CVE-2025-0273 - HCL DevOps Deploy/HCL Launch Authentication Token Information Disclosure Vulnerability
CVE ID : CVE-2025-0273
Published : March 27, 2025, 5:15 a.m. | 43 minutes ago
Description : HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0273
Published : March 27, 2025, 5:15 a.m. | 43 minutes ago
Description : HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2332 - WordPress Export All Posts, Products, Orders, Refunds & Users PHP Object Injection Vulnerability
CVE ID : CVE-2025-2332
Published : March 27, 2025, 6:15 a.m. | 3 hours, 43 minutes ago
Description : The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2332
Published : March 27, 2025, 6:15 a.m. | 3 hours, 43 minutes ago
Description : The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2685 - TablePress WordPress Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-2685
Published : March 27, 2025, 6:15 a.m. | 3 hours, 43 minutes ago
Description : The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2685
Published : March 27, 2025, 6:15 a.m. | 3 hours, 43 minutes ago
Description : The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45353 - Xiaomi Quick App Framework Intent Redirection Vulnerability
CVE ID : CVE-2024-45353
Published : March 27, 2025, 7:15 a.m. | 2 hours, 43 minutes ago
Description : An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45353
Published : March 27, 2025, 7:15 a.m. | 2 hours, 43 minutes ago
Description : An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45354 - Xiaomi Shop Code Execution Vulnerability
CVE ID : CVE-2024-45354
Published : March 27, 2025, 7:15 a.m. | 2 hours, 43 minutes ago
Description : A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45354
Published : March 27, 2025, 7:15 a.m. | 2 hours, 43 minutes ago
Description : A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45355 - Xiaomi Phone Framework Unauthorized Access Vulnerability
CVE ID : CVE-2024-45355
Published : March 27, 2025, 7:15 a.m. | 2 hours, 43 minutes ago
Description : A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45355
Published : March 27, 2025, 7:15 a.m. | 2 hours, 43 minutes ago
Description : A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45356 - Xiaomi Phone Framework Unauthorized Access Vulnerability
CVE ID : CVE-2024-45356
Published : March 27, 2025, 8:15 a.m. | 1 hour, 44 minutes ago
Description : A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45356
Published : March 27, 2025, 8:15 a.m. | 1 hour, 44 minutes ago
Description : A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45361 - Xiaomi Mi Connect Service APP Information Disclosure Vulnerability
CVE ID : CVE-2024-45361
Published : March 27, 2025, 8:15 a.m. | 1 hour, 44 minutes ago
Description : A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45361
Published : March 27, 2025, 8:15 a.m. | 1 hour, 44 minutes ago
Description : A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30898 - MahdiY WooCommerce Transport Plugin Cross-Site Scripting (XSS)
CVE ID : CVE-2025-30898
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahdi Yousefi [MahdiY] افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) allows Stored XSS. This issue affects افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری): from n/a through 4.2.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30898
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahdi Yousefi [MahdiY] افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) allows Stored XSS. This issue affects افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری): from n/a through 4.2.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30899 - Wpeverest Stored Cross-site Scripting Vulnerability
CVE ID : CVE-2025-30899
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Stored XSS. This issue affects User Registration: from n/a through 4.0.3.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30899
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Stored XSS. This issue affects User Registration: from n/a through 4.0.3.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30900 - Zoho Subscriptions Cross-site Scripting
CVE ID : CVE-2025-30900
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho Billing – Embed Payment Form: from n/a through 4.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30900
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho Billing – Embed Payment Form: from n/a through 4.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30903 - Alex Mills SyntaxHighlighter Evolved Cross-Site Scripting
CVE ID : CVE-2025-30903
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Mills SyntaxHighlighter Evolved allows DOM-Based XSS. This issue affects SyntaxHighlighter Evolved: from n/a through 3.7.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30903
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Mills SyntaxHighlighter Evolved allows DOM-Based XSS. This issue affects SyntaxHighlighter Evolved: from n/a through 3.7.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30904 - Ays Pro Chartify Stored Cross-site Scripting Vulnerability
CVE ID : CVE-2025-30904
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify allows Stored XSS. This issue affects Chartify: from n/a through 3.1.7.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30904
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify allows Stored XSS. This issue affects Chartify: from n/a through 3.1.7.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30907 - SecuPress Free Cross-site Scripting (XSS)
CVE ID : CVE-2025-30907
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30907
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30909 - Conversios.io Missing Authorization Vulnerability
CVE ID : CVE-2025-30909
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Conversios.io: from n/a through 7.2.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30909
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Conversios.io: from n/a through 7.2.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30912 - Wow-Company Float Menu CSRF
CVE ID : CVE-2025-30912
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Float menu allows Cross Site Request Forgery. This issue affects Float menu: from n/a through 6.1.2.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30912
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Float menu allows Cross Site Request Forgery. This issue affects Float menu: from n/a through 6.1.2.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30914 - XpeedStudio Metform SSRF
CVE ID : CVE-2025-30914
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in XpeedStudio Metform allows Server Side Request Forgery. This issue affects Metform: from n/a through 3.9.2.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30914
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in XpeedStudio Metform allows Server Side Request Forgery. This issue affects Metform: from n/a through 3.9.2.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30918 - Codemacher Structured Content Cross-Site Scripting (XSS)
CVE ID : CVE-2025-30918
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codemacher Structured Content allows Stored XSS. This issue affects Structured Content: from n/a through 1.6.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30918
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codemacher Structured Content allows Stored XSS. This issue affects Structured Content: from n/a through 1.6.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30919 - Store Locator Widget CSRF Stored XSS
CVE ID : CVE-2025-30919
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget allows Stored XSS. This issue affects Store Locator Widget: from n/a through 20200131.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30919
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget allows Stored XSS. This issue affects Store Locator Widget: from n/a through 20200131.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30920 - Teastudio.pl WP Posts Carousel Cross-site Scripting
CVE ID : CVE-2025-30920
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30920
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30921 - Tribulant Software Newsletters SQL Injection
CVE ID : CVE-2025-30921
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Software Newsletters allows SQL Injection. This issue affects Newsletters: from n/a through 4.9.9.7.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30921
Published : March 27, 2025, 11:15 a.m. | 2 hours, 43 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Software Newsletters allows SQL Injection. This issue affects Newsletters: from n/a through 4.9.9.7.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...