CVE-2025-24914 - Nessus Windows Unsecured Directory Permissions Vulnerability
CVE ID : CVE-2025-24914
Published : April 18, 2025, 7:15 p.m. | 1 hour, 40 minutes ago
Description : When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24914
Published : April 18, 2025, 7:15 p.m. | 1 hour, 40 minutes ago
Description : When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28355 - Volmarg Personal Management System CSRF Attack
CVE ID : CVE-2025-28355
Published : April 18, 2025, 7:15 p.m. | 1 hour, 40 minutes ago
Description : Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28355
Published : April 18, 2025, 7:15 p.m. | 1 hour, 40 minutes ago
Description : Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-57493 - RedoxOS Relibc Denial of Service Vulnerability
CVE ID : CVE-2024-57493
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the setsockopt function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-57493
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the setsockopt function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25983 - Macro-video Technologies Co.,Ltd V380 Pro Android Information Disclosure
CVE ID : CVE-2025-25983
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25983
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25984 - Macro-video Technologies Co.,Ltd V380E6_C1 IP Camera UART Code Execution Vulnerability
CVE ID : CVE-2025-25984
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via UART component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25984
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via UART component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25985 - Macro-video Technologies Co.,Ltd V380E6_C1 IP Camera Physical Code Execution Vulnerability
CVE ID : CVE-2025-25985
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25985
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28197 - Crawl4AI SSRF
CVE ID : CVE-2025-28197
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28197
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32377 - Rasa Pro Unauthenticated Voice Data Injection Vulnerability
CVE ID : CVE-2025-32377
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models (LLMs). A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticated source. This issue has been patched for audiocodes, audiocodes_stream, and genesys connectors in versions 3.9.20, 3.10.19, 3.11.7 and 3.12.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32377
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models (LLMs). A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticated source. This issue has been patched for audiocodes, audiocodes_stream, and genesys connectors in versions 3.9.20, 3.10.19, 3.11.7 and 3.12.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36625 - Nessus HTTP Request Manipulation Information Disclosure
CVE ID : CVE-2025-36625
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36625
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3795 - "DaiCuo SEO Optimization Settings Section Cross-Site Scripting Vulnerability"
CVE ID : CVE-2025-3795
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO Optimization Settings Section. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3795
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO Optimization Settings Section. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-53591 - Seclore Brute Force Authentication Bypass
CVE ID : CVE-2024-53591
Published : April 18, 2025, 9:15 p.m. | 3 hours, 44 minutes ago
Description : An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-53591
Published : April 18, 2025, 9:15 p.m. | 3 hours, 44 minutes ago
Description : An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29058 - Qimou CMS Remote Code Execution Vulnerability
CVE ID : CVE-2025-29058
Published : April 18, 2025, 9:15 p.m. | 3 hours, 44 minutes ago
Description : An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29058
Published : April 18, 2025, 9:15 p.m. | 3 hours, 44 minutes ago
Description : An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32953 - Z80pack GitHub Token Exposure
CVE ID : CVE-2025-32953
Published : April 18, 2025, 9:15 p.m. | 3 hours, 44 minutes ago
Description : z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the `makefile-ubuntu.yml` workflow file uses `actions/upload-artifact@v4` to upload the `z80pack-ubuntu` artifact. This artifact is a zip of the current directory, which includes the automatically generated `.git/config` file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in your repository. This issue has been fixed in commit bd95916.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32953
Published : April 18, 2025, 9:15 p.m. | 3 hours, 44 minutes ago
Description : z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the `makefile-ubuntu.yml` workflow file uses `actions/upload-artifact@v4` to upload the `z80pack-ubuntu` artifact. This artifact is a zip of the current directory, which includes the automatically generated `.git/config` file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in your repository. This issue has been fixed in commit bd95916.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3796 - PHPGurukul Men Salon Management System SQL Injection Vulnerability
CVE ID : CVE-2025-3796
Published : April 18, 2025, 9:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admin/contact-us.php. The manipulation of the argument pagetitle/pagedes/email/mobnumber/timing leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3796
Published : April 18, 2025, 9:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admin/contact-us.php. The manipulation of the argument pagetitle/pagedes/email/mobnumber/timing leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43903 - Poppler Adobe Signature Forgery
CVE ID : CVE-2025-43903
Published : April 18, 2025, 9:15 p.m. | 3 hours, 44 minutes ago
Description : NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43903
Published : April 18, 2025, 9:15 p.m. | 3 hours, 44 minutes ago
Description : NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2010 - JobWP WordPress SQL Injection Vulnerability
CVE ID : CVE-2025-2010
Published : April 19, 2025, 3:15 a.m. | 1 hour, 45 minutes ago
Description : The JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_resume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2010
Published : April 19, 2025, 3:15 a.m. | 1 hour, 45 minutes ago
Description : The JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_resume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3278 - "UrbanGo Membership Plugin Privilege Escalation Vulnerability"
CVE ID : CVE-2025-3278
Published : April 19, 2025, 3:15 a.m. | 1 hour, 45 minutes ago
Description : The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3278
Published : April 19, 2025, 3:15 a.m. | 1 hour, 45 minutes ago
Description : The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3284 - WordPress User Registration & Membership CSRF Vulnerability
CVE ID : CVE-2025-3284
Published : April 19, 2025, 3:15 a.m. | 1 hour, 45 minutes ago
Description : The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.3. This is due to missing or incorrect nonce validation on the user_registration_pro_delete_account() function. This makes it possible for unauthenticated attackers to force delete users, including administrators, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3284
Published : April 19, 2025, 3:15 a.m. | 1 hour, 45 minutes ago
Description : The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.3. This is due to missing or incorrect nonce validation on the user_registration_pro_delete_account() function. This makes it possible for unauthenticated attackers to force delete users, including administrators, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43893 - Apache HTTP Server Cross-Site Request Forgery (CSRF)
CVE ID : CVE-2025-43893
Published : April 19, 2025, 3:15 a.m. | 1 hour, 45 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43893
Published : April 19, 2025, 3:15 a.m. | 1 hour, 45 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43894 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-43894
Published : April 19, 2025, 3:15 a.m. | 1 hour, 45 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43894
Published : April 19, 2025, 3:15 a.m. | 1 hour, 45 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43895 - Apache Struts Command Injection
CVE ID : CVE-2025-43895
Published : April 19, 2025, 3:15 a.m. | 1 hour, 45 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43895
Published : April 19, 2025, 3:15 a.m. | 1 hour, 45 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...