Total
289036 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32126 | 2025-04-07 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cmsMinds Pay with Contact Form 7 allows SQL Injection. This issue affects Pay with Contact Form 7: from n/a through 1.0.4. | ||||
| CVE-2025-32166 | 2025-04-07 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in John Housholder Emma for WordPress allows Stored XSS. This issue affects Emma for WordPress: from n/a through 1.3.3. | ||||
| CVE-2025-32217 | 2025-04-07 | 5.4 Medium | ||
| Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8. | ||||
| CVE-2025-32218 | 2025-04-07 | 5.4 Medium | ||
| Missing Authorization vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.4. | ||||
| CVE-2024-11859 | 2025-04-07 | N/A | ||
| DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code. | ||||
| CVE-2025-0279 | 2025-04-07 | 4.3 Medium | ||
| HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks. | ||||
| CVE-2025-3344 | 2025-04-07 | 7.3 High | ||
| A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/assign_save.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-58133 | 2025-04-07 | 4 Medium | ||
| In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Creating other logs simultaneously can lead to a read-write conflict and panic. | ||||
| CVE-2025-2889 | 2025-04-07 | 6.4 Medium | ||
| The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Additional Parameters in all versions up to, and including, 7.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-3345 | 2025-04-07 | 7.3 High | ||
| A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/combo.php. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3424 | 2025-04-07 | N/A | ||
| The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the "Object Marshalling" technique, which allows an attacker to read internal files without any authentication. This is possible by crafting specific .NET Remoting URLs derived from information enumerated in the client-side configuration files. This issue affects IntelliSpace Portal: 12 and prior. | ||||
| CVE-2025-3373 | 2025-04-07 | 7.3 High | ||
| A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SITE CHMOD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3307 | 2025-04-07 | 7.3 High | ||
| A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3306 | 2025-04-07 | 7.3 High | ||
| A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /don.php. The manipulation of the argument fullname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-3305 | 2025-04-07 | 4.3 Medium | ||
| A vulnerability has been found in 1902756969/code-projects IKUN_Library 1.0 and classified as problematic. This vulnerability affects the function addInterceptors of the file MvcConfig.java of the component Borrow Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3303 | 2025-04-07 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, has been found in code-projects Patient Record Management System 1.0. Affected by this issue is some unknown functionality of the file /birthing_record.php. The manipulation of the argument itr_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3268 | 2025-04-07 | 5.3 Medium | ||
| A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/http_conn.cpp. The manipulation of the argument m_url_real leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-30195 | 2025-04-07 | 7.5 High | ||
| An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would like to thank Volodymyr Ilyin for bringing this issue to our attention. | ||||
| CVE-2025-2877 | 1 Redhat | 2 Ansible Automation Platform, Ansible Automation Platform Developer | 2025-04-07 | 6.5 Medium |
| A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams. | ||||
| CVE-2025-28413 | 2025-04-07 | N/A | ||
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component | ||||