Total
290937 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27314 | 2025-04-17 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kush Sharma Kush Micro News allows Stored XSS. This issue affects Kush Micro News: from n/a through 1.6.7. | ||||
| CVE-2025-27345 | 2025-04-17 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Reflected XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.19. | ||||
| CVE-2025-32490 | 2025-04-17 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebsiteDefender wp secure allows Stored XSS. This issue affects wp secure: from n/a through 1.2. | ||||
| CVE-2025-32504 | 2025-04-17 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silvasoft Silvasoft boekhouden allows Reflected XSS. This issue affects Silvasoft boekhouden: from n/a through 3.0.5. | ||||
| CVE-2025-29039 | 2025-04-17 | 7.2 High | ||
| An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8 | ||||
| CVE-2025-29661 | 2025-04-17 | 7.2 High | ||
| Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run. | ||||
| CVE-2025-32415 | 2025-04-17 | 2.9 Low | ||
| In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. | ||||
| CVE-2025-29181 | 2025-04-17 | 7.2 High | ||
| FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php. | ||||
| CVE-2025-29722 | 2025-04-17 | 6.3 Medium | ||
| A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoints. | ||||
| CVE-2024-53924 | 2025-04-17 | N/A | ||
| Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring. | ||||
| CVE-2024-55211 | 2025-04-17 | 8.4 High | ||
| An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie. | ||||
| CVE-2025-26268 | 2025-04-17 | 3.3 Low | ||
| DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked. | ||||
| CVE-2025-28101 | 2025-04-17 | 6.5 Medium | ||
| An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request. | ||||
| CVE-2021-47671 | 2025-04-17 | 3.3 Low | ||
| In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path In es58x_rx_err_msg(), if can->do_set_mode() fails, the function directly returns without calling netif_rx(skb). This means that the skb previously allocated by alloc_can_err_skb() is not freed. In other terms, this is a memory leak. This patch simply removes the return statement in the error branch and let the function continue. Issue was found with GCC -fanalyzer, please follow the link below for details. | ||||
| CVE-2025-26269 | 2025-04-17 | 3.3 Low | ||
| DragonflyDB Dragonfly through 1.28.2 allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer. | ||||
| CVE-2025-28009 | 2025-04-17 | 9.8 Critical | ||
| A SQL Injection vulnerability exists in the `u` parameter of the progress-body-weight.php endpoint of Dietiqa App v1.0.20. | ||||
| CVE-2025-27338 | 2025-04-17 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in graphems List Urls allows Reflected XSS. This issue affects List Urls: from n/a through 0.2. | ||||
| CVE-2025-32520 | 2025-04-17 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem WordPress Health and Server Condition – Integrated with Google Page Speed allows Reflected XSS. This issue affects WordPress Health and Server Condition – Integrated with Google Page Speed: from n/a through 4.1.1. | ||||
| CVE-2025-32635 | 2025-04-17 | 7.5 High | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support allows Retrieve Embedded Sensitive Data. This issue affects Hive Support: from n/a through 1.2.2. | ||||
| CVE-2025-39455 | 2025-04-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location Variables allows Reflected XSS. This issue affects IP2Location Variables: from n/a through 2.9.5. | ||||