CVE-2025-2832 - Mingyuefusu Tushuguanlixitong Cross-Site Request Forgery Vulnerability
CVE ID : CVE-2025-2832
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2832
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2833 - Zhangyd-c OneBlog Regular Expression Inefficient Complexity Remote Vulnerability
CVE ID : CVE-2025-2833
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2833
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2835 - Zhangyd-c OneBlog SSRF Vulnerability
CVE ID : CVE-2025-2835
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2835
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31105 - Apache HTTP Server Unvalidated Request Parameter
CVE ID : CVE-2025-31105
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31105
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31106 - Apache HTTP Server Directory Traversal
CVE ID : CVE-2025-31106
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31106
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31107 - Fortinet SSL/TLS Rejected Reason
CVE ID : CVE-2025-31107
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31107
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31108 - Apache HTTP Server Regular Expression Denial of Service
CVE ID : CVE-2025-31108
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31108
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31109 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-31109
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31109
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31110 - Google Maps Arbitrary Code Execution
CVE ID : CVE-2025-31110
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31110
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31111 - Apache Server Unvalidated User Input
CVE ID : CVE-2025-31111
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31111
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31112 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-31112
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31112
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31113 - Apache Struts Remote Code Execution
CVE ID : CVE-2025-31113
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31113
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31165 - NightWolf Penetration Testing Platform Logbug XSS
CVE ID : CVE-2025-31165
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31165
Published : March 27, 2025, 4:15 a.m. | 1 hour, 43 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0273 - HCL DevOps Deploy/HCL Launch Authentication Token Information Disclosure Vulnerability
CVE ID : CVE-2025-0273
Published : March 27, 2025, 5:15 a.m. | 43 minutes ago
Description : HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0273
Published : March 27, 2025, 5:15 a.m. | 43 minutes ago
Description : HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2332 - WordPress Export All Posts, Products, Orders, Refunds & Users PHP Object Injection Vulnerability
CVE ID : CVE-2025-2332
Published : March 27, 2025, 6:15 a.m. | 3 hours, 43 minutes ago
Description : The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2332
Published : March 27, 2025, 6:15 a.m. | 3 hours, 43 minutes ago
Description : The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2685 - TablePress WordPress Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-2685
Published : March 27, 2025, 6:15 a.m. | 3 hours, 43 minutes ago
Description : The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2685
Published : March 27, 2025, 6:15 a.m. | 3 hours, 43 minutes ago
Description : The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45353 - Xiaomi Quick App Framework Intent Redirection Vulnerability
CVE ID : CVE-2024-45353
Published : March 27, 2025, 7:15 a.m. | 2 hours, 43 minutes ago
Description : An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45353
Published : March 27, 2025, 7:15 a.m. | 2 hours, 43 minutes ago
Description : An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45354 - Xiaomi Shop Code Execution Vulnerability
CVE ID : CVE-2024-45354
Published : March 27, 2025, 7:15 a.m. | 2 hours, 43 minutes ago
Description : A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45354
Published : March 27, 2025, 7:15 a.m. | 2 hours, 43 minutes ago
Description : A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45355 - Xiaomi Phone Framework Unauthorized Access Vulnerability
CVE ID : CVE-2024-45355
Published : March 27, 2025, 7:15 a.m. | 2 hours, 43 minutes ago
Description : A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45355
Published : March 27, 2025, 7:15 a.m. | 2 hours, 43 minutes ago
Description : A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45356 - Xiaomi Phone Framework Unauthorized Access Vulnerability
CVE ID : CVE-2024-45356
Published : March 27, 2025, 8:15 a.m. | 1 hour, 44 minutes ago
Description : A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45356
Published : March 27, 2025, 8:15 a.m. | 1 hour, 44 minutes ago
Description : A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45361 - Xiaomi Mi Connect Service APP Information Disclosure Vulnerability
CVE ID : CVE-2024-45361
Published : March 27, 2025, 8:15 a.m. | 1 hour, 44 minutes ago
Description : A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45361
Published : March 27, 2025, 8:15 a.m. | 1 hour, 44 minutes ago
Description : A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...