CVE-2025-27692 - Dell Wyse Management Suite Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-27692
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27692
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27693 - Dell Wyse Management Suite Cross-site Scripting Vulnerability
CVE ID : CVE-2025-27693
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27693
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27694 - Dell Wyse Management Suite Insufficient Resource Pool Denial of Service Vulnerability
CVE ID : CVE-2025-27694
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27694
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29981 - Dell Wyse Management Suite Exposure of Sensitive Information Through Data Queries Vulnerability
CVE ID : CVE-2025-29981
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29981
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29982 - Dell Wyse Management Suite Insecure Inherited Permissions Unauthorized Access Vulnerability
CVE ID : CVE-2025-29982
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29982
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3066 - Google Chrome Use-After-Free in Navigations Vulnerability
CVE ID : CVE-2025-3066
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Use after free in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3066
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Use after free in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3067 - Google Chrome Android Custom Tabs Privilege Escalation Vulnerability
CVE ID : CVE-2025-3067
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3067
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3068 - Google Chrome Android Intents Privilege Escalation Vulnerability
CVE ID : CVE-2025-3068
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3068
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3069 - Google Chrome Extension Privilege Escalation Vulnerability
CVE ID : CVE-2025-3069
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3069
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3070 - Google Chrome Extension Input Validation Privilege Escalation Vulnerability
CVE ID : CVE-2025-3070
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3070
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3071 - Google Chrome Navigation Same-Origin Policy Bypass Vulnerability
CVE ID : CVE-2025-3071
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3071
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3072 - Google Chrome Custom Tabs UI Spoofing Vulnerability
CVE ID : CVE-2025-3072
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3072
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3073 - Google Chrome Autofill UI Spoofing Vulnerability
CVE ID : CVE-2025-3073
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3073
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3074 - Google Chrome UI Spoofing Vulnerability
CVE ID : CVE-2025-3074
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3074
Published : April 2, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2779 - WordPress HT Script Plugin Unauthenticated Data Modification Vulnerability
CVE ID : CVE-2025-2779
Published : April 2, 2025, 2:15 a.m. | 20 minutes ago
Description : The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2779
Published : April 2, 2025, 2:15 a.m. | 20 minutes ago
Description : The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25060 - AssetView Unauthenticated File Access and Deletion Vulnerability
CVE ID : CVE-2025-25060
Published : April 2, 2025, 4:15 a.m. | 2 hours, 16 minutes ago
Description : Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25060
Published : April 2, 2025, 4:15 a.m. | 2 hours, 16 minutes ago
Description : Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27244 - AssetView Information Disclosure Vulnerability
CVE ID : CVE-2025-27244
Published : April 2, 2025, 4:15 a.m. | 2 hours, 16 minutes ago
Description : AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27244
Published : April 2, 2025, 4:15 a.m. | 2 hours, 16 minutes ago
Description : AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-36465 - Zabbix SQL Injection Vulnerability
CVE ID : CVE-2024-36465
Published : April 2, 2025, 6:15 a.m. | 16 minutes ago
Description : A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-36465
Published : April 2, 2025, 6:15 a.m. | 16 minutes ago
Description : A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-36469 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2024-36469
Published : April 2, 2025, 7:15 a.m. | 3 hours, 16 minutes ago
Description : Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-36469
Published : April 2, 2025, 7:15 a.m. | 3 hours, 16 minutes ago
Description : Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-42325 - Zabbix Information Disclosure
CVE ID : CVE-2024-42325
Published : April 2, 2025, 7:15 a.m. | 3 hours, 16 minutes ago
Description : Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-42325
Published : April 2, 2025, 7:15 a.m. | 3 hours, 16 minutes ago
Description : Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45699 - Zabbix Cross-Site Scripting (XSS)
CVE ID : CVE-2024-45699
Published : April 2, 2025, 7:15 a.m. | 3 hours, 16 minutes ago
Description : The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45699
Published : April 2, 2025, 7:15 a.m. | 3 hours, 16 minutes ago
Description : The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...