CVE-2024-46899 - Hitachi Ops Center Analyzer Viewpoint OVF Authentication Credentials Leakage Vulnerability
CVE ID : CVE-2024-46899
Published : April 22, 2025, 5:15 a.m. | 3 hours, 17 minutes ago
Description : Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-46899
Published : April 22, 2025, 5:15 a.m. | 3 hours, 17 minutes ago
Description : Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2300 - Hitachi Ops Center Common Services Information Exposure
CVE ID : CVE-2025-2300
Published : April 22, 2025, 5:15 a.m. | 3 hours, 17 minutes ago
Description : Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2300
Published : April 22, 2025, 5:15 a.m. | 3 hours, 17 minutes ago
Description : Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3616 - Greenshift WordPress Animation and Page Builder Blocks Unvalidated File Upload Vulnerability
CVE ID : CVE-2025-3616
Published : April 22, 2025, 5:15 a.m. | 3 hours, 17 minutes ago
Description : The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The arbitrary file upload was sufficiently patched in 11.4.5, but a capability check was added in 11.4.6 to properly prevent unauthorized limited file uploads.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3616
Published : April 22, 2025, 5:15 a.m. | 3 hours, 17 minutes ago
Description : The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The arbitrary file upload was sufficiently patched in 11.4.5, but a capability check was added in 11.4.6 to properly prevent unauthorized limited file uploads.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13569 - WordPress Front End Users Reflected Cross-Site Scripting
CVE ID : CVE-2024-13569
Published : April 22, 2025, 6:15 a.m. | 2 hours, 17 minutes ago
Description : The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13569
Published : April 22, 2025, 6:15 a.m. | 2 hours, 17 minutes ago
Description : The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2594 - WordPress User Registration & Membership Unauthorized Authentication Vulnerability
CVE ID : CVE-2025-2594
Published : April 22, 2025, 6:15 a.m. | 2 hours, 17 minutes ago
Description : The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2594
Published : April 22, 2025, 6:15 a.m. | 2 hours, 17 minutes ago
Description : The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2839 - WordPress WP Import Export Lite Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-2839
Published : April 22, 2025, 6:15 a.m. | 2 hours, 17 minutes ago
Description : The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2839
Published : April 22, 2025, 6:15 a.m. | 2 hours, 17 minutes ago
Description : The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3814 - WooCommerce Tax Switch Stored Cross-Site Scripting
CVE ID : CVE-2025-3814
Published : April 22, 2025, 6:15 a.m. | 2 hours, 17 minutes ago
Description : The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class-name’ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3814
Published : April 22, 2025, 6:15 a.m. | 2 hours, 17 minutes ago
Description : The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class-name’ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26413 - Apache Kvrocks Out-of-Range Index Denial of Service
CVE ID : CVE-2025-26413
Published : April 22, 2025, 8:15 a.m. | 17 minutes ago
Description : Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. Users are recommended to upgrade to version 2.12.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26413
Published : April 22, 2025, 8:15 a.m. | 17 minutes ago
Description : Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. Users are recommended to upgrade to version 2.12.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46233 - Sirv CDN and Image Hosting Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-46233
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sirv CDN and Image Hosting Sirv allows Stored XSS. This issue affects Sirv: from n/a through 7.5.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46233
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sirv CDN and Image Hosting Sirv allows Stored XSS. This issue affects Sirv: from n/a through 7.5.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46235 - SKT Blocks - Gutenberg based Page Builder Cross-site Scripting
CVE ID : CVE-2025-46235
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 2.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46235
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 2.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46236 - Link Software LLC HTML Forms Stored Cross-site Scripting (XSS)
CVE ID : CVE-2025-46236
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46236
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46237 - Yannick Lefebvre Link Library Cross-site Scripting
CVE ID : CVE-2025-46237
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Stored XSS. This issue affects Link Library: from n/a through 7.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46237
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Stored XSS. This issue affects Link Library: from n/a through 7.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46238 - Apache RBAER Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-46238
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer List Last Changes allows Stored XSS. This issue affects List Last Changes: from n/a through 1.2.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46238
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer List Last Changes allows Stored XSS. This issue affects List Last Changes: from n/a through 1.2.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46239 - Theme Switcha Cross-site Scripting Vulnerability
CVE ID : CVE-2025-46239
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Theme Switcha allows Stored XSS. This issue affects Theme Switcha: from n/a through 3.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46239
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Theme Switcha allows Stored XSS. This issue affects Theme Switcha: from n/a through 3.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46240 - Simple Download Counter Stored Cross-site Scripting
CVE ID : CVE-2025-46240
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Download Counter allows Stored XSS. This issue affects Simple Download Counter: from n/a through 2.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46240
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Download Counter allows Stored XSS. This issue affects Simple Download Counter: from n/a through 2.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46241 - Codepeople Appointment Booking Calendar CSRF-Enabled SQL Injection
CVE ID : CVE-2025-46241
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46241
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46242 - Watu Quiz SQL Injection
CVE ID : CVE-2025-46242
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz allows SQL Injection. This issue affects Watu Quiz: from n/a through 3.4.3.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46242
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz allows SQL Injection. This issue affects Watu Quiz: from n/a through 3.4.3.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46243 - Sonalsinha21 WooCommerce Recover Abandoned Cart CSRF
CVE ID : CVE-2025-46243
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows Cross Site Request Forgery. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46243
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows Cross Site Request Forgery. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46244 - Dotstore Advanced Linked Variations for Woocommerce Missing Authorization Vulnerability
CVE ID : CVE-2025-46244
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Linked Variations for Woocommerce: from n/a through 1.0.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46244
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Linked Variations for Woocommerce: from n/a through 1.0.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46245 - CreativeMindsSolutions CM Ad Changer CSRF Vulnerability
CVE ID : CVE-2025-46245
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer allows Cross Site Request Forgery. This issue affects CM Ad Changer: from n/a through 2.0.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46245
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer allows Cross Site Request Forgery. This issue affects CM Ad Changer: from n/a through 2.0.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46246 - CM Answers CSRF
CVE ID : CVE-2025-46246
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers allows Cross Site Request Forgery. This issue affects CM Answers: from n/a through 3.3.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46246
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers allows Cross Site Request Forgery. This issue affects CM Answers: from n/a through 3.3.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...