CVE-2025-30673 - Perl Sub::HandlesVia Remote Code Execution Vulnerability
CVE ID : CVE-2025-30673
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30673
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31515 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-31515
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31515
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31516 - Apache OpenOffice Unvalidated User Input
CVE ID : CVE-2025-31516
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31516
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31517 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-31517
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31517
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31518 - Apache Web Server Cross-Site Request Forgery
CVE ID : CVE-2025-31518
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31518
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31519 - Citrix NetScaler Denial of Service
CVE ID : CVE-2025-31519
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31519
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31520 - VMware VMFS File System Directory Traversal
CVE ID : CVE-2025-31520
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31520
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31521 - Apache HTTP Server Remote Code Execution Vulnerability
CVE ID : CVE-2025-31521
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31521
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31522 - Apache HTTP Server XML Entity Injection
CVE ID : CVE-2025-31522
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31522
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31523 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-31523
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31523
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3051 - Linux::Statm::Tiny Remote Code Execution Vulnerability
CVE ID : CVE-2025-3051
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Linux::Statm::Tiny uses Mite to produce the affected code section due to CVE-2025-30672
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3051
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Linux::Statm::Tiny uses Mite to produce the affected code section due to CVE-2025-30672
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0416 - Valmet DNA DCOM Privilege Escalation Vulnerability
CVE ID : CVE-2025-0416
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0416
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0417 - Valmet DNA Operate Brute Force Authentication Bypass
CVE ID : CVE-2025-0417
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0417
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0418 - Valmet DNA Plain Text Password Vulnerability
CVE ID : CVE-2025-0418
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0418
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1534 - Payara Platform Payara Server Cross-site Scripting Remote Code Inclusion
CVE ID : CVE-2025-1534
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1534
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30886 - JoomSky JS Help Desk SQL Injection
CVE ID : CVE-2025-30886
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30886
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30901 - JoomSky JS Help Desk PHP Remote File Inclusion
CVE ID : CVE-2025-30901
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk allows PHP Local File Inclusion. This issue affects JS Help Desk: from n/a through 2.9.2.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30901
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk allows PHP Local File Inclusion. This issue affects JS Help Desk: from n/a through 2.9.2.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30902 - ATL Software SRL AEC Kiosque Cross-Site Scripting (XSS)
CVE ID : CVE-2025-30902
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ATL Software SRL AEC Kiosque allows Reflected XSS. This issue affects AEC Kiosque: from n/a through 1.9.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30902
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ATL Software SRL AEC Kiosque allows Reflected XSS. This issue affects AEC Kiosque: from n/a through 1.9.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30910 - CreativeMindsSolutions CM Download Manager Path Traversal Vulnerability
CVE ID : CVE-2025-30910
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CreativeMindsSolutions CM Download Manager allows Path Traversal. This issue affects CM Download Manager: from n/a through 2.9.6.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30910
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CreativeMindsSolutions CM Download Manager allows Path Traversal. This issue affects CM Download Manager: from n/a through 2.9.6.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30911 - Rometheme RomethemeKit For Elementor Command Injection Vulnerability
CVE ID : CVE-2025-30911
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30911
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30917 - WooCommerce SKU Generator Cross-site Scripting Vulnerability
CVE ID : CVE-2025-30917
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham SKU Generator for WooCommerce allows Reflected XSS. This issue affects SKU Generator for WooCommerce: from n/a through 1.6.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30917
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham SKU Generator for WooCommerce allows Reflected XSS. This issue affects SKU Generator for WooCommerce: from n/a through 1.6.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...