Code: 44 00 00 48 8b 02 48 f7 00 00 02 00 00 74 69 41 54 55 53 48 83 ec 08 48 8b a8 08 01 00 00 48 85 ed 74 4a 48 83 fe 02 48 89 d3 <4c> 8b 65 00 74 23 76 49 48 83 fe 05 74 7e 48 83 fe 06 75 2f 0f b7 RSP: 0018:ffffc900092cfda0 EFLAGS: 00010297 RAX: ffff888123bfe000 RBX: ffffc900092cfe08 RCX: 00000000ffffffff RDX: ffffc900092cfe08 RSI: 0000000000000001 RDI: ffffffffa0c585f0 RBP: 6669746f6e690a30 R08: 0000000000000000 R09: ffff888123ae92c8 R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888123ae9c60 R13: 0000000000000001 R14: ffffc900092cfe08 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88852c980000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f15914c8734 CR3: 0000000002830005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x1a/0x60 ? die+0x38/0x60 ? do_trap+0x10b/0x120 ? do_error_trap+0x64/0xa0 ? exc_stack_segment+0x33/0x50 ? asm_exc_stack_segment+0x22/0x30 ? br_switchdev_event+0x2c/0x110 [bridge] ? sched_balance_newidle.isra.149+0x248/0x390 notifier_call_chain+0x4b/0xa0 atomic_notifier_call_chain+0x16/0x20 mlx5_esw_bridge_update+0xec/0x170 [mlx5_core] mlx5_esw_bridge_update_work+0x19/0x40 [mlx5_core] process_scheduled_works+0x81/0x390 worker_thread+0x106/0x250 ? bh_worker+0x110/0x110 kthread+0xb7/0xe0 ? kthread_park+0x80/0x80 ret_from_fork+0x2d/0x50 ? kthread_park+0x80/0x80 ret_from_fork_asm+0x11/0x20 </TASK> | 2025-04-01 | not yet calculated | CVE-2025-21970 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created with classid TC_H_ROOT, the traversal terminates prematurely at this class instead of reaching the actual root qdisc, causing parent statistics to be incorrectly maintained. In case of DRR, this could lead to a crash as reported by Mingi Cho. Prevent the creation of any Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) across all qdisc types, as suggested by Jamal. | 2025-04-01 | not yet calculated | CVE-2025-21971 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: mctp: unshare packets when reassembling Ensure that the frag_list used for reassembly isn’t shared with other packets. This avoids incorrect reassembly when packets are cloned, and prevents a memory leak due to circular references between fragments and their skb_shared_info. The upcoming MCTP-over-USB driver uses skb_clone which can trigger the problem – other MCTP drivers don’t share SKBs. A kunit test is added to reproduce the issue. | 2025-04-01 | not yet calculated | CVE-2025-21972 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix kernel panic in the bnxt_get_queue_stats{rx | tx} When qstats-get operation is executed, callbacks of netdev_stats_ops are called. The bnxt_get_queue_stats{rx | tx} collect per-queue stats from sw_stats in the rings. But {rx | tx | cp}_ring are allocated when the interface is up. So, these rings are not allocated when the interface is down. The qstats-get is allowed even if the interface is down. However, the bnxt_get_queue_stats{rx | tx}() accesses cp_ring and tx_ring without null check. So, it needs to avoid accessing rings if the interface is down. Reproducer: ip link set $interface down ./cli.py –spec netdev.yaml –dump qstats-get OR ip link set $interface down python ./stats.py Splat looks like: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) – not-present page PGD 1680fa067 P4D 1680fa067 PUD 16be3b067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 UID: 0 PID: 1495 Comm: python3 Not tainted 6.14.0-rc4+ #32 5cd0f999d5a15c574ac72b3e4b907341 Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021 RIP: 0010:bnxt_get_queue_stats_rx+0xf/0x70 [bnxt_en] Code: c6 87 b5 18 00 00 02 eb a2 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 01 RSP: 0018:ffffabef43cdb7e0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffffffffc04c8710 RCX: 0000000000000000 RDX: ffffabef43cdb858 RSI: 0000000000000000 RDI: ffff8d504e850000 RBP: ffff8d506c9f9c00 R08: 0000000000000004 R09: ffff8d506bcd901c R10: 0000000000000015 R11: ffff8d506bcd9000 R12: 0000000000000000 R13: ffffabef43cdb8c0 R14: ffff8d504e850000 R15: 0000000000000000 FS: 00007f2c5462b080(0000) GS:ffff8d575f600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000167fd0000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x15a/0x460 ? sched_balance_find_src_group+0x58d/0xd10 ? exc_page_fault+0x6e/0x180 ? asm_exc_page_fault+0x22/0x30 ? bnxt_get_queue_stats_rx+0xf/0x70 [bnxt_en cdd546fd48563c280cfd30e9647efa420db07bf1] netdev_nl_stats_by_netdev+0x2b1/0x4e0 ? xas_load+0x9/0xb0 ? xas_find+0x183/0x1d0 ? xa_find+0x8b/0xe0 netdev_nl_qstats_get_dumpit+0xbf/0x1e0 genl_dumpit+0x31/0x90 netlink_dump+0x1a8/0x360 | 2025-04-01 | not yet calculated | CVE-2025-21973 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc() The bnxt_queue_mem_alloc() is called to allocate new queue memory when a queue is restarted. It internally accesses rx buffer descriptor corresponding to the index. The rx buffer descriptor is allocated and set when the interface is up and it’s freed when the interface is down. So, if queue is restarted if interface is down, kernel panic occurs. Splat looks like: BUG: unable to handle page fault for address: 000000000000b240 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) – not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 UID: 0 PID: 1563 Comm: ncdevmem2 Not tainted 6.14.0-rc2+ #9 844ddba6e7c459cafd0bf4db9a3198e Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021 RIP: 0010:bnxt_queue_mem_alloc+0x3f/0x4e0 [bnxt_en] Code: 41 54 4d 89 c4 4d 69 c0 c0 05 00 00 55 48 89 f5 53 48 89 fb 4c 8d b5 40 05 00 00 48 83 ec 15 RSP: 0018:ffff9dcc83fef9e8 EFLAGS: 00010202 RAX: ffffffffc0457720 RBX: ffff934ed8d40000 RCX: 0000000000000000 RDX: 000000000000001f RSI: ffff934ea508f800 RDI: ffff934ea508f808 RBP: ffff934ea508f800 R08: 000000000000b240 R09: ffff934e84f4b000 R10: ffff9dcc83fefa30 R11: ffff934e84f4b000 R12: 000000000000001f R13: ffff934ed8d40ac0 R14: ffff934ea508fd40 R15: ffff934e84f4b000 FS: 00007fa73888c740(0000) GS:ffff93559f780000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000b240 CR3: 0000000145a2e000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x15a/0x460 ? exc_page_fault+0x6e/0x180 ? asm_exc_page_fault+0x22/0x30 ? __pfx_bnxt_queue_mem_alloc+0x10/0x10 [bnxt_en 7f85e76f4d724ba07471d7e39d9e773aea6597b7] ? bnxt_queue_mem_alloc+0x3f/0x4e0 [bnxt_en 7f85e76f4d724ba07471d7e39d9e773aea6597b7] netdev_rx_queue_restart+0xc5/0x240 net_devmem_bind_dmabuf_to_queue+0xf8/0x200 netdev_nl_bind_rx_doit+0x3a7/0x450 genl_family_rcv_msg_doit+0xd9/0x130 genl_rcv_msg+0x184/0x2b0 ? __pfx_netdev_nl_bind_rx_doit+0x10/0x10 ? __pfx_genl_rcv_msg+0x10/0x10 netlink_rcv_skb+0x54/0x100 genl_rcv+0x24/0x40 … | 2025-04-01 | not yet calculated | CVE-2025-21974 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: handle errors in mlx5_chains_create_table() In mlx5_chains_create_table(), the return value of mlx5_get_fdb_sub_ns() and mlx5_get_flow_namespace() must be checked to prevent NULL pointer dereferences. If either function fails, the function should log error message with mlx5_core_warn() and return error pointer. | 2025-04-01 | not yet calculated | CVE-2025-21975 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: fbdev: hyperv_fb: Allow graceful removal of framebuffer When a Hyper-V framebuffer device is unbind, hyperv_fb driver tries to release the framebuffer forcefully. If this framebuffer is in use it produce the following WARN and hence this framebuffer is never released. [ 44.111220] WARNING: CPU: 35 PID: 1882 at drivers/video/fbdev/core/fb_info.c:70 framebuffer_release+0x2c/0x40 < snip > [ 44.111289] Call Trace: [ 44.111290] <TASK> [ 44.111291] ? show_regs+0x6c/0x80 [ 44.111295] ? __warn+0x8d/0x150 [ 44.111298] ? framebuffer_release+0x2c/0x40 [ 44.111300] ? report_bug+0x182/0x1b0 [ 44.111303] ? handle_bug+0x6e/0xb0 [ 44.111306] ? exc_invalid_op+0x18/0x80 [ 44.111308] ? asm_exc_invalid_op+0x1b/0x20 [ 44.111311] ? framebuffer_release+0x2c/0x40 [ 44.111313] ? hvfb_remove+0x86/0xa0 [hyperv_fb] [ 44.111315] vmbus_remove+0x24/0x40 [hv_vmbus] [ 44.111323] device_remove+0x40/0x80 [ 44.111325] device_release_driver_internal+0x20b/0x270 [ 44.111327] ? bus_find_device+0xb3/0xf0 Fix this by moving the release of framebuffer and assosiated memory to fb_ops.fb_destroy function, so that framebuffer framework handles it gracefully. While we fix this, also replace manual registrations/unregistration of framebuffer with devm_register_framebuffer. | 2025-04-01 | not yet calculated | CVE-2025-21976 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: fbdev: hyperv_fb: Fix hang in kdump kernel when on Hyper-V Gen 2 VMs Gen 2 Hyper-V VMs boot via EFI and have a standard EFI framebuffer device. When the kdump kernel runs in such a VM, loading the efifb driver may hang because of accessing the framebuffer at the wrong memory address. The scenario occurs when the hyperv_fb driver in the original kernel moves the framebuffer to a different MMIO address because of conflicts with an already-running efifb or simplefb driver. The hyperv_fb driver then informs Hyper-V of the change, which is allowed by the Hyper-V FB VMBus device protocol. However, when the kexec command loads the kdump kernel into crash memory via the kexec_file_load() system call, the system call doesn’t know the framebuffer has moved, and it sets up the kdump screen_info using the original framebuffer address. The transition to the kdump kernel does not go through the Hyper-V host, so Hyper-V does not reset the framebuffer address like it would do on a reboot. When efifb tries to run, it accesses a non-existent framebuffer address, which traps to the Hyper-V host. After many such accesses, the Hyper-V host thinks the guest is being malicious, and throttles the guest to the point that it runs very slowly or appears to have hung. When the kdump kernel is loaded into crash memory via the kexec_load() system call, the problem does not occur. In this case, the kexec command builds the screen_info table itself in user space from data returned by the FBIOGET_FSCREENINFO ioctl against /dev/fb0, which gives it the new framebuffer location. This problem was originally reported in 2020 [1], resulting in commit 3cb73bc3fa2a (“hyperv_fb: Update screen_info after removing old framebuffer”). This commit solved the problem by setting orig_video_isVGA to 0, so the kdump kernel was unaware of the EFI framebuffer. The efifb driver did not try to load, and no hang occurred. But in 2024, commit c25a19afb81c (“fbdev/hyperv_fb: Do not clear global screen_info”) effectively reverted 3cb73bc3fa2a. Commit c25a19afb81c has no reference to 3cb73bc3fa2a, so perhaps it was done without knowing the implications that were reported with 3cb73bc3fa2a. In any case, as of commit c25a19afb81c, the original problem came back again. Interestingly, the hyperv_drm driver does not have this problem because it never moves the framebuffer. The difference is that the hyperv_drm driver removes any conflicting framebuffers *before* allocating an MMIO address, while the hyperv_fb drivers removes conflicting framebuffers *after* allocating an MMIO address. With the “after” ordering, hyperv_fb may encounter a conflict and move the framebuffer to a different MMIO address. But the conflict is essentially bogus because it is removed a few lines of code later. Rather than fix the problem with the approach from 2020 in commit 3cb73bc3fa2a, instead slightly reorder the steps in hyperv_fb so conflicting framebuffers are removed before allocating an MMIO address. Then the default framebuffer MMIO address should always be available, and there’s never any confusion about which framebuffer address the kdump kernel should use — it’s always the original address provided by the Hyper-V host. This approach is already used by the hyperv_drm driver, and is consistent with the usage guidelines at the head of the module with the function aperture_remove_conflicting_devices(). This approach also solves a related minor problem when kexec_load() is used to load the kdump kernel. With current code, unbinding and rebinding the hyperv_fb driver could result in the framebuffer moving back to the default framebuffer address, because on the rebind there are no conflicts. If such a move is done after the kdump kernel is loaded with the new framebuffer address, at kdump time it could again have the wrong address. This problem and fix are described in terms of the kdump kernel, but it can also occur —truncated— | 2025-04-01 | not yet calculated | CVE-2025-21977 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/hyperv: Fix address space leak when Hyper-V DRM device is removed When a Hyper-V DRM device is probed, the driver allocates MMIO space for the vram, and maps it cacheable. If the device removed, or in the error path for device probing, the MMIO space is released but no unmap is done. Consequently the kernel address space for the mapping is leaked. Fix this by adding iounmap() calls in the device removal path, and in the error path during device probing. | 2025-04-01 | not yet calculated | CVE-2025-21978 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel wiphy_work before freeing wiphy A wiphy_work can be queued from the moment the wiphy is allocated and initialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the rdev::wiphy_work is getting queued. If wiphy_free is called before the rdev::wiphy_work had a chance to run, the wiphy memory will be freed, and then when it eventally gets to run it’ll use invalid memory. Fix this by canceling the work before freeing the wiphy. | 2025-04-01 | not yet calculated | CVE-2025-21979 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: sched: address a potential NULL pointer dereference in the GRED scheduler. If kzalloc in gred_init returns a NULL pointer, the code follows the error handling path, invoking gred_destroy. This, in turn, calls gred_offload, where memset could receive a NULL pointer as input, potentially leading to a kernel crash. When table->opt is NULL in gred_init(), gred_change_table_def() is not called yet, so it is not necessary to call ->ndo_setup_tc() in gred_offload(). | 2025-04-01 | not yet calculated | CVE-2025-21980 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ice: fix memory leak in aRFS after reset Fix aRFS (accelerated Receive Flow Steering) structures memory leak by adding a checker to verify if aRFS memory is already allocated while configuring VSI. aRFS objects are allocated in two cases: – as part of VSI initialization (at probe), and – as part of reset handling However, VSI reconfiguration executed during reset involves memory allocation one more time, without prior releasing already allocated resources. This led to the memory leak with the following signature: [root@os-delivery ~]# cat /sys/kernel/debug/kmemleak unreferenced object 0xff3c1ca7252e6000 (size 8192): comm “kworker/0:0”, pid 8, jiffies 4296833052 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………. backtrace (crc 0): [<ffffffff991ec485>] __kmalloc_cache_noprof+0x275/0x340 [<ffffffffc0a6e06a>] ice_init_arfs+0x3a/0xe0 [ice] [<ffffffffc09f1027>] ice_vsi_cfg_def+0x607/0x850 [ice] [<ffffffffc09f244b>] ice_vsi_setup+0x5b/0x130 [ice] [<ffffffffc09c2131>] ice_init+0x1c1/0x460 [ice] [<ffffffffc09c64af>] ice_probe+0x2af/0x520 [ice] [<ffffffff994fbcd3>] local_pci_probe+0x43/0xa0 [<ffffffff98f07103>] work_for_cpu_fn+0x13/0x20 [<ffffffff98f0b6d9>] process_one_work+0x179/0x390 [<ffffffff98f0c1e9>] worker_thread+0x239/0x340 [<ffffffff98f14abc>] kthread+0xcc/0x100 [<ffffffff98e45a6d>] ret_from_fork+0x2d/0x50 [<ffffffff98e083ba>] ret_from_fork_asm+0x1a/0x30 … | 2025-04-01 | not yet calculated | CVE-2025-21981 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xx_gpio_fw devm_kasprintf() calls can return null pointers on failure. But the return values were not checked in npcm8xx_gpio_fw(). Add NULL check in npcm8xx_gpio_fw(), to handle kernel NULL pointer dereference error. | 2025-04-01 | not yet calculated | CVE-2025-21982 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq Currently kvfree_rcu() APIs use a system workqueue which is “system_unbound_wq” to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warning can be observed: <snip> workqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work WARNING: CPU: 21 PID: 330 at kernel/workqueue.c:3719 check_flush_dependency+0x112/0x120 Modules linked in: intel_uncore_frequency(E) intel_uncore_frequency_common(E) skx_edac(E) … CPU: 21 UID: 0 PID: 330 Comm: kworker/u144:6 Tainted: G E 6.13.2-0_g925d379822da #1 Hardware name: Wiwynn Twin Lakes MP/Twin Lakes Passive MP, BIOS YMM20 02/01/2023 Workqueue: nvme-wq nvme_scan_work RIP: 0010:check_flush_dependency+0x112/0x120 Code: 05 9a 40 14 02 01 48 81 c6 c0 00 00 00 48 8b 50 18 48 81 c7 c0 00 00 00 48 89 f9 48 … RSP: 0018:ffffc90000df7bd8 EFLAGS: 00010082 RAX: 000000000000006a RBX: ffffffff81622390 RCX: 0000000000000027 RDX: 00000000fffeffff RSI: 000000000057ffa8 RDI: ffff88907f960c88 RBP: 0000000000000000 R08: ffffffff83068e50 R09: 000000000002fffd R10: 0000000000000004 R11: 0000000000000000 R12: ffff8881001a4400 R13: 0000000000000000 R14: ffff88907f420fb8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88907f940000(0000) knlGS:0000000000000000 CR2: 00007f60c3001000 CR3: 000000107d010005 CR4: 00000000007726f0 PKRU: 55555554 Call Trace: <TASK> ? __warn+0xa4/0x140 ? check_flush_dependency+0x112/0x120 ? report_bug+0xe1/0x140 ? check_flush_dependency+0x112/0x120 ? handle_bug+0x5e/0x90 ? exc_invalid_op+0x16/0x40 ? asm_exc_invalid_op+0x16/0x20 ? timer_recalc_next_expiry+0x190/0x190 ? check_flush_dependency+0x112/0x120 ? check_flush_dependency+0x112/0x120 __flush_work.llvm.1643880146586177030+0x174/0x2c0 flush_rcu_work+0x28/0x30 kvfree_rcu_barrier+0x12f/0x160 kmem_cache_destroy+0x18/0x120 bioset_exit+0x10c/0x150 disk_release.llvm.6740012984264378178+0x61/0xd0 device_release+0x4f/0x90 kobject_put+0x95/0x180 nvme_put_ns+0x23/0xc0 nvme_remove_invalid_namespaces+0xb3/0xd0 nvme_scan_work+0x342/0x490 process_scheduled_works+0x1a2/0x370 worker_thread+0x2ff/0x390 ? pwq_release_workfn+0x1e0/0x1e0 kthread+0xb1/0xe0 ? __kthread_parkme+0x70/0x70 ret_from_fork+0x30/0x40 ? __kthread_parkme+0x70/0x70 ret_from_fork_asm+0x11/0x20 </TASK> —[ end trace 0000000000000000 ]— <snip> To address this switch to use of independent WQ_MEM_RECLAIM workqueue, so the rules are not violated from workqueue framework point of view. Apart of that, since kvfree_rcu() does reclaim memory it is worth to go with WQ_MEM_RECLAIM type of wq because it is designed for this purpose. | 2025-04-01 | not yet calculated | CVE-2025-21983 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mm: fix kernel BUG when userfaultfd_move encounters swapcache userfaultfd_move() checks whether the PTE entry is present or a swap entry. – If the PTE entry is present, move_present_pte() handles folio migration by setting: src_folio->index = linear_page_index(dst_vma, dst_addr); – If the PTE entry is a swap entry, move_swap_pte() simply copies the PTE to the new dst_addr. This approach is incorrect because, even if the PTE is a swap entry, it can still reference a folio that remains in the swap cache. This creates a race window between steps 2 and 4. 1. add_to_swap: The folio is added to the swapcache. 2. try_to_unmap: PTEs are converted to swap entries. 3. pageout: The folio is written back. 4. Swapcache is cleared. If userfaultfd_move() occurs in the window between steps 2 and 4, after the swap PTE has been moved to the destination, accessing the destination triggers do_swap_page(), which may locate the folio in the swapcache. However, since the folio’s index has not been updated to match the destination VMA, do_swap_page() will detect a mismatch. This can result in two critical issues depending on the system configuration. If KSM is disabled, both small and large folios can trigger a BUG during the add_rmap operation due to: page_pgoff(folio, page) != linear_page_index(vma, address) [ 13.336953] page: refcount:6 mapcount:1 mapping:00000000f43db19c index:0xffffaf150 pfn:0x4667c [ 13.337520] head: order:2 mapcount:1 entire_mapcount:0 nr_pages_mapped:1 pincount:0 [ 13.337716] memcg:ffff00000405f000 [ 13.337849] anon flags: 0x3fffc0000020459(locked|uptodate|dirty|owner_priv_1|head|swapbacked|node=0|zone=0|lastcpupid=0xffff) [ 13.338630] raw: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 [ 13.338831] raw: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 [ 13.339031] head: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 [ 13.339204] head: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 [ 13.339375] head: 03fffc0000000202 fffffdffc0199f01 ffffffff00000000 0000000000000001 [ 13.339546] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 13.339736] page dumped because: VM_BUG_ON_PAGE(page_pgoff(folio, page) != linear_page_index(vma, address)) [ 13.340190] ————[ cut here ]———— [ 13.340316] kernel BUG at mm/rmap.c:1380! [ 13.340683] Internal error: Oops – BUG: 00000000f2000800 [#1] PREEMPT SMP [ 13.340969] Modules linked in: [ 13.341257] CPU: 1 UID: 0 PID: 107 Comm: a.out Not tainted 6.14.0-rc3-gcf42737e247a-dirty #299 [ 13.341470] Hardware name: linux,dummy-virt (DT) [ 13.341671] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=–) [ 13.341815] pc : __page_check_anon_rmap+0xa0/0xb0 [ 13.341920] lr : __page_check_anon_rmap+0xa0/0xb0 [ 13.342018] sp : ffff80008752bb20 [ 13.342093] x29: ffff80008752bb20 x28: fffffdffc0199f00 x27: 0000000000000001 [ 13.342404] x26: 0000000000000000 x25: 0000000000000001 x24: 0000000000000001 [ 13.342575] x23: 0000ffffaf0d0000 x22: 0000ffffaf0d0000 x21: fffffdffc0199f00 [ 13.342731] x20: fffffdffc0199f00 x19: ffff000006210700 x18: 00000000ffffffff [ 13.342881] x17: 6c203d2120296567 x16: 6170202c6f696c6f x15: 662866666f67705f [ 13.343033] x14: 6567617028454741 x13: 2929737365726464 x12: ffff800083728ab0 [ 13.343183] x11: ffff800082996bf8 x10: 0000000000000fd7 x9 : ffff80008011bc40 [ 13.343351] x8 : 0000000000017fe8 x7 : 00000000fffff000 x6 : ffff8000829eebf8 [ 13.343498] x5 : c0000000fffff000 x4 : 0000000000000000 x3 : 0000000000000000 [ 13.343645] x2 : 0000000000000000 x1 : ffff0000062db980 x0 : 000000000000005f [ 13.343876] Call trace: [ 13.344045] __page_check_anon_rmap+0xa0/0xb0 (P) [ 13.344234] folio_add_anon_rmap_ptes+0x22c/0x320 [ 13.344333] do_swap_page+0x1060/0x1400 [ 13.344417] __handl —truncated— | 2025-04-01 | not yet calculated | CVE-2025-21984 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses [WHAT & HOW] hpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4), but location can have size up to 6. As a result, it is necessary to check location against MAX_HPO_DP2_ENCODERS. Similiarly, disp_cfg_stream_location can be used as an array index which should be 0..5, so the ASSERT’s conditions should be less without equal. | 2025-04-01 | not yet calculated | CVE-2025-21985 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: switchdev: Convert blocking notification chain to a raw one A blocking notification chain uses a read-write semaphore to protect the integrity of the chain. The semaphore is acquired for writing when adding / removing notifiers to / from the chain and acquired for reading when traversing the chain and informing notifiers about an event. In case of the blocking switchdev notification chain, recursive notifications are possible which leads to the semaphore being acquired twice for reading and to lockdep warnings being generated [1]. Specifically, this can happen when the bridge driver processes a SWITCHDEV_BRPORT_UNOFFLOADED event which causes it to emit notifications about deferred events when calling switchdev_deferred_process(). Fix this by converting the notification chain to a raw notification chain in a similar fashion to the netdev notification chain. Protect the chain using the RTNL mutex by acquiring it when modifying the chain. Events are always informed under the RTNL mutex, but add an assertion in call_switchdev_blocking_notifiers() to make sure this is not violated in the future. Maintain the “blocking” prefix as events are always emitted from process context and listeners are allowed to block. [1]: WARNING: possible recursive locking detected 6.14.0-rc4-custom-g079270089484 #1 Not tainted ——————————————– ip/52731 is trying to acquire lock: ffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0 but task is already holding lock: ffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0 other info that might help us debug this: Possible unsafe locking scenario: CPU0 —- lock((switchdev_blocking_notif_chain).rwsem); lock((switchdev_blocking_notif_chain).rwsem); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by ip/52731: #0: ffffffff84f795b0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x727/0x1dc0 #1: ffffffff8731f628 (&net->rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x790/0x1dc0 #2: ffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0 stack backtrace: … ? __pfx_down_read+0x10/0x10 ? __pfx_mark_lock+0x10/0x10 ? __pfx_switchdev_port_attr_set_deferred+0x10/0x10 blocking_notifier_call_chain+0x58/0xa0 switchdev_port_attr_notify.constprop.0+0xb3/0x1b0 ? __pfx_switchdev_port_attr_notify.constprop.0+0x10/0x10 ? mark_held_locks+0x94/0xe0 ? switchdev_deferred_process+0x11a/0x340 switchdev_port_attr_set_deferred+0x27/0xd0 switchdev_deferred_process+0x164/0x340 br_switchdev_port_unoffload+0xc8/0x100 [bridge] br_switchdev_blocking_event+0x29f/0x580 [bridge] notifier_call_chain+0xa2/0x440 blocking_notifier_call_chain+0x6e/0xa0 switchdev_bridge_port_unoffload+0xde/0x1a0 … | 2025-04-01 | not yet calculated | CVE-2025-21986 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Otherwise an uninitialized value can be returned if amdgpu_res_cleared returns true for all regions. Possibly closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3812 (cherry picked from commit 7c62aacc3b452f73a1284198c81551035fac6d71) | 2025-04-02 | not yet calculated | CVE-2025-21987 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: fs/netfs/read_collect: add to next->prev_donated If multiple subrequests donate data to the same “next” request (depending on the subrequest completion order), each of them would overwrite the `prev_donated` field, causing data corruption and a BUG() crash (“Can’t donate prior to front”). | 2025-04-02 | not yet calculated | CVE-2025-21988 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .is_two_pixels_per_container Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1, due to lack of .is_two_pixels_per_container function in dce60_tg_funcs, causes a NULL pointer dereference on PCs with old GPUs, such as R9 280X. So this fix adds missing .is_two_pixels_per_container to dce60_tg_funcs. (cherry picked from commit bd4b125eb949785c6f8a53b0494e32795421209d) | 2025-04-02 | not yet calculated | CVE-2025-21989 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO’s backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so bo->tbo.resource will be NULL. Check for that before dereferencing. (cherry picked from commit 3e3fcd29b505cebed659311337ea03b7698767fc) | 2025-04-02 | not yet calculated | CVE-2025-21990 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask. According to Documentation/admin-guide/mm/numaperf.rst: “Some memory may share the same node as a CPU, and others are provided as memory only nodes.” Therefore, some node CPU masks may be empty and wouldn’t have a “first CPU”. On a machine with far memory (and therefore CPU-less NUMA nodes): – cpumask_of_node(nid) is 0 – cpumask_first(0) is CONFIG_NR_CPUS – cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an index that is 1 out of bounds This does not have any security implications since flashing microcode is a privileged operation but I believe this has reliability implications by potentially corrupting memory while flashing a microcode update. When booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes a microcode update. I get the following splat: UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y index 512 is out of range for type ‘unsigned long[512]’ […] Call Trace: dump_stack __ubsan_handle_out_of_bounds load_microcode_amd request_microcode_amd reload_store kernfs_fop_write_iter vfs_write ksys_write do_syscall_64 entry_SYSCALL_64_after_hwframe Change the loop to go over only NUMA nodes which have CPUs before determining whether the first CPU on the respective node needs microcode update. [ bp: Massage commit message, fix typo. ] | 2025-04-02 | not yet calculated | CVE-2025-21991 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff Add this device to the HID ignore list since the sensor interface is non-functional by design and should not be exposed to userspace. | 2025-04-02 | not yet calculated | CVE-2025-21992 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix length is 64, this causes the shift exponent to become negative, triggering a UBSAN warning. As the concept of a subnet mask does not apply to IPv6, the value is set to ~0 to suppress the warning message. | 2025-04-02 | not yet calculated | CVE-2025-21993 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix incorrect validation for num_aces field of smb_acl parse_dcal() validate num_aces to allocate posix_ace_state_array. if (num_aces > ULONG_MAX / sizeof(struct smb_ace *)) It is an incorrect validation that we can create an array of size ULONG_MAX. smb_acl has ->size field to calculate actual number of aces in request buffer size. Use this to check invalid num_aces. | 2025-04-02 | not yet calculated | CVE-2025-21994 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix fence reference count leak The last_scheduled fence leaks when an entity is being killed and adding the cleanup callback fails. Decrement the reference count of prev when dma_fence_add_callback() fails, ensuring proper balance. [phasta: add git tag info for stable kernel] | 2025-04-03 | not yet calculated | CVE-2025-21995 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() On the off chance that command stream passed from userspace via ioctl() call to radeon_vce_cs_parse() is weirdly crafted and first command to execute is to encode (case 0x03000001), the function in question will attempt to call radeon_vce_cs_reloc() with size argument that has not been properly initialized. Specifically, ‘size’ will point to ‘tmp’ variable before the latter had a chance to be assigned any value. Play it safe and init ‘tmp’ with 0, thus ensuring that radeon_vce_cs_reloc() will catch an early error in cases like these. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. (cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68) | 2025-04-03 | not yet calculated | CVE-2025-21996 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem() Since the i and pool->chunk_size variables are of type ‘u32’, their product can wrap around and then be cast to ‘u64’. This can lead to two different XDP buffers pointing to the same memory area. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE. | 2025-04-03 | not yet calculated | CVE-2025-21997 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer dereference in case of a racing EFI variable access. Make sure that all resources have been set up before registering the efivars. | 2025-04-03 | not yet calculated | CVE-2025-21998 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: drop beyond-EOF folios with the right number of refs When an after-split folio is large and needs to be dropped due to EOF, folio_put_refs(folio, folio_nr_pages(folio)) should be used to drop all page cache refs. Otherwise, the folio will not be freed, causing memory leak. This leak would happen on a filesystem with blocksize > page_size and a truncate is performed, where the blocksize makes folios split to >0 order ones, causing truncated folios not being freed. | 2025-04-03 | not yet calculated | CVE-2025-22000 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaic_validate_req() These are u64 variables that come from the user via qaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that the math doesn’t have an integer wrapping bug. | 2025-04-03 | not yet calculated | CVE-2025-22001 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: netfs: Call `invalidate_cache` only if implemented Many filesystems such as NFS and Ceph do not implement the `invalidate_cache` method. On those filesystems, if writing to the cache (`NETFS_WRITE_TO_CACHE`) fails for some reason, the kernel crashes like this: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor instruction fetch in kernel mode #PF: error_code(0x0010) – not-present page PGD 0 P4D 0 Oops: Oops: 0010 [#1] SMP PTI CPU: 9 UID: 0 PID: 3380 Comm: kworker/u193:11 Not tainted 6.13.3-cm4all1-hp #437 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018 Workqueue: events_unbound netfs_write_collection_worker RIP: 0010:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 0018:ffff9b86e2ca7dc0 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 7fffffffffffffff RDX: 0000000000000001 RSI: ffff89259d576a18 RDI: ffff89259d576900 RBP: ffff89259d5769b0 R08: ffff9b86e2ca7d28 R09: 0000000000000002 R10: ffff89258ceaca80 R11: 0000000000000001 R12: 0000000000000020 R13: ffff893d158b9338 R14: ffff89259d576900 R15: ffff89259d5769b0 FS: 0000000000000000(0000) GS:ffff893c9fa40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 000000054442e003 CR4: 00000000001706f0 Call Trace: <TASK> ? __die+0x1f/0x60 ? page_fault_oops+0x15c/0x460 ? try_to_wake_up+0x2d2/0x530 ? exc_page_fault+0x5e/0x100 ? asm_exc_page_fault+0x22/0x30 netfs_write_collection_worker+0xe9f/0x12b0 ? xs_poll_check_readable+0x3f/0x80 ? xs_stream_data_receive_workfn+0x8d/0x110 process_one_work+0x134/0x2d0 worker_thread+0x299/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xba/0xe0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: CR2: 0000000000000000 This patch adds the missing `NULL` check. | 2025-04-03 | not yet calculated | CVE-2025-22002 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix out of bound read in strscpy() source Commit 7fdaf8966aae (“can: ucan: use strscpy() to instead of strncpy()”) unintentionally introduced a one byte out of bound read on strscpy()’s source argument (which is kind of ironic knowing that strscpy() is meant to be a more secure alternative :)). Let’s consider below buffers: dest[len + 1]; /* will be NUL terminated */ src[len]; /* may not be NUL terminated */ When doing: strncpy(dest, src, len); dest[len] = ‘\0’; strncpy() will read up to len bytes from src. On the other hand: strscpy(dest, src, len + 1); will read up to len + 1 bytes from src, that is to say, an out of bound read of one byte will occur on src if it is not NUL terminated. Note that the src[len] byte is never copied, but strscpy() still needs to read it to check whether a truncation occurred or not. This exact pattern happened in ucan. The root cause is that the source is not NUL terminated. Instead of doing a copy in a local buffer, directly NUL terminate it as soon as usb_control_msg() returns. With this, the local firmware_str[] variable can be removed. On top of this do a couple refactors: – ucan_ctl_payload->raw is only used for the firmware string, so rename it to ucan_ctl_payload->fw_str and change its type from u8 to char. – ucan_device_request_in() is only used to retrieve the firmware string, so rename it to ucan_get_fw_str() and refactor it to make it directly handle all the string termination logic. | 2025-04-03 | not yet calculated | CVE-2025-22003 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). fib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything when it fails. Commit 7dd73168e273 (“ipv6: Always allocate pcpu memory in a fib6_nh”) moved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init() but forgot to add cleanup for fib6_nh->nh_common.nhc_pcpu_rth_output in case it fails to allocate fib6_nh->rt6i_pcpu, resulting in memleak. Let’s call fib_nh_common_release() and clear nhc_pcpu_rth_output in the error path. Note that we can remove the fib6_nh_release() call in nh_create_ipv6() later in net-next.git. | 2025-04-03 | not yet calculated | CVE-2025-22005 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix NAPI registration sequence Registering the interrupts for TX or RX DMA Channels prior to registering their respective NAPI callbacks can result in a NULL pointer dereference. This is seen in practice as a random occurrence since it depends on the randomness associated with the generation of traffic by Linux and the reception of traffic from the wire. | 2025-04-03 | not yet calculated | CVE-2025-22006 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix error code in chan_alloc_skb_cb() The chan_alloc_skb_cb() function is supposed to return error pointers on error. Returning NULL will lead to a NULL dereference. | 2025-04-03 | not yet calculated | CVE-2025-22007 |
| lnbits–lnbits | LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerability has been discovered in LNbits’ LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request to that URL using the httpx library with redirect following enabled. The application doesn’t properly validate the callback URL, allowing attackers to specify internal network addresses and access internal resources. | 2025-04-06 | not yet calculated | CVE-2025-32013 |
| LOCALSHOP–WebService::Xero | WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically states that it is “Useful mostly for test programs”. Data::Random uses the rand() function. | 2025-04-05 | not yet calculated | CVE-2024-52322 |
| M-Files Corporation–M-Files Admin | Stored XSS in Desktop UI in M-Files Server Admin tool before version 25.3.14681.7 on Windows allows authenticated local user to run scripts via UI | 2025-04-04 | not yet calculated | CVE-2025-2159 |
| M-Files Corporation–M-Files Server | Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service | 2025-04-04 | not yet calculated | CVE-2025-3086 |
| M-Files Corporation–M-Files Web | Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts | 2025-04-04 | not yet calculated | CVE-2025-3087 |
| miniflux–v2 | Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/* route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the CSP for the media proxy has been changed from default-src ‘self’ to default-src ‘none’; form-action ‘none’; sandbox;. This vulnerability is fixed in 2.2.7. | 2025-04-03 | not yet calculated | CVE-2025-31483 |
| minio–minio | MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket. Prior knowledge of access-key, and bucket name this user might have access to – and an access-key with a WRITE permissions is necessary. However with relevant information in place, uploading random objects to buckets is trivial and easy via curl. This issue is fixed in RELEASE.2025-04-03T14-56-28Z. | 2025-04-03 | not yet calculated | CVE-2025-31489 |
| Moxa–EDF-G1002-BP Series | A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services. | 2025-04-02 | not yet calculated | CVE-2025-0415 |
| Moxa–EDF-G1002-BP Series | This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity. | 2025-04-02 | not yet calculated | CVE-2025-0676 |
| Mozilla–Firefox | By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137. | 2025-04-01 | not yet calculated | CVE-2025-3035 |
| mydumper–mydumper | MyDumper is a MySQL Logical Backup Tool. The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information disclosure when clients connect to untrusted MySQL servers without explicitly disabling the local infile capability. Mydumper has the local infile option enabled by default and does not have an option to disable it. This can lead to an unexpected arbitrary file read if the Mydumper tool connects to an untrusted server. This vulnerability is fixed in 0.18.2-8. | 2025-04-01 | not yet calculated | CVE-2025-30224 |
| n/a–n/a | An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind of malicious payload. As above, it can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt. | 2025-04-03 | not yet calculated | CVE-2024-47214 |
| n/a–n/a | An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to events, causing them to be retried indefinitely. As a result, the performance of forwarding events to GTM SS overall can be affected (latency, throughput). | 2025-04-03 | not yet calculated | CVE-2024-47215 |
| n/a–n/a | An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47214, but involves an authenticated endpoint. It can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt. | 2025-04-03 | not yet calculated | CVE-2024-47217 |
| n/a–n/a | This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the pipeline and would be potentially lost. | 2025-04-03 | not yet calculated | CVE-2024-56528 |
| n/a–n/a | An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename. | 2025-04-03 | not yet calculated | CVE-2025-22926 |
| n/a–n/a | An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename. | 2025-04-03 | not yet calculated | CVE-2025-22927 |
| n/a–n/a | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php. | 2025-04-03 | not yet calculated | CVE-2025-22928 |
| n/a–n/a | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php. | 2025-04-03 | not yet calculated | CVE-2025-22929 |
| n/a–n/a | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php. | 2025-04-03 | not yet calculated | CVE-2025-22930 |
| n/a–n/a | An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members. | 2025-04-03 | not yet calculated | CVE-2025-22931 |
| n/a–n/a | An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module, specifically in the tracertVal parameter of the Tracert function. | 2025-04-01 | not yet calculated | CVE-2025-26055 |
| n/a–n/a | A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module “MTR” functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary operating system commands on the underlying system with the same privileges as the web application process. | 2025-04-01 | not yet calculated | CVE-2025-26056 |
| n/a–n/a | An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.35. If multicast streams are enabled on different interfaces, it may be possible to interrupt multicast traffic on some of these interfaces. That could result in a denial of the multicast routing service on the firewall. | 2025-04-01 | not yet calculated | CVE-2025-27829 |
| n/a–n/a | Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel | 2025-04-04 | not yet calculated | CVE-2025-28146 |
| n/a–n/a | D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter. | 2025-04-01 | not yet calculated | CVE-2025-28395 |
| n/a–n/a | D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter. | 2025-04-01 | not yet calculated | CVE-2025-28398 |
| n/a–n/a | An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. | 2025-04-03 | not yet calculated | CVE-2025-29064 |
| n/a–n/a | CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php. | 2025-04-01 | not yet calculated | CVE-2025-29208 |
| n/a–n/a | Code-Projects Matrimonial Site V1.0 is vulnerable to SQL Injection in /view_profile.php?id=1. | 2025-04-03 | not yet calculated | CVE-2025-29369 |
| n/a–n/a | A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack. | 2025-04-03 | not yet calculated | CVE-2025-29462 |
| n/a–n/a | Buffer Overflow vulnerability in compress_chunk_fuzzer with oss-fuzz on commit 16450518afddcb3139de627157208e49bfef6987 in c-blosc2 v.2.17.0 and before. | 2025-04-04 | not yet calculated | CVE-2025-29476 |
| n/a–n/a | An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event. | 2025-04-04 | not yet calculated | CVE-2025-29477 |
| n/a–n/a | An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named rc. | 2025-04-03 | not yet calculated | CVE-2025-29570 |
| n/a–n/a | VyOS 1.3 through 1.5 (fixed in 1.4.2) or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the SSH daemon. I n VyOS, this is not the default configuration for the system SSH daemon, but is for the console service. To mitigate this, one can run “rm -f /etc/dropbear/*key*” and/or “rm -f /etc/dropbear-initramfs/*key*” and then dropbearkey -t rsa -s 4096 -f /etc/dropbear_rsa_host_key and reload the service or reboot the system before using Dropbear as the SSH daemon (this clears out all keys mistakenly built into the release image) or update to the latest version of VyOS 1.4 or 1.5. Note that this vulnerability is not unique to VyOS and may appear in any Debian-based Linux distribution that uses Dropbear in combination with live-build, which has a safeguard against this behavior in OpenSSH but no equivalent one for Dropbear. | 2025-03-31 | not yet calculated | CVE-2025-30095 |
| nasa–CryptoLib | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent unsafe calculations. As a result, an attacker can still craft malicious frames that cause a negative tf_payload_len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call. | 2025-04-01 | not yet calculated | CVE-2025-30356 |
| NORBU–Net::Dropbox::API | Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is “Useful mostly for test programs”. Data::Random uses the rand() function. | 2025-04-05 | not yet calculated | CVE-2024-58036 |
| openemr–openemr | OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hidden_subcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting (XSS) vul;nerability in CAMOS new.php. This vulnerability is fixed in 7.0.3. | 2025-03-31 | not yet calculated | CVE-2025-29772 |
| openemr–openemr | OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3. | 2025-03-31 | not yet calculated | CVE-2025-30161 |
| openemr–openemr | OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal resources. this attack does not return a direct response but can be exploited through DNS or HTTP interactions to exfiltrate sensitive information. This vulnerability is fixed in 7.0.3.1. | 2025-03-31 | not yet calculated | CVE-2025-31117 |
| openemr–openemr | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1. | 2025-04-01 | not yet calculated | CVE-2025-31121 |
| OpenIDC–mod_auth_openidc | mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure are an OIDCProviderAuthRequestMethod POST, a valid account, and there mustn’t be any application-level gateway (or load balancer etc) protecting the server. When you request a protected resource, the response includes the HTTP status, the HTTP headers, the intended response (the self-submitting form), and the protected resource (with no headers). This is an example of a request for a protected resource, including all the data returned. In the case where mod_auth_openidc returns a form, it has to return OK from check_userid so as not to go down the error path in httpd. This means httpd will try to issue the protected resource. oidc_content_handler is called early, which has the opportunity to prevent the normal output being issued by httpd. oidc_content_handler has a number of checks for when it intervenes, but it doesn’t check for this case, so the handler returns DECLINED. Consequently, httpd appends the protected content to the response. The issue has been patched in mod_auth_openidc versions >= 2.4.16.11. | 2025-04-06 | not yet calculated | CVE-2025-31492 |
| OpenVPN–OpenVPN | OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase | 2025-04-02 | not yet calculated | CVE-2025-2704 |
| Payara Platform–Payara Server | CVE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2. | 2025-04-01 | not yet calculated | CVE-2025-1534 |
| PHP Group–PHP | In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution. | 2025-04-04 | not yet calculated | CVE-2024-11235 |
| PrimeKey Solutions AB–EJBCA | The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different base URL. In this way, an attacker could insert his own server for the client to send HTTP requests, provided he succeeds in exploiting it. | 2025-03-31 | not yet calculated | CVE-2025-3026 |
| PrimeKey Solutions AB–EJBCA | The vulnerability exists in the EJBCA service, version 8.0 Enterprise. By making a small change to the PATH of the URL associated with the service, the server fails to find the requested file and redirects to an external page. This vulnerability could allow users to be redirected to potentially malicious external sites, which can be exploited for phishing or other social engineering attacks. | 2025-03-31 | not yet calculated | CVE-2025-3027 |
| RARLAB–WinRAR | Issue that bypasses the “Mark of the Web” security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed. | 2025-04-03 | not yet calculated | CVE-2025-31334 |
| remix-run–react-router | React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1. | 2025-04-01 | not yet calculated | CVE-2025-31137 |
| Rockwell Automation–Verve Asset Manager | A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve’s Legacy Agentless Device Inventory (ADI) capability (deprecated since the 1.36 release) allows users to change a variable with inadequate sanitizing. If exploited, it could allow a threat actor with administrative access to run arbitrary commands in the context of the container running the service. | 2025-03-31 | not yet calculated | CVE-2025-1449 |
| rubentd–gifplayer | gifplayer is a customizable jquery plugin to play and stop animated gifs. gifplayer contains a cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 0.3.7. | 2025-03-31 | not yet calculated | CVE-2025-31128 |
| Scratch-Coding-Hut–Scratch-Coding-Hut | scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field. | 2025-03-31 | not yet calculated | CVE-2025-31122 |
| SourceCodester–Clinic’s Patient Management System | Clinic’s Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page. | 2025-04-01 | not yet calculated | CVE-2025-3096 |
| TANIGUCHI–Amon2::Auth::Site::LINE | Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl’s built-in predictable random number generator, the rand() function, which is not cryptographically secure | 2025-04-05 | not yet calculated | CVE-2024-57835 |
| tauri-apps–plugins-workspace | The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener (e.g. xdg-open on Linux). This was meant to be restricted to a reasonable number of protocols like https or mailto by default. This default restriction was not functional due to improper validation of the allowed protocols, allowing for potentially dangerous protocols like file://, smb://, or nfs:// and others to be opened by the system registered protocol handler. By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. This vulnerability is fixed in 2.2.1. | 2025-04-02 | not yet calculated | CVE-2025-31477 |
| Trend Micro, Inc.–Trend Vision One | A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | 2025-04-02 | not yet calculated | CVE-2025-31282 |
| Trend Micro, Inc.–Trend Vision One | A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | 2025-04-02 | not yet calculated | CVE-2025-31283 |
| Trend Micro, Inc.–Trend Vision One | A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | 2025-04-02 | not yet calculated | CVE-2025-31284 |
| Trend Micro, Inc.–Trend Vision One | A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | 2025-04-02 | not yet calculated | CVE-2025-31285 |
| Trend Micro, Inc.–Trend Vision One | An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability. | 2025-04-02 | not yet calculated | CVE-2025-31286 |
| tukaani-project–xz | XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases. | 2025-04-03 | not yet calculated | CVE-2025-31115 |
| usebruno–bruno | Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content (in this case the Environment name) as raw HTML which then gets injected into DOM on hover. This, combined with loose Content Security Policy restrictions, allowed any valid HTML text containing inline script to get executed on hovering over the respective Environment’s name. This vulnerability’s attack surface is limited strictly to scenarios where users import collections from untrusted or malicious sources. The exploit requires deliberate action from the user-specifically, downloading and opening an externally provided malicious Bruno or Postman collection export and the user hovers on the environment name. This vulnerability is fixed in 1.39.1. | 2025-04-01 | not yet calculated | CVE-2025-30210 |
| usebruno–bruno | Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This vulnerability’s attack surface is limited strictly to scenarios where users import collections from untrusted or malicious sources. The exploit requires deliberate action from the user-specifically, downloading and opening an externally provided malicious Bruno collection. The vulnerability is fixed in 1.39.1. | 2025-04-01 | not yet calculated | CVE-2025-30354 |
| Valmet–Valmet DNA | Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system. | 2025-04-01 | not yet calculated | CVE-2025-0416 |
| Valmet–Valmet DNA | Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations. | 2025-04-01 | not yet calculated | CVE-2025-0417 |
| Valmet–Valmet DNA | Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords. | 2025-04-01 | not yet calculated | CVE-2025-0418 |
| vercel–next.js | Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application. Initiating a fetch request to a third-party within Middleware will send the x-middleware-subrequest-id to that third party. This vulnerability is fixed in 12.3.6, 13.5.10, 14.2.26, and 15.2.4. | 2025-04-02 | not yet calculated | CVE-2025-30218 |
| Welcart Inc.–Welcart e-Commerce | Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product. | 2025-04-01 | not yet calculated | CVE-2025-27130 |
| Xpdf–Xpdf | Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary. | 2025-04-02 | not yet calculated | CVE-2025-3154 |
| Zabbix–Zabbix | A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter. | 2025-04-02 | not yet calculated | CVE-2024-36465 |
| Zabbix–Zabbix | Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one. | 2025-04-02 | not yet calculated | CVE-2024-36469 |
| Zabbix–Zabbix | Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc. | 2025-04-02 | not yet calculated | CVE-2024-42325 |
| Zabbix–Zabbix | The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim’s browser. | 2025-04-02 | not yet calculated | CVE-2024-45699 |
| Zabbix–Zabbix | Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading to a service crash. | 2025-04-02 | not yet calculated | CVE-2024-45700 |
| zulip–zulip | Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries (E.g., ZulipGitlabWebhook, okhttp, or PycURL) that have been used to access any organization on the server was incorrectly included in all three export types, regardless of if they were used to access the exported organization or not. The “public data” and “with consent” exports metadata including the titles of some topics in private channels which the administrator otherwise did not have access to, and none of the users consented to exporting and metadata for which users were in a group DM together. This vulnerability is fixed in 10.0. | 2025-03-31 | not yet calculated | CVE-2025-27149 |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
