CVE-2025-2784 - Libsoup HTTP Response Heap Buffer Over-Read Vulnerability
CVE ID : CVE-2025-2784
Published : April 3, 2025, 3:15 a.m. | 3 hours, 19 minutes ago
Description : A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2784
Published : April 3, 2025, 3:15 a.m. | 3 hours, 19 minutes ago
Description : A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3136 - PyTorch CUDA Caching Allocator Memory Corruption Vulnerability
CVE ID : CVE-2025-3136
Published : April 3, 2025, 4:15 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3136
Published : April 3, 2025, 4:15 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3137 - PHPGurukul Online Security Guards Hiring System SQL Injection Vulnerability
CVE ID : CVE-2025-3137
Published : April 3, 2025, 4:15 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Online Security Guards Hiring System 1.0. Affected is an unknown function of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3137
Published : April 3, 2025, 4:15 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Online Security Guards Hiring System 1.0. Affected is an unknown function of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3138 - PHPGurukul Online Security Guards Hiring System SQL Injection Vulnerability
CVE ID : CVE-2025-3138
Published : April 3, 2025, 4:15 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability has been found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3138
Published : April 3, 2025, 4:15 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability has been found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3139 - Code-projects Bus Reservation System Buffer Overflow Vulnerability
CVE ID : CVE-2025-3139
Published : April 3, 2025, 4:15 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability was found in code-projects Bus Reservation System 1.0 and classified as critical. Affected by this issue is the function Login of the component Login Form. The manipulation of the argument Str1 leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3139
Published : April 3, 2025, 4:15 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability was found in code-projects Bus Reservation System 1.0 and classified as critical. Affected by this issue is the function Login of the component Login Form. The manipulation of the argument Str1 leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3140 - SourceCodester Online Medicine Ordering System SQL Injection
CVE ID : CVE-2025-3140
Published : April 3, 2025, 5:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /view_category.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3140
Published : April 3, 2025, 5:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /view_category.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3141 - SourceCodester Online Medicine Ordering System SQL Injection Vulnerability
CVE ID : CVE-2025-3141
Published : April 3, 2025, 5:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3141
Published : April 3, 2025, 5:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2055 - MapPress Maps for WordPress Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-2055
Published : April 3, 2025, 6:15 a.m. | 19 minutes ago
Description : The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2055
Published : April 3, 2025, 6:15 a.m. | 19 minutes ago
Description : The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31334 - WinRAR Symbolic Link Execution Vulnerability
CVE ID : CVE-2025-31334
Published : April 3, 2025, 6:15 a.m. | 19 minutes ago
Description : Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31334
Published : April 3, 2025, 6:15 a.m. | 19 minutes ago
Description : Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3142 - SourceCodester Apartment Visitor Management System SQL Injection
CVE ID : CVE-2025-3142
Published : April 3, 2025, 6:15 a.m. | 19 minutes ago
Description : A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument buildingno leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3142
Published : April 3, 2025, 6:15 a.m. | 19 minutes ago
Description : A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument buildingno leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3143 - SourceCodester Apartment Visitor Management System SQL Injection
CVE ID : CVE-2025-3143
Published : April 3, 2025, 6:15 a.m. | 19 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-entry.php. The manipulation of the argument visname/address leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3143
Published : April 3, 2025, 6:15 a.m. | 19 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-entry.php. The manipulation of the argument visname/address leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3144 - MindSpore Local Memory Corruption (FFT)
CVE ID : CVE-2025-3144
Published : April 3, 2025, 6:15 a.m. | 19 minutes ago
Description : A vulnerability classified as problematic was found in MindSpore 2.5.0. Affected by this vulnerability is the function mindspore.numpy.fft.hfftn. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3144
Published : April 3, 2025, 6:15 a.m. | 19 minutes ago
Description : A vulnerability classified as problematic was found in MindSpore 2.5.0. Affected by this vulnerability is the function mindspore.numpy.fft.hfftn. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3145 - MindSpore FFT Local Memory Corruption Vulnerability
CVE ID : CVE-2025-3145
Published : April 3, 2025, 7:15 a.m. | 3 hours, 22 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in MindSpore 2.5.0. Affected by this issue is the function mindspore.numpy.fft.rfft2. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3145
Published : April 3, 2025, 7:15 a.m. | 3 hours, 22 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in MindSpore 2.5.0. Affected by this issue is the function mindspore.numpy.fft.rfft2. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3146 - PHPGurukul Bus Pass Management System SQL Injection Vulnerability
CVE ID : CVE-2025-3146
Published : April 3, 2025, 7:15 a.m. | 3 hours, 22 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3146
Published : April 3, 2025, 7:15 a.m. | 3 hours, 22 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3147 - PHPGurukul Boat Booking System SQL Injection Vulnerability
CVE ID : CVE-2025-3147
Published : April 3, 2025, 7:15 a.m. | 3 hours, 22 minutes ago
Description : A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3147
Published : April 3, 2025, 7:15 a.m. | 3 hours, 22 minutes ago
Description : A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3148 - "Codeprojects Product Management System Buffer Overflow Vulnerability"
CVE ID : CVE-2025-3148
Published : April 3, 2025, 7:15 a.m. | 3 hours, 22 minutes ago
Description : A vulnerability was found in codeprojects Product Management System 1.0 and classified as problematic. This issue affects some unknown processing of the component Login. The manipulation of the argument Str1 leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3148
Published : April 3, 2025, 7:15 a.m. | 3 hours, 22 minutes ago
Description : A vulnerability was found in codeprojects Product Management System 1.0 and classified as problematic. This issue affects some unknown processing of the component Login. The manipulation of the argument Str1 leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13673 - WordPress Big Boom Directory Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2024-13673
Published : April 3, 2025, 8:15 a.m. | 2 hours, 23 minutes ago
Description : The Big Boom Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bbd-search' shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13673
Published : April 3, 2025, 8:15 a.m. | 2 hours, 23 minutes ago
Description : The Big Boom Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bbd-search' shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1663 - Elementor Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-1663
Published : April 3, 2025, 8:15 a.m. | 2 hours, 23 minutes ago
Description : The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1663
Published : April 3, 2025, 8:15 a.m. | 2 hours, 23 minutes ago
Description : The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21995 - Linux Kernel DRM Fence Reference Count Leak
CVE ID : CVE-2025-21995
Published : April 3, 2025, 8:15 a.m. | 2 hours, 23 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix fence reference count leak The last_scheduled fence leaks when an entity is being killed and adding the cleanup callback fails. Decrement the reference count of prev when dma_fence_add_callback() fails, ensuring proper balance. [phasta: add git tag info for stable kernel]
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21995
Published : April 3, 2025, 8:15 a.m. | 2 hours, 23 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix fence reference count leak The last_scheduled fence leaks when an entity is being killed and adding the cleanup callback fails. Decrement the reference count of prev when dma_fence_add_callback() fails, ensuring proper balance. [phasta: add git tag info for stable kernel]
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21996 - Radeon Linux Kernel Uninitialized Variable Use
CVE ID : CVE-2025-21996
Published : April 3, 2025, 8:15 a.m. | 2 hours, 23 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() On the off chance that command stream passed from userspace via ioctl() call to radeon_vce_cs_parse() is weirdly crafted and first command to execute is to encode (case 0x03000001), the function in question will attempt to call radeon_vce_cs_reloc() with size argument that has not been properly initialized. Specifically, 'size' will point to 'tmp' variable before the latter had a chance to be assigned any value. Play it safe and init 'tmp' with 0, thus ensuring that radeon_vce_cs_reloc() will catch an early error in cases like these. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. (cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21996
Published : April 3, 2025, 8:15 a.m. | 2 hours, 23 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() On the off chance that command stream passed from userspace via ioctl() call to radeon_vce_cs_parse() is weirdly crafted and first command to execute is to encode (case 0x03000001), the function in question will attempt to call radeon_vce_cs_reloc() with size argument that has not been properly initialized. Specifically, 'size' will point to 'tmp' variable before the latter had a chance to be assigned any value. Play it safe and init 'tmp' with 0, thus ensuring that radeon_vce_cs_reloc() will catch an early error in cases like these. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. (cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21997 - Linux Kernel xsk Integer Overflow Vulnerability
CVE ID : CVE-2025-21997
Published : April 3, 2025, 8:15 a.m. | 2 hours, 23 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem() Since the i and pool->chunk_size variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different XDP buffers pointing to the same memory area. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21997
Published : April 3, 2025, 8:15 a.m. | 2 hours, 23 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem() Since the i and pool->chunk_size variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different XDP buffers pointing to the same memory area. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...