CVE-2025-31628 - SlicedInvoices Missing Authorization
CVE ID : CVE-2025-31628
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Missing Authorization vulnerability in SlicedInvoices Sliced Invoices. This issue affects Sliced Invoices: from n/a through 3.9.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31628
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Missing Authorization vulnerability in SlicedInvoices Sliced Invoices. This issue affects Sliced Invoices: from n/a through 3.9.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31753 - Animesh Kumar Advanced Speed Increaser CSRF Vulnerability
CVE ID : CVE-2025-31753
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Animesh Kumar Advanced Speed Increaser. This issue affects Advanced Speed Increaser: from n/a through 2.2.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31753
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Animesh Kumar Advanced Speed Increaser. This issue affects Advanced Speed Increaser: from n/a through 2.2.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31819 - Pixelgrade Nova Blocks Cross-site Scripting Vulnerability
CVE ID : CVE-2025-31819
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks by Pixelgrade. This issue affects Nova Blocks by Pixelgrade: from n/a through 2.1.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31819
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks by Pixelgrade. This issue affects Nova Blocks by Pixelgrade: from n/a through 2.1.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31889 - Elementor Extensions Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-31889
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a through 2.0.40.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31889
Published : April 1, 2025, 9:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a through 2.0.40.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-46988 - ONLYOFFICE Document Server File Path Traversal Vulnerability
CVE ID : CVE-2023-46988
Published : April 1, 2025, 10:15 p.m. | 16 minutes ago
Description : Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-46988
Published : April 1, 2025, 10:15 p.m. | 16 minutes ago
Description : Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30356 - "CryptoLib Heap Buffer Overflow Vulnerability"
CVE ID : CVE-2025-30356
Published : April 1, 2025, 10:15 p.m. | 16 minutes ago
Description : CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent unsafe calculations. As a result, an attacker can still craft malicious frames that cause a negative tf_payload_len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30356
Published : April 1, 2025, 10:15 p.m. | 16 minutes ago
Description : CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent unsafe calculations. As a result, an attacker can still craft malicious frames that cause a negative tf_payload_len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31135 - Go-Guerrilla SMTP Daemon Reverse Proxy IP Spoofing Vulnerability
CVE ID : CVE-2025-31135
Published : April 1, 2025, 10:15 p.m. | 16 minutes ago
Description : Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is considered part of the exchange between client and server, so the client is free to send further PROXY commands with whatever data it pleases. go-guerrilla will treat these as coming from the reverse proxy, allowing a client to spoof its IP address. This vulnerability is fixed in 1.6.7.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31135
Published : April 1, 2025, 10:15 p.m. | 16 minutes ago
Description : Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is considered part of the exchange between client and server, so the client is free to send further PROXY commands with whatever data it pleases. go-guerrilla will treat these as coming from the reverse proxy, allowing a client to spoof its IP address. This vulnerability is fixed in 1.6.7.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27692 - Dell Wyse Management Suite Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-27692
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27692
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27693 - Dell Wyse Management Suite Cross-site Scripting Vulnerability
CVE ID : CVE-2025-27693
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27693
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27694 - Dell Wyse Management Suite Insufficient Resource Pool Denial of Service Vulnerability
CVE ID : CVE-2025-27694
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27694
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29981 - Dell Wyse Management Suite Exposure of Sensitive Information Through Data Queries Vulnerability
CVE ID : CVE-2025-29981
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29981
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29982 - Dell Wyse Management Suite Insecure Inherited Permissions Unauthorized Access Vulnerability
CVE ID : CVE-2025-29982
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29982
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3066 - Google Chrome Use-After-Free in Navigations Vulnerability
CVE ID : CVE-2025-3066
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Use after free in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3066
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Use after free in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3067 - Google Chrome Android Custom Tabs Privilege Escalation Vulnerability
CVE ID : CVE-2025-3067
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3067
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3068 - Google Chrome Android Intents Privilege Escalation Vulnerability
CVE ID : CVE-2025-3068
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3068
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3069 - Google Chrome Extension Privilege Escalation Vulnerability
CVE ID : CVE-2025-3069
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3069
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3070 - Google Chrome Extension Input Validation Privilege Escalation Vulnerability
CVE ID : CVE-2025-3070
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3070
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3071 - Google Chrome Navigation Same-Origin Policy Bypass Vulnerability
CVE ID : CVE-2025-3071
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3071
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3072 - Google Chrome Custom Tabs UI Spoofing Vulnerability
CVE ID : CVE-2025-3072
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3072
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3073 - Google Chrome Autofill UI Spoofing Vulnerability
CVE ID : CVE-2025-3073
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3073
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3074 - Google Chrome UI Spoofing Vulnerability
CVE ID : CVE-2025-3074
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3074
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...