CVE-2025-28132 - Nagios Network Analyzer Session Reuse Vulnerability
CVE ID : CVE-2025-28132
Published : April 1, 2025, 5:15 p.m. | 2 hours, 27 minutes ago
Description : A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing an attacker to impersonate users and perform actions on their behalf.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28132
Published : April 1, 2025, 5:15 p.m. | 2 hours, 27 minutes ago
Description : A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing an attacker to impersonate users and perform actions on their behalf.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2018-1472 - OpenVAS Apache Vulnerability Disclosure
CVE ID : CVE-2018-1472
Published : April 1, 2025, 6:15 p.m. | 1 hour, 28 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was erroneously associated with an open source vulnerability by another vendor.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2018-1472
Published : April 1, 2025, 6:15 p.m. | 1 hour, 28 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was erroneously associated with an open source vulnerability by another vendor.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29208 - CodeZips Gym Management System SQL Injection
CVE ID : CVE-2025-29208
Published : April 1, 2025, 6:15 p.m. | 1 hour, 28 minutes ago
Description : CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29208
Published : April 1, 2025, 6:15 p.m. | 1 hour, 28 minutes ago
Description : CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26054 - Infinxt iEdge 100 XSS
CVE ID : CVE-2025-26054
Published : April 1, 2025, 7:15 p.m. | 27 minutes ago
Description : Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting (XSS) via the "Description" field during LAN configuration.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26054
Published : April 1, 2025, 7:15 p.m. | 27 minutes ago
Description : Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting (XSS) via the "Description" field during LAN configuration.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26055 - Infinxt iEdge Command Injection Vulnerability
CVE ID : CVE-2025-26055
Published : April 1, 2025, 7:15 p.m. | 27 minutes ago
Description : An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module, specifically in the tracertVal parameter of the Tracert function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26055
Published : April 1, 2025, 7:15 p.m. | 27 minutes ago
Description : An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module, specifically in the tracertVal parameter of the Tracert function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26056 - Infinxt iEdge 100 Command Injection Vulnerability
CVE ID : CVE-2025-26056
Published : April 1, 2025, 7:15 p.m. | 27 minutes ago
Description : A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary operating system commands on the underlying system with the same privileges as the web application process.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26056
Published : April 1, 2025, 7:15 p.m. | 27 minutes ago
Description : A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary operating system commands on the underlying system with the same privileges as the web application process.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31137 - Remix/React Router URL Spoofing Vulnerability
CVE ID : CVE-2025-31137
Published : April 1, 2025, 7:15 p.m. | 27 minutes ago
Description : React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31137
Published : April 1, 2025, 7:15 p.m. | 27 minutes ago
Description : React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3096 - "MedCare Patient Management System SQL Injection"
CVE ID : CVE-2025-3096
Published : April 1, 2025, 7:15 p.m. | 27 minutes ago
Description : Clinic’s Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3096
Published : April 1, 2025, 7:15 p.m. | 27 minutes ago
Description : Clinic’s Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31537 - Madfishdigital Bulk NoIndex & NoFollow Toolkit Cross-site Scripting
CVE ID : CVE-2025-31537
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in madfishdigital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS. This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.16.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31537
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in madfishdigital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS. This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.16.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31548 - M. Tuhin Ultimate Push Notifications Cross-site Scripting
CVE ID : CVE-2025-31548
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Tuhin Ultimate Push Notifications allows Reflected XSS. This issue affects Ultimate Push Notifications: from n/a through 1.1.8.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31548
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Tuhin Ultimate Push Notifications allows Reflected XSS. This issue affects Ultimate Push Notifications: from n/a through 1.1.8.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31550 - Thom4 WP-LESS Externally-Accessible Sensitive Data Disclosure
CVE ID : CVE-2025-31550
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in thom4 WP-LESS allows Retrieve Embedded Sensitive Data. This issue affects WP-LESS: from 1.9.3 through 3.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31550
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in thom4 WP-LESS allows Retrieve Embedded Sensitive Data. This issue affects WP-LESS: from 1.9.3 through 3.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31551 - Salesmate.io Salesmate Add-On for Gravity Forms SQL Injection
CVE ID : CVE-2025-31551
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms allows SQL Injection. This issue affects Salesmate Add-On for Gravity Forms: from n/a through 2.0.3.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31551
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms allows SQL Injection. This issue affects Salesmate Add-On for Gravity Forms: from n/a through 2.0.3.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31552 - RSVPMarker SQL Injection
CVE ID : CVE-2025-31552
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker allows SQL Injection. This issue affects RSVPMarker : from n/a through 11.4.8.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31552
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker allows SQL Injection. This issue affects RSVPMarker : from n/a through 11.4.8.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31553 - WordPress Factory Advanced WooCommerce SQL Injection
CVE ID : CVE-2025-31553
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting allows SQL Injection. This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through 3.1.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31553
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting allows SQL Injection. This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through 3.1.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31560 - Dimitri Grassi Salon Booking System Privilege Escalation Vulnerability
CVE ID : CVE-2025-31560
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system allows Privilege Escalation. This issue affects Salon booking system: from n/a through 10.11.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31560
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system allows Privilege Escalation. This issue affects Salon booking system: from n/a through 10.11.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31561 - M. Tuhin Ultimate Push Notifications SQL Injection
CVE ID : CVE-2025-31561
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M. Tuhin Ultimate Push Notifications allows SQL Injection. This issue affects Ultimate Push Notifications: from n/a through 1.1.8.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31561
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M. Tuhin Ultimate Push Notifications allows SQL Injection. This issue affects Ultimate Push Notifications: from n/a through 1.1.8.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31563 - Vimal Kava AI Search Bar Cross-site Scripting (XSS)
CVE ID : CVE-2025-31563
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vimal Kava AI Search Bar allows Stored XSS. This issue affects AI Search Bar: from n/a through 1.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31563
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vimal Kava AI Search Bar allows Stored XSS. This issue affects AI Search Bar: from n/a through 1.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31564 - Aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT) SQL Injection Vulnerability
CVE ID : CVE-2025-31564
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Blind SQL Injection. This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.7.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31564
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Blind SQL Injection. This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.7.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31568 - Wiredminds LeadLab Cross-site Scripting
CVE ID : CVE-2025-31568
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wiredmindshelp LeadLab by wiredminds allows Reflected XSS. This issue affects LeadLab by wiredminds: from n/a through 1.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31568
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wiredmindshelp LeadLab by wiredminds allows Reflected XSS. This issue affects LeadLab by wiredminds: from n/a through 1.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31571 - Cynob IT Consultancy The Logo Slider Cross-site Scripting
CVE ID : CVE-2025-31571
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy The Logo Slider allows Reflected XSS. This issue affects The Logo Slider: from n/a through 1.0.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31571
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy The Logo Slider allows Reflected XSS. This issue affects The Logo Slider: from n/a through 1.0.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31578 - Wisdomlogix Solutions Pvt. Ltd. Fonts Manager Cross-site Scripting (XSS)
CVE ID : CVE-2025-31578
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts allows Reflected XSS. This issue affects Fonts Manager | Custom Fonts: from n/a through 1.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31578
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts allows Reflected XSS. This issue affects Fonts Manager | Custom Fonts: from n/a through 1.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...