CVE-2025-0416 - Valmet DNA DCOM Privilege Escalation Vulnerability
CVE ID : CVE-2025-0416
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0416
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0417 - Valmet DNA Operate Brute Force Authentication Bypass
CVE ID : CVE-2025-0417
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0417
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0418 - Valmet DNA Plain Text Password Vulnerability
CVE ID : CVE-2025-0418
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0418
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1534 - Payara Platform Payara Server Cross-site Scripting Remote Code Inclusion
CVE ID : CVE-2025-1534
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1534
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30886 - JoomSky JS Help Desk SQL Injection
CVE ID : CVE-2025-30886
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30886
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30901 - JoomSky JS Help Desk PHP Remote File Inclusion
CVE ID : CVE-2025-30901
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk allows PHP Local File Inclusion. This issue affects JS Help Desk: from n/a through 2.9.2.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30901
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk allows PHP Local File Inclusion. This issue affects JS Help Desk: from n/a through 2.9.2.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30902 - ATL Software SRL AEC Kiosque Cross-Site Scripting (XSS)
CVE ID : CVE-2025-30902
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ATL Software SRL AEC Kiosque allows Reflected XSS. This issue affects AEC Kiosque: from n/a through 1.9.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30902
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ATL Software SRL AEC Kiosque allows Reflected XSS. This issue affects AEC Kiosque: from n/a through 1.9.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30910 - CreativeMindsSolutions CM Download Manager Path Traversal Vulnerability
CVE ID : CVE-2025-30910
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CreativeMindsSolutions CM Download Manager allows Path Traversal. This issue affects CM Download Manager: from n/a through 2.9.6.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30910
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CreativeMindsSolutions CM Download Manager allows Path Traversal. This issue affects CM Download Manager: from n/a through 2.9.6.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30911 - Rometheme RomethemeKit For Elementor Command Injection Vulnerability
CVE ID : CVE-2025-30911
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30911
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30917 - WooCommerce SKU Generator Cross-site Scripting Vulnerability
CVE ID : CVE-2025-30917
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham SKU Generator for WooCommerce allows Reflected XSS. This issue affects SKU Generator for WooCommerce: from n/a through 1.6.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30917
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham SKU Generator for WooCommerce allows Reflected XSS. This issue affects SKU Generator for WooCommerce: from n/a through 1.6.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30924 - Primer MyData for Woocommerce Cross-site Scripting
CVE ID : CVE-2025-30924
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce allows Reflected XSS. This issue affects Primer MyData for Woocommerce: from n/a through n/a.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30924
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce allows Reflected XSS. This issue affects Primer MyData for Woocommerce: from n/a through n/a.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30926 - KingAddons.com King Addons for Elementor Missing Authorization Vulnerability
CVE ID : CVE-2025-30926
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Missing Authorization vulnerability in KingAddons.com King Addons for Elementor. This issue affects King Addons for Elementor: from n/a through 24.12.58.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30926
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Missing Authorization vulnerability in KingAddons.com King Addons for Elementor. This issue affects King Addons for Elementor: from n/a through 24.12.58.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30971 - Xavi Ivars XV Random Quotes SQL Injection Vulnerability
CVE ID : CVE-2025-30971
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xavi Ivars XV Random Quotes allows SQL Injection. This issue affects XV Random Quotes: from n/a through 1.40.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30971
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xavi Ivars XV Random Quotes allows SQL Injection. This issue affects XV Random Quotes: from n/a through 1.40.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31001 - TLA Media GTM Kit Debug Information Leak
CVE ID : CVE-2025-31001
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit allows Retrieve Embedded Sensitive Data. This issue affects GTM Kit: from n/a through 2.3.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31001
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit allows Retrieve Embedded Sensitive Data. This issue affects GTM Kit: from n/a through 2.3.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31024 - RJ Quickcharts SQL Injection
CVE ID : CVE-2025-31024
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in randyjensen RJ Quickcharts allows SQL Injection. This issue affects RJ Quickcharts: from n/a through 0.6.1.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31024
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in randyjensen RJ Quickcharts allows SQL Injection. This issue affects RJ Quickcharts: from n/a through 0.6.1.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31074 - MDJM Event Management Object Injection Vulnerability
CVE ID : CVE-2025-31074
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Deserialization of Untrusted Data vulnerability in MDJM MDJM Event Management allows Object Injection. This issue affects MDJM Event Management: from n/a through 1.7.5.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31074
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Deserialization of Untrusted Data vulnerability in MDJM MDJM Event Management allows Object Injection. This issue affects MDJM Event Management: from n/a through 1.7.5.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31084 - Sunshine Photo Cart Object Injection Vulnerability
CVE ID : CVE-2025-31084
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection. This issue affects Sunshine Photo Cart: from n/a through 3.4.10.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31084
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection. This issue affects Sunshine Photo Cart: from n/a through 3.4.10.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31087 - Silverplugins217 Woocommerce Object Injection Vulnerability
CVE ID : CVE-2025-31087
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Deserialization of Untrusted Data vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows Object Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.5.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31087
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Deserialization of Untrusted Data vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows Object Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.5.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31095 - Ho3einie Material Dashboard Authentication Bypass
CVE ID : CVE-2025-31095
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in ho3einie Material Dashboard allows Authentication Bypass. This issue affects Material Dashboard: from n/a through 1.4.5.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31095
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in ho3einie Material Dashboard allows Authentication Bypass. This issue affects Material Dashboard: from n/a through 1.4.5.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31409 - NotFound Bridge Core Cross-site Scripting (XSS)
CVE ID : CVE-2025-31409
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31409
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31415 - YayCommerce YayExtra Missing Authorization Vulnerability
CVE ID : CVE-2025-31415
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Missing Authorization vulnerability in YayCommerce YayExtra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YayExtra: from n/a through 1.5.2.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31415
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Missing Authorization vulnerability in YayCommerce YayExtra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YayExtra: from n/a through 1.5.2.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...