CVE-2025-3765 - SourceCodester Web-based Pharmacy Product Management System Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-3765
Published : April 17, 2025, 8:15 p.m. | 2 hours, 29 minutes ago
Description : A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3765
Published : April 17, 2025, 8:15 p.m. | 2 hours, 29 minutes ago
Description : A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29449 - Twonav Information Disclosure
CVE ID : CVE-2025-29449
Published : April 17, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29449
Published : April 17, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29450 - Twonav Information Disclosure Vulnerability
CVE ID : CVE-2025-29450
Published : April 17, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29450
Published : April 17, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29451 - Seo Panel Information Disclosure Vulnerability
CVE ID : CVE-2025-29451
Published : April 17, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29451
Published : April 17, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29452 - Seo Panel Remote Information Disclosure
CVE ID : CVE-2025-29452
Published : April 17, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29452
Published : April 17, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29454 - Personal Management System File Upload Information Disclosure Vulnerability
CVE ID : CVE-2025-29454
Published : April 17, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29454
Published : April 17, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29455 - Personal Management System Sensitive Information Disclosure
CVE ID : CVE-2025-29455
Published : April 17, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29455
Published : April 17, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-42178 - HCL MyXalytics URL Access Restriction Vulnerability
CVE ID : CVE-2024-42178
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-42178
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29453 - Personal Management System Information Disclosure
CVE ID : CVE-2025-29453
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29453
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29456 - Apache Personal Management System Information Disclosure
CVE ID : CVE-2025-29456
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29456
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29457 - MyBB Information Disclosure
CVE ID : CVE-2025-29457
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29457
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29458 - MyBB Avatar Information Disclosure Vulnerability
CVE ID : CVE-2025-29458
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29458
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29459 - MyBB Information Disclosure Vulnerability
CVE ID : CVE-2025-29459
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29459
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29460 - MyBB Information Disclosure
CVE ID : CVE-2025-29460
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29460
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29461 - a-blogcms Information Disclosure Vulnerability
CVE ID : CVE-2025-29461
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29461
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3124 - GitHub Enterprise Server Private Repository Information Disclosure
CVE ID : CVE-2025-3124
Published : April 17, 2025, 11:15 p.m. | 3 hours, 28 minutes ago
Description : A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the `archived:` filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3124
Published : April 17, 2025, 11:15 p.m. | 3 hours, 28 minutes ago
Description : A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the `archived:` filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3246 - GitHub Enterprise Server Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3246
Published : April 17, 2025, 11:15 p.m. | 3 hours, 28 minutes ago
Description : An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Exploitation required access to the target GitHub Enterprise Server instance and privileged user interaction with the malicious elements. This vulnerability affected version 3.16.1 of GitHub Enterprise Server and was fixed in version 3.16.2. This vulnerability was reported via the GitHub Bug Bounty program.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3246
Published : April 17, 2025, 11:15 p.m. | 3 hours, 28 minutes ago
Description : An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Exploitation required access to the target GitHub Enterprise Server instance and privileged user interaction with the malicious elements. This vulnerability affected version 3.16.1 of GitHub Enterprise Server and was fixed in version 3.16.2. This vulnerability was reported via the GitHub Bug Bounty program.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3509 - GitHub Enterprise Server Remote Code Execution Vulnerability in Pre-Receive Hook Functionality
CVE ID : CVE-2025-3509
Published : April 17, 2025, 11:15 p.m. | 3 hours, 28 minutes ago
Description : A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically allocated ports that become temporarily available, such as during a hot patch upgrade. This means the vulnerability is only exploitable during specific operational conditions, which limits the attack window. Exploitation required either site administrator permissions to enable and configure pre-receive hooks or a user with permissions to modify repositories containing pre-receive hooks where this functionality was already enabled. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.16.2, 3.15.6, 3.14.11, 3.13.14. This vulnerability was reported via the GitHub Bug Bounty program.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3509
Published : April 17, 2025, 11:15 p.m. | 3 hours, 28 minutes ago
Description : A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically allocated ports that become temporarily available, such as during a hot patch upgrade. This means the vulnerability is only exploitable during specific operational conditions, which limits the attack window. Exploitation required either site administrator permissions to enable and configure pre-receive hooks or a user with permissions to modify repositories containing pre-receive hooks where this functionality was already enabled. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.16.2, 3.15.6, 3.14.11, 3.13.14. This vulnerability was reported via the GitHub Bug Bounty program.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0467 - VMware GPU Firmware Memory Corruption
CVE ID : CVE-2025-0467
Published : April 18, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0467
Published : April 18, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25427 - "TP-Link WR841N UPnP Stored XSS"
CVE ID : CVE-2025-25427
Published : April 18, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : A Stored cross-site scripting (XSS) vulnerability in upnp page of the web Interface in TP-Link WR841N <=4.19 allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25427
Published : April 18, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : A Stored cross-site scripting (XSS) vulnerability in upnp page of the web Interface in TP-Link WR841N <=4.19 allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13650 - Piotnet Addons For Elementor WordPress Stored Cross-Site Scripting
CVE ID : CVE-2024-13650
Published : April 18, 2025, 2:15 a.m. | 29 minutes ago
Description : The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13650
Published : April 18, 2025, 2:15 a.m. | 29 minutes ago
Description : The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...