CVE-2025-46247 - Codepeople Appointment Booking Calendar Missing Authorization Vulnerability
CVE ID : CVE-2025-46247
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Missing Authorization vulnerability in codepeople Appointment Booking Calendar allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46247
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Missing Authorization vulnerability in codepeople Appointment Booking Calendar allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46249 - Elementor Simple Calendar CSRF
CVE ID : CVE-2025-46249
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46249
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46250 - Vikas Ratudi VForm Cross-site Scripting
CVE ID : CVE-2025-46250
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VForm allows Stored XSS. This issue affects VForm: from n/a through 3.1.14.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46250
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VForm allows Stored XSS. This issue affects VForm: from n/a through 3.1.14.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46251 - VikRestaurants Table Reservations and Take-Away CSRF
CVE ID : CVE-2025-46251
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46251
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46252 - Contact Form 7 SQL Injection Vulnerability
CVE ID : CVE-2025-46252
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kofimokome Message Filter for Contact Form 7 allows SQL Injection. This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.2.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46252
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kofimokome Message Filter for Contact Form 7 allows SQL Injection. This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.2.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46253 - Ataur GutenKit Stored Cross-site Scripting (XSS)
CVE ID : CVE-2025-46253
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit allows Stored XSS. This issue affects GutenKit: from n/a through 2.2.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46253
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit allows Stored XSS. This issue affects GutenKit: from n/a through 2.2.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46254 - Visual Composer Cross-Site Scripting (XSS)
CVE ID : CVE-2025-46254
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.10.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46254
Published : April 22, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.10.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-11299 - Memberpress WordPress Sensitive Information Exposure
CVE ID : CVE-2024-11299
Published : April 22, 2025, 12:15 p.m. | 20 minutes ago
Description : The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-11299
Published : April 22, 2025, 12:15 p.m. | 20 minutes ago
Description : The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2092 - Checkmk GmbH Checkmk Log File Information Disclosure
CVE ID : CVE-2025-2092
Published : April 22, 2025, 12:15 p.m. | 20 minutes ago
Description : Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2092
Published : April 22, 2025, 12:15 p.m. | 20 minutes ago
Description : Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3457 - WordPress Ocean Extra Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3457
Published : April 22, 2025, 12:15 p.m. | 20 minutes ago
Description : The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwp_icon' shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3457
Published : April 22, 2025, 12:15 p.m. | 20 minutes ago
Description : The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwp_icon' shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3458 - WordPress Ocean Extra Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3458
Published : April 22, 2025, 12:15 p.m. | 20 minutes ago
Description : The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ocean_gallery_id’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The Classic Editor plugin must be installed and activated to exploit the vulnerability.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3458
Published : April 22, 2025, 12:15 p.m. | 20 minutes ago
Description : The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ocean_gallery_id’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The Classic Editor plugin must be installed and activated to exploit the vulnerability.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3472 - WooCommerce Ocean Extra Plugin Shortcode Injection Vulnerability
CVE ID : CVE-2025-3472
Published : April 22, 2025, 12:15 p.m. | 20 minutes ago
Description : The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is also installed and activated.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3472
Published : April 22, 2025, 12:15 p.m. | 20 minutes ago
Description : The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is also installed and activated.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23175 - Apache Struts Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-23175
Published : April 22, 2025, 1:15 p.m. | 3 hours, 21 minutes ago
Description : Multiple XSS (CWE-79)
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23175
Published : April 22, 2025, 1:15 p.m. | 3 hours, 21 minutes ago
Description : Multiple XSS (CWE-79)
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-40445 - Forkosh Mime Tex Directory Traversal Arbitrary Code Execution
CVE ID : CVE-2024-40445
Published : April 22, 2025, 2:15 p.m. | 2 hours, 21 minutes ago
Description : Directory Traversal vulnerability in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted file upload
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-40445
Published : April 22, 2025, 2:15 p.m. | 2 hours, 21 minutes ago
Description : Directory Traversal vulnerability in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted file upload
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-40446 - Forkosh Mime Tex Script Injection Vulnerability
CVE ID : CVE-2024-40446
Published : April 22, 2025, 2:15 p.m. | 2 hours, 21 minutes ago
Description : An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-40446
Published : April 22, 2025, 2:15 p.m. | 2 hours, 21 minutes ago
Description : An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-46546 - NEXTU FLETA AX1500 WIFI6 Router Stack Overflow Denial of Service
CVE ID : CVE-2024-46546
Published : April 22, 2025, 2:15 p.m. | 2 hours, 21 minutes ago
Description : NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a stack overflow via the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-46546
Published : April 22, 2025, 2:15 p.m. | 2 hours, 21 minutes ago
Description : NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a stack overflow via the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28032 - TOTOLINK Router Pre-Auth Buffer Overflow Vulnerability
CVE ID : CVE-2025-28032
Published : April 22, 2025, 2:15 p.m. | 2 hours, 21 minutes ago
Description : TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28032
Published : April 22, 2025, 2:15 p.m. | 2 hours, 21 minutes ago
Description : TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28033 - Totolink Router Pre-Auth Buffer Overflow Vulnerability
CVE ID : CVE-2025-28033
Published : April 22, 2025, 2:15 p.m. | 2 hours, 21 minutes ago
Description : TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28033
Published : April 22, 2025, 2:15 p.m. | 2 hours, 21 minutes ago
Description : TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28034 - TOTOLINK Router Pre-Auth Remote Command Execution Vulnerability
CVE ID : CVE-2025-28034
Published : April 22, 2025, 2:15 p.m. | 2 hours, 21 minutes ago
Description : TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28034
Published : April 22, 2025, 2:15 p.m. | 2 hours, 21 minutes ago
Description : TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1950 - IBM Hardware Management Console - Local Command Execution Vulnerability
CVE ID : CVE-2025-1950
Published : April 22, 2025, 3:16 p.m. | 1 hour, 20 minutes ago
Description : IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1950
Published : April 22, 2025, 3:16 p.m. | 1 hour, 20 minutes ago
Description : IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1951 - IBM Hardware Management Console Privilege Escalation Vulnerability
CVE ID : CVE-2025-1951
Published : April 22, 2025, 3:16 p.m. | 1 hour, 20 minutes ago
Description : IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1951
Published : April 22, 2025, 3:16 p.m. | 1 hour, 20 minutes ago
Description : IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...