CVE-2025-31092 - Ninja Team Click to Chat - WP Support All-in-One Floating Widget Cross-site Scripting Vulnerability
CVE ID : CVE-2025-31092
Published : March 28, 2025, 12:15 a.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS. This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31092
Published : March 28, 2025, 12:15 a.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS. This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1860 - Data::Entropy Perl Cryptographically Insecure Random Number Generation
CVE ID : CVE-2025-1860
Published : March 28, 2025, 1:15 a.m. | 44 minutes ago
Description : Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1860
Published : March 28, 2025, 1:15 a.m. | 44 minutes ago
Description : Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-49563 - Dell Unity OS Command Injection Vulnerability
CVE ID : CVE-2024-49563
Published : March 28, 2025, 2:15 a.m. | 3 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-49563
Published : March 28, 2025, 2:15 a.m. | 3 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-49564 - Dell Unity OS Command Injection
CVE ID : CVE-2024-49564
Published : March 28, 2025, 2:15 a.m. | 3 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-49564
Published : March 28, 2025, 2:15 a.m. | 3 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-49565 - Dell Unity OS Command Injection
CVE ID : CVE-2024-49565
Published : March 28, 2025, 2:15 a.m. | 3 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-49565
Published : March 28, 2025, 2:15 a.m. | 3 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22398 - "Dell Unity OS Command Injection Vulnerability"
CVE ID : CVE-2025-22398
Published : March 28, 2025, 2:15 a.m. | 3 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it can be leveraged to completely compromise the operating system. Dell recommends customers to upgrade at the earliest opportunity.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22398
Published : March 28, 2025, 2:15 a.m. | 3 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it can be leveraged to completely compromise the operating system. Dell recommends customers to upgrade at the earliest opportunity.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24382 - Dell Unity OS Command Injection
CVE ID : CVE-2025-24382
Published : March 28, 2025, 2:15 a.m. | 3 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24382
Published : March 28, 2025, 2:15 a.m. | 3 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24383 - Dell Unity OS Command Injection Vulnerability
CVE ID : CVE-2025-24383
Published : March 28, 2025, 2:15 a.m. | 3 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24383
Published : March 28, 2025, 2:15 a.m. | 3 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13939 - Apache::String::Compare::ConstantTime Timing Attack Vulnerability
CVE ID : CVE-2024-13939
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)." This is similar to CVE-2020-36829
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13939
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)." This is similar to CVE-2020-36829
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-49601 - Dell Unity OS Command Injection
CVE ID : CVE-2024-49601
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-49601
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23383 - Dell Unity OS Command Injection Vulnerability
CVE ID : CVE-2025-23383
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23383
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24377 - Dell Unity OS Command Injection
CVE ID : CVE-2025-24377
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24377
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24378 - Dell Unity OS Command Injection
CVE ID : CVE-2025-24378
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24378
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24379 - Dell Unity OS Command Injection
CVE ID : CVE-2025-24379
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24379
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24380 - Dell Unity OS Command Injection
CVE ID : CVE-2025-24380
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24380
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24381 - Dell Unity Open Redirect Vulnerability
CVE ID : CVE-2025-24381
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. Exploitation may allow for session theft.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24381
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. Exploitation may allow for session theft.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24385 - Dell Unity OS Command Injection
CVE ID : CVE-2025-24385
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24385
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24386 - Dell Unity OS Command Injection Vulnerability
CVE ID : CVE-2025-24386
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24386
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2894 - Go1 Unauthenticated Remote Command Execution Backdoor
CVE ID : CVE-2025-2894
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2894
Published : March 28, 2025, 3:15 a.m. | 2 hours, 44 minutes ago
Description : The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2294 - Kubio AI Page Builder for WordPress Local File Inclusion Vulnerability
CVE ID : CVE-2025-2294
Published : March 28, 2025, 5:15 a.m. | 44 minutes ago
Description : The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2294
Published : March 28, 2025, 5:15 a.m. | 44 minutes ago
Description : The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1762 - "WordPress Event Tickets with Ticket Scanner CSRF Settings Update"
CVE ID : CVE-2025-1762
Published : March 28, 2025, 6:15 a.m. | 3 hours, 44 minutes ago
Description : The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1762
Published : March 28, 2025, 6:15 a.m. | 3 hours, 44 minutes ago
Description : The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...