Total 58559 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-32049 1 Redhat 1 Enterprise Linux 2025-04-03 7.5 High
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
CVE-2025-2784 1 Redhat 1 Enterprise Linux 2025-04-03 7 High
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
CVE-2025-1937 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2025-04-03 7.5 High
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
CVE-2022-47766 1 Popojicms 1 Popojicms 2025-04-03 8.8 High
PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability.
CVE-2025-1933 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2025-04-03 7.6 High
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
CVE-2024-12966 1 Code-projects 1 Job Recruitment 2025-04-03 7.3 High
A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as critical. This issue affects the function cn_update of the file /_parse/_all_edits.php. The manipulation of the argument cname/url leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3137 2025-04-03 7.3 High
A vulnerability, which was classified as critical, was found in PHPGurukul Online Security Guards Hiring System 1.0. Affected is an unknown function of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1931 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2025-04-03 7.5 High
It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
CVE-2025-31909 2025-04-03 7.5 High
Missing Authorization vulnerability in NotFound Apptivo Business Site CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Apptivo Business Site CRM: from n/a through 5.3.
CVE-2025-31907 2025-04-03 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labib Ahmed Team Builder allows Reflected XSS. This issue affects Team Builder: from n/a through 1.3.
CVE-2025-31905 2025-04-03 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Team Rosters allows Reflected XSS. This issue affects Team Rosters: from n/a through 4.7.
CVE-2025-31903 2025-04-03 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound XV Random Quotes allows Reflected XSS. This issue affects XV Random Quotes: from n/a through 1.37.
CVE-2025-31902 2025-04-03 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Social Share And Social Locker allows Reflected XSS. This issue affects Social Share And Social Locker: from n/a through 1.4.1.
CVE-2025-31901 2025-04-03 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digihood Digihood HTML Sitemap allows Reflected XSS. This issue affects Digihood HTML Sitemap: from n/a through 3.1.1.
CVE-2025-31900 2025-04-03 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lexicata Lexicata allows Reflected XSS. This issue affects Lexicata: from n/a through 1.0.16.
CVE-2025-31899 2025-04-03 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpshopee Awesome Logos allows Reflected XSS. This issue affects Awesome Logos: from n/a through 1.2.
CVE-2025-31898 2025-04-03 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MediaView allows Reflected XSS. This issue affects MediaView: from n/a through 1.1.2.
CVE-2025-31626 2025-04-03 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem Support Helpdesk Ticket System Lite allows Reflected XSS. This issue affects Support Helpdesk Ticket System Lite: from n/a through 4.5.2.
CVE-2025-31582 2025-04-03 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani Contact Form vCard Generator allows Stored XSS. This issue affects Contact Form vCard Generator: from n/a through 2.4.
CVE-2025-31573 2025-04-03 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev CF7 Database allows Stored XSS. This issue affects PeproDev CF7 Database: from n/a through 2.0.0.