CVE-2025-29457 - MyBB Information Disclosure
CVE ID : CVE-2025-29457
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29457
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29458 - MyBB Avatar Information Disclosure Vulnerability
CVE ID : CVE-2025-29458
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29458
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29459 - MyBB Information Disclosure Vulnerability
CVE ID : CVE-2025-29459
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29459
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29460 - MyBB Information Disclosure
CVE ID : CVE-2025-29460
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29460
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29461 - a-blogcms Information Disclosure Vulnerability
CVE ID : CVE-2025-29461
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29461
Published : April 17, 2025, 10:15 p.m. | 29 minutes ago
Description : An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3124 - GitHub Enterprise Server Private Repository Information Disclosure
CVE ID : CVE-2025-3124
Published : April 17, 2025, 11:15 p.m. | 3 hours, 28 minutes ago
Description : A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the `archived:` filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3124
Published : April 17, 2025, 11:15 p.m. | 3 hours, 28 minutes ago
Description : A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the `archived:` filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3246 - GitHub Enterprise Server Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3246
Published : April 17, 2025, 11:15 p.m. | 3 hours, 28 minutes ago
Description : An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Exploitation required access to the target GitHub Enterprise Server instance and privileged user interaction with the malicious elements. This vulnerability affected version 3.16.1 of GitHub Enterprise Server and was fixed in version 3.16.2. This vulnerability was reported via the GitHub Bug Bounty program.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3246
Published : April 17, 2025, 11:15 p.m. | 3 hours, 28 minutes ago
Description : An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Exploitation required access to the target GitHub Enterprise Server instance and privileged user interaction with the malicious elements. This vulnerability affected version 3.16.1 of GitHub Enterprise Server and was fixed in version 3.16.2. This vulnerability was reported via the GitHub Bug Bounty program.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3509 - GitHub Enterprise Server Remote Code Execution Vulnerability in Pre-Receive Hook Functionality
CVE ID : CVE-2025-3509
Published : April 17, 2025, 11:15 p.m. | 3 hours, 28 minutes ago
Description : A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically allocated ports that become temporarily available, such as during a hot patch upgrade. This means the vulnerability is only exploitable during specific operational conditions, which limits the attack window. Exploitation required either site administrator permissions to enable and configure pre-receive hooks or a user with permissions to modify repositories containing pre-receive hooks where this functionality was already enabled. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.16.2, 3.15.6, 3.14.11, 3.13.14. This vulnerability was reported via the GitHub Bug Bounty program.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3509
Published : April 17, 2025, 11:15 p.m. | 3 hours, 28 minutes ago
Description : A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically allocated ports that become temporarily available, such as during a hot patch upgrade. This means the vulnerability is only exploitable during specific operational conditions, which limits the attack window. Exploitation required either site administrator permissions to enable and configure pre-receive hooks or a user with permissions to modify repositories containing pre-receive hooks where this functionality was already enabled. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.16.2, 3.15.6, 3.14.11, 3.13.14. This vulnerability was reported via the GitHub Bug Bounty program.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0467 - VMware GPU Firmware Memory Corruption
CVE ID : CVE-2025-0467
Published : April 18, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0467
Published : April 18, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25427 - "TP-Link WR841N UPnP Stored XSS"
CVE ID : CVE-2025-25427
Published : April 18, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : A Stored cross-site scripting (XSS) vulnerability in upnp page of the web Interface in TP-Link WR841N <=4.19 allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25427
Published : April 18, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : A Stored cross-site scripting (XSS) vulnerability in upnp page of the web Interface in TP-Link WR841N <=4.19 allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13650 - Piotnet Addons For Elementor WordPress Stored Cross-Site Scripting
CVE ID : CVE-2024-13650
Published : April 18, 2025, 2:15 a.m. | 29 minutes ago
Description : The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13650
Published : April 18, 2025, 2:15 a.m. | 29 minutes ago
Description : The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2613 - WordPress Login Manager Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2025-2613
Published : April 18, 2025, 2:15 a.m. | 29 minutes ago
Description : The Login Manager – Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom logo and background URLs in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2613
Published : April 18, 2025, 2:15 a.m. | 29 minutes ago
Description : The Login Manager – Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom logo and background URLs in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3520 - "WordPress Avatar Plugin File Deletion Vulnerability"
CVE ID : CVE-2025-3520
Published : April 18, 2025, 2:15 a.m. | 29 minutes ago
Description : The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3520
Published : April 18, 2025, 2:15 a.m. | 29 minutes ago
Description : The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42599 - Active! Mail Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-42599
Published : April 18, 2025, 4:15 a.m. | 2 hours, 31 minutes ago
Description : Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42599
Published : April 18, 2025, 4:15 a.m. | 2 hours, 31 minutes ago
Description : Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-39469 - Pantherius Modal Survey Cross-site Scripting Vulnerability
CVE ID : CVE-2025-39469
Published : April 18, 2025, 5:15 a.m. | 1 hour, 31 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pantherius Modal Survey allows Reflected XSS.This issue affects Modal Survey: from n/a through 2.0.2.0.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-39469
Published : April 18, 2025, 5:15 a.m. | 1 hour, 31 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pantherius Modal Survey allows Reflected XSS.This issue affects Modal Survey: from n/a through 2.0.2.0.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-39470 - ThimPress Ivy School PHP Local File Inclusion Vulnerability
CVE ID : CVE-2025-39470
Published : April 18, 2025, 5:15 a.m. | 1 hour, 31 minutes ago
Description : Path Traversal: '.../...//' vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through 1.6.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-39470
Published : April 18, 2025, 5:15 a.m. | 1 hour, 31 minutes ago
Description : Path Traversal: '.../...//' vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through 1.6.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-39471 - Pantherius Modal Survey SQL Injection Vulnerability
CVE ID : CVE-2025-39471
Published : April 18, 2025, 5:15 a.m. | 1 hour, 31 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pantherius Modal Survey.This issue affects Modal Survey: from n/a through 2.0.2.0.1.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-39471
Published : April 18, 2025, 5:15 a.m. | 1 hour, 31 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pantherius Modal Survey.This issue affects Modal Survey: from n/a through 2.0.2.0.1.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3786 - Tenda AC15 Wireless Repeat Buffer Overflow Vulnerability
CVE ID : CVE-2025-3786
Published : April 18, 2025, 9:15 a.m. | 7 hours, 36 minutes ago
Description : A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3786
Published : April 18, 2025, 9:15 a.m. | 7 hours, 36 minutes ago
Description : A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3106 - LA-Studio Element Kit for Elementor Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3106
Published : April 18, 2025, 10:15 a.m. | 6 hours, 36 minutes ago
Description : The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3106
Published : April 18, 2025, 10:15 a.m. | 6 hours, 36 minutes ago
Description : The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3787 - PbootCMS Server-Side Request Forgery Vulnerability
CVE ID : CVE-2025-3787
Published : April 18, 2025, 10:15 a.m. | 6 hours, 36 minutes ago
Description : A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of the component Image Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3787
Published : April 18, 2025, 10:15 a.m. | 6 hours, 36 minutes ago
Description : A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of the component Image Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3788 - Baseweb JSite Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3788
Published : April 18, 2025, 10:15 a.m. | 6 hours, 36 minutes ago
Description : A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /a/sys/user/save. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3788
Published : April 18, 2025, 10:15 a.m. | 6 hours, 36 minutes ago
Description : A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /a/sys/user/save. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...