CVE-2025-25013 - Elastic Defend Environment Variable Information Disclosure
CVE ID : CVE-2025-25013
Published : April 8, 2025, 11:15 p.m. | 4 hours, 10 minutes ago
Description : Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25013
Published : April 8, 2025, 11:15 p.m. | 4 hours, 10 minutes ago
Description : Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32460 - GraphicsMagick Heap Buffer Over-read Vulnerability
CVE ID : CVE-2025-32460
Published : April 9, 2025, 2:15 a.m. | 1 hour, 10 minutes ago
Description : GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32460
Published : April 9, 2025, 2:15 a.m. | 1 hour, 10 minutes ago
Description : GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32461 - Tiki eval Injection
CVE ID : CVE-2025-32461
Published : April 9, 2025, 2:15 a.m. | 1 hour, 10 minutes ago
Description : wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32461
Published : April 9, 2025, 2:15 a.m. | 1 hour, 10 minutes ago
Description : wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29988 - Dell Client Platform BIOS Stack-based Buffer Overflow Vulnerability
CVE ID : CVE-2025-29988
Published : April 9, 2025, 3:15 a.m. | 4 hours, 11 minutes ago
Description : Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29988
Published : April 9, 2025, 3:15 a.m. | 4 hours, 11 minutes ago
Description : Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32464 - HAProxy RegEx Heap Buffer Overflow Vulnerability
CVE ID : CVE-2025-32464
Published : April 9, 2025, 3:15 a.m. | 4 hours, 11 minutes ago
Description : HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32464
Published : April 9, 2025, 3:15 a.m. | 4 hours, 11 minutes ago
Description : HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3100 - WordPress WP Project Manager Stored Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-3100
Published : April 9, 2025, 5:15 a.m. | 2 hours, 11 minutes ago
Description : The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping in tasks discussion. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3100
Published : April 9, 2025, 5:15 a.m. | 2 hours, 11 minutes ago
Description : The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping in tasks discussion. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-6857 - WordPress WP MultiTasking CSRF Vulnerability
CVE ID : CVE-2024-6857
Published : April 9, 2025, 6:15 a.m. | 1 hour, 11 minutes ago
Description : The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-6857
Published : April 9, 2025, 6:15 a.m. | 1 hour, 11 minutes ago
Description : The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-6860 - WordPress WP MultiTasking CSRF
CVE ID : CVE-2024-6860
Published : April 9, 2025, 6:15 a.m. | 1 hour, 11 minutes ago
Description : The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-6860
Published : April 9, 2025, 6:15 a.m. | 1 hour, 11 minutes ago
Description : The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-8243 - WordPress/Upgrade Time Out Plugin Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2024-8243
Published : April 9, 2025, 6:15 a.m. | 1 hour, 11 minutes ago
Description : The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-8243
Published : April 9, 2025, 6:15 a.m. | 1 hour, 11 minutes ago
Description : The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3442 - TP-Link Tapo H200 Wi-Fi Credentials Storage Vulnerability
CVE ID : CVE-2025-3442
Published : April 9, 2025, 7:15 a.m. | 4 hours, 11 minutes ago
Description : This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3442
Published : April 9, 2025, 7:15 a.m. | 4 hours, 11 minutes ago
Description : This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20952 - Mdecservice Unauthenticated Local File Access Vulnerability
CVE ID : CVE-2025-20952
Published : April 9, 2025, 8:15 a.m. | 3 hours, 12 minutes ago
Description : Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20952
Published : April 9, 2025, 8:15 a.m. | 3 hours, 12 minutes ago
Description : Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23407 - Wi-Fi AP UNIT AC-WPS-11ac Privilege Escalation Vulnerability
CVE ID : CVE-2025-23407
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23407
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25053 - Wi-Fi AP UNIT 'AC-WPS-11ac series' OS Command Injection Vulnerability
CVE ID : CVE-2025-25053
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25053
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25056 - Wi-Fi AP UNIT AC-WPS-11ac Cross-Site Request Forgery
CVE ID : CVE-2025-25056
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25056
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25213 - Wi-Fi AP UNIT AC-WPS-11ac Series Cross-Site Scripting (XSS)
CVE ID : CVE-2025-25213
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25213
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27722 - Wi-Fi AP UNIT AC-WPS-11ac Series Cleartext Transmission of Sensitive Information Information Disclosure
CVE ID : CVE-2025-27722
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27722
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27797 - Wi-Fi AP UNIT AC-WPS-11ac series OS Command Injection Vulnerability
CVE ID : CVE-2025-27797
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27797
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27934 - Wi-Fi AP UNIT 'AC-WPS-11ac series' Authentication Information Disclosure Vulnerability
CVE ID : CVE-2025-27934
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27934
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29870 - Wi-Fi AP UNIT 'AC-WPS-11ac series' Authentication Bypass Vulnerability
CVE ID : CVE-2025-29870
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29870
Published : April 9, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2017-20197 - Propanetank Roommate-Bill-Tracking SQL Injection Vulnerability
CVE ID : CVE-2017-20197
Published : April 9, 2025, 11:15 a.m. | 4 hours, 13 minutes ago
Description : A vulnerability was found in propanetank Roommate-Bill-Tracking up to 288437f658fc9ee7d4b92a9da12557024d8bc55c. It has been declared as critical. This vulnerability affects unknown code of the file /includes/login.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The name of the patch is b32bb1b940f82d38fb9310cd66ebe349e20a1d0a. It is recommended to apply a patch to fix this issue.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2017-20197
Published : April 9, 2025, 11:15 a.m. | 4 hours, 13 minutes ago
Description : A vulnerability was found in propanetank Roommate-Bill-Tracking up to 288437f658fc9ee7d4b92a9da12557024d8bc55c. It has been declared as critical. This vulnerability affects unknown code of the file /includes/login.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The name of the patch is b32bb1b940f82d38fb9310cd66ebe349e20a1d0a. It is recommended to apply a patch to fix this issue.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2222 - Apache HTTP Server Path Traversal Vulnerability
CVE ID : CVE-2025-2222
Published : April 9, 2025, 11:15 a.m. | 4 hours, 13 minutes ago
Description : CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following man in the middle attack.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2222
Published : April 9, 2025, 11:15 a.m. | 4 hours, 13 minutes ago
Description : CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following man in the middle attack.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...