CVE-2025-31564 - Aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT) SQL Injection Vulnerability
CVE ID : CVE-2025-31564
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Blind SQL Injection. This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.7.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31564
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Blind SQL Injection. This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.7.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31568 - Wiredminds LeadLab Cross-site Scripting
CVE ID : CVE-2025-31568
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wiredmindshelp LeadLab by wiredminds allows Reflected XSS. This issue affects LeadLab by wiredminds: from n/a through 1.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31568
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wiredmindshelp LeadLab by wiredminds allows Reflected XSS. This issue affects LeadLab by wiredminds: from n/a through 1.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31571 - Cynob IT Consultancy The Logo Slider Cross-site Scripting
CVE ID : CVE-2025-31571
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy The Logo Slider allows Reflected XSS. This issue affects The Logo Slider: from n/a through 1.0.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31571
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy The Logo Slider allows Reflected XSS. This issue affects The Logo Slider: from n/a through 1.0.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31578 - Wisdomlogix Solutions Pvt. Ltd. Fonts Manager Cross-site Scripting (XSS)
CVE ID : CVE-2025-31578
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts allows Reflected XSS. This issue affects Fonts Manager | Custom Fonts: from n/a through 1.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31578
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts allows Reflected XSS. This issue affects Fonts Manager | Custom Fonts: from n/a through 1.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31579 - EXEIdeas International WP AutoKeyword SQL Injection
CVE ID : CVE-2025-31579
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EXEIdeas International WP AutoKeyword allows SQL Injection. This issue affects WP AutoKeyword: from n/a through 1.0.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31579
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EXEIdeas International WP AutoKeyword allows SQL Injection. This issue affects WP AutoKeyword: from n/a through 1.0.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31580 - Anzar Ahmed Ni WooCommerce Product Enquiry Missing Authorization Vulnerability
CVE ID : CVE-2025-31580
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ni WooCommerce Product Enquiry: from n/a through 4.1.8.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31580
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ni WooCommerce Product Enquiry: from n/a through 4.1.8.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31594 - WordPress Auto Scroll for Reading Cross-Site Scripting (XSS)
CVE ID : CVE-2025-31594
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPglob Auto scroll for reading allows Reflected XSS. This issue affects Auto scroll for reading: from n/a through 1.1.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31594
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPglob Auto scroll for reading allows Reflected XSS. This issue affects Auto scroll for reading: from n/a through 1.1.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31612 - Sabuj Kundu CBX Poll Object Injection Vulnerability
CVE ID : CVE-2025-31612
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Poll allows Object Injection. This issue affects CBX Poll: from n/a through 1.2.7.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31612
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Poll allows Object Injection. This issue affects CBX Poll: from n/a through 1.2.7.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31619 - Actionwear SQL Injection
CVE ID : CVE-2025-31619
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync allows SQL Injection. This issue affects Actionwear products sync: from n/a through 2.3.3.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31619
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync allows SQL Injection. This issue affects Actionwear products sync: from n/a through 2.3.3.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31628 - SlicedInvoices Missing Authorization
CVE ID : CVE-2025-31628
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Missing Authorization vulnerability in SlicedInvoices Sliced Invoices. This issue affects Sliced Invoices: from n/a through 3.9.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31628
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Missing Authorization vulnerability in SlicedInvoices Sliced Invoices. This issue affects Sliced Invoices: from n/a through 3.9.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31753 - Animesh Kumar Advanced Speed Increaser CSRF Vulnerability
CVE ID : CVE-2025-31753
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Animesh Kumar Advanced Speed Increaser. This issue affects Advanced Speed Increaser: from n/a through 2.2.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31753
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Animesh Kumar Advanced Speed Increaser. This issue affects Advanced Speed Increaser: from n/a through 2.2.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31819 - Pixelgrade Nova Blocks Cross-site Scripting Vulnerability
CVE ID : CVE-2025-31819
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks by Pixelgrade. This issue affects Nova Blocks by Pixelgrade: from n/a through 2.1.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31819
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks by Pixelgrade. This issue affects Nova Blocks by Pixelgrade: from n/a through 2.1.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31889 - Elementor Extensions Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-31889
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a through 2.0.40.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31889
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a through 2.0.40.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-46988 - ONLYOFFICE Document Server File Path Traversal Vulnerability
CVE ID : CVE-2023-46988
Published : April 1, 2025, 10:15 p.m. | 16 minutes ago
Description : Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-46988
Published : April 1, 2025, 10:15 p.m. | 16 minutes ago
Description : Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30356 - "CryptoLib Heap Buffer Overflow Vulnerability"
CVE ID : CVE-2025-30356
Published : April 1, 2025, 10:15 p.m. | 16 minutes ago
Description : CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent unsafe calculations. As a result, an attacker can still craft malicious frames that cause a negative tf_payload_len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30356
Published : April 1, 2025, 10:15 p.m. | 16 minutes ago
Description : CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent unsafe calculations. As a result, an attacker can still craft malicious frames that cause a negative tf_payload_len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31135 - Go-Guerrilla SMTP Daemon Reverse Proxy IP Spoofing Vulnerability
CVE ID : CVE-2025-31135
Published : April 1, 2025, 10:15 p.m. | 16 minutes ago
Description : Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is considered part of the exchange between client and server, so the client is free to send further PROXY commands with whatever data it pleases. go-guerrilla will treat these as coming from the reverse proxy, allowing a client to spoof its IP address. This vulnerability is fixed in 1.6.7.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31135
Published : April 1, 2025, 10:15 p.m. | 16 minutes ago
Description : Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is considered part of the exchange between client and server, so the client is free to send further PROXY commands with whatever data it pleases. go-guerrilla will treat these as coming from the reverse proxy, allowing a client to spoof its IP address. This vulnerability is fixed in 1.6.7.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27692 - Dell Wyse Management Suite Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-27692
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27692
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27693 - Dell Wyse Management Suite Cross-site Scripting Vulnerability
CVE ID : CVE-2025-27693
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27693
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27694 - Dell Wyse Management Suite Insufficient Resource Pool Denial of Service Vulnerability
CVE ID : CVE-2025-27694
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27694
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29981 - Dell Wyse Management Suite Exposure of Sensitive Information Through Data Queries Vulnerability
CVE ID : CVE-2025-29981
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29981
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29982 - Dell Wyse Management Suite Insecure Inherited Permissions Unauthorized Access Vulnerability
CVE ID : CVE-2025-29982
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29982
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...