CVE-2025-27087 - Cray Operating System (COS) Kernel Local Denial of Service (DoS)
CVE ID : CVE-2025-27087
Published : April 22, 2025, 10:15 p.m. | 2 hours, 25 minutes ago
Description : A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27087
Published : April 22, 2025, 10:15 p.m. | 2 hours, 25 minutes ago
Description : A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-37088 - HPE Cray Data Virtualization Service (DVS) Authentication Bypass Vulnerability
CVE ID : CVE-2025-37088
Published : April 22, 2025, 10:15 p.m. | 2 hours, 25 minutes ago
Description : A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-37088
Published : April 22, 2025, 10:15 p.m. | 2 hours, 25 minutes ago
Description : A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3441 - CVE-2022-1234: Adobe Flash Type Confusion Vulnerability
CVE ID : CVE-2025-3441
Published : April 22, 2025, 11:15 p.m. | 1 hour, 25 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3441
Published : April 22, 2025, 11:15 p.m. | 1 hour, 25 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1021 - Synology DiskStation Manager (DSM) File Disclosure
CVE ID : CVE-2025-1021
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1021
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46216 - Apache HTTP Server HTTP Request Smuggling
CVE ID : CVE-2025-46216
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46216
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46217 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-46217
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46217
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46218 - Microsoft Azure AD Authentication
CVE ID : CVE-2025-46218
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46218
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46219 - Apache HTTP Server Command Injection
CVE ID : CVE-2025-46219
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46219
Published : April 23, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46220 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-46220
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46220
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46221 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-46221
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46221
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46222 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-46222
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46222
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46223 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-46223
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46223
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46224 - Dropbox Authentication Bypass
CVE ID : CVE-2025-46224
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46224
Published : April 23, 2025, 3:15 a.m. | 1 hour, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0926 - Axis Camera Station Pro File Deletion Privilege Escalation Vulnerability
CVE ID : CVE-2025-0926
Published : April 23, 2025, 6:15 a.m. | 2 hours, 25 minutes ago
Description : Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0926
Published : April 23, 2025, 6:15 a.m. | 2 hours, 25 minutes ago
Description : Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1056 - Axis Camera Station Pro File Path Traversal Vulnerability
CVE ID : CVE-2025-1056
Published : April 23, 2025, 6:15 a.m. | 2 hours, 25 minutes ago
Description : Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1056
Published : April 23, 2025, 6:15 a.m. | 2 hours, 25 minutes ago
Description : Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0618 - FireEye EDR Agent Persistent Denial of Service Vulnerability
CVE ID : CVE-2025-0618
Published : April 23, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception. This exception will prevent any further tamper protection events from being processed, even after a reboot of HX.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0618
Published : April 23, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception. This exception will prevent any further tamper protection events from being processed, even after a reboot of HX.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2595 - CODESYS Visualization Forced Browsing Vulnerability
CVE ID : CVE-2025-2595
Published : April 23, 2025, 8:15 a.m. | 26 minutes ago
Description : An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2595
Published : April 23, 2025, 8:15 a.m. | 26 minutes ago
Description : An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3529 - WordPress Simple Shopping Cart Sensitive Information Exposure
CVE ID : CVE-2025-3529
Published : April 23, 2025, 8:15 a.m. | 26 minutes ago
Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3529
Published : April 23, 2025, 8:15 a.m. | 26 minutes ago
Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3530 - WordPress Simple Shopping Cart Price Tampering Vulnerability
CVE ID : CVE-2025-3530
Published : April 23, 2025, 8:15 a.m. | 26 minutes ago
Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3530
Published : April 23, 2025, 8:15 a.m. | 26 minutes ago
Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-10306 - Apache mod_proxy_cluster Unauthorized Access Vulnerability
CVE ID : CVE-2024-10306
Published : April 23, 2025, 10:15 a.m. | 2 hours, 26 minutes ago
Description : A vulnerability was found in mod_proxy_cluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-10306
Published : April 23, 2025, 10:15 a.m. | 2 hours, 26 minutes ago
Description : A vulnerability was found in mod_proxy_cluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1054 - UiCore Elements - WordPress Stored Cross-Site Scripting
CVE ID : CVE-2025-1054
Published : April 23, 2025, 10:15 a.m. | 2 hours, 26 minutes ago
Description : The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1054
Published : April 23, 2025, 10:15 a.m. | 2 hours, 26 minutes ago
Description : The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...