CVE-2025-46419 - Westermo WeOS Reboot Remote Command Execution Vulnerability
CVE ID : CVE-2025-46419
Published : April 24, 2025, 1:15 a.m. | 3 hours, 26 minutes ago
Description : Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46419
Published : April 24, 2025, 1:15 a.m. | 3 hours, 26 minutes ago
Description : Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1976 - Brocade Fabric OS Root Privilege Escalation
CVE ID : CVE-2025-1976
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1976
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46374 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-46374
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46374
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46375 - Apache Struts Deserialization Vulnerability
CVE ID : CVE-2025-46375
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46375
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46376 - Cisco Webex Meeting Server Authentication Bypass
CVE ID : CVE-2025-46376
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46376
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46377 - Apache HTTP Server Arbitrary File Upload Vulnerability
CVE ID : CVE-2025-46377
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46377
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46378 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-46378
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46378
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46379 - Apache Web Server Denial of Service
CVE ID : CVE-2025-46379
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46379
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46380 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-46380
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46380
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46381 - Apache HTTP Server Command Injection
CVE ID : CVE-2025-46381
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46381
Published : April 24, 2025, 3:15 a.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3435 - Mang Board WP Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3435
Published : April 24, 2025, 4:15 a.m. | 26 minutes ago
Description : The Mang Board WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the board_header and board_footer parameters in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3435
Published : April 24, 2025, 4:15 a.m. | 26 minutes ago
Description : The Mang Board WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the board_header and board_footer parameters in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1453 - WordPress Category Posts Widget Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-1453
Published : April 24, 2025, 6:15 a.m. | 2 hours, 26 minutes ago
Description : The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1453
Published : April 24, 2025, 6:15 a.m. | 2 hours, 26 minutes ago
Description : The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2558 - "WordPress Theme-Wound LFI Vulnerability"
CVE ID : CVE-2025-2558
Published : April 24, 2025, 6:15 a.m. | 2 hours, 26 minutes ago
Description : The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2558
Published : April 24, 2025, 6:15 a.m. | 2 hours, 26 minutes ago
Description : The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32730 - i-PRO Co., Ltd. Surveillance Cameras and Recorders Cryptographic Key Hard-Coded Authentication Bypass
CVE ID : CVE-2025-32730
Published : April 24, 2025, 7:15 a.m. | 1 hour, 26 minutes ago
Description : Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool affects the network system for i-PRO Co., Ltd. surveillance cameras and recorders. This vulnerability allows a local authenticated attacker to use the authentication information from the last connected surveillance cameras and recorders.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32730
Published : April 24, 2025, 7:15 a.m. | 1 hour, 26 minutes ago
Description : Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool affects the network system for i-PRO Co., Ltd. surveillance cameras and recorders. This vulnerability allows a local authenticated attacker to use the authentication information from the last connected surveillance cameras and recorders.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-35965 - Mattermost Denial-of-Service DoS Vulnerability
CVE ID : CVE-2025-35965
Published : April 24, 2025, 7:15 a.m. | 1 hour, 26 minutes ago
Description : Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific posts, overloading the server and leading to a denial-of-service (DoS) condition.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-35965
Published : April 24, 2025, 7:15 a.m. | 1 hour, 26 minutes ago
Description : Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific posts, overloading the server and leading to a denial-of-service (DoS) condition.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3761 - My Tickets - WordPress Privilege Escalation Vulnerability
CVE ID : CVE-2025-3761
Published : April 24, 2025, 7:15 a.m. | 1 hour, 26 minutes ago
Description : The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users to update roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3761
Published : April 24, 2025, 7:15 a.m. | 1 hour, 26 minutes ago
Description : The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users to update roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41395 - Mattermost Denial of Service (DoS) Vulnerability
CVE ID : CVE-2025-41395
Published : April 24, 2025, 7:15 a.m. | 1 hour, 26 minutes ago
Description : Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of service (DoS) of the web app for all users.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41395
Published : April 24, 2025, 7:15 a.m. | 1 hour, 26 minutes ago
Description : Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of service (DoS) of the web app for all users.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41423 - Mattermost Playbooks API Permission Validation Bypass
CVE ID : CVE-2025-41423
Published : April 24, 2025, 7:15 a.m. | 1 hour, 26 minutes ago
Description : Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without channel access or appropriate permissions.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41423
Published : April 24, 2025, 7:15 a.m. | 1 hour, 26 minutes ago
Description : Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without channel access or appropriate permissions.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12244 - GitLab EE Information Disclosure
CVE ID : CVE-2024-12244
Published : April 24, 2025, 8:15 a.m. | 26 minutes ago
Description : An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12244
Published : April 24, 2025, 8:15 a.m. | 26 minutes ago
Description : An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0639 - GitLab CE/EE Service Availability Denial of Service
CVE ID : CVE-2025-0639
Published : April 24, 2025, 8:15 a.m. | 26 minutes ago
Description : An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0639
Published : April 24, 2025, 8:15 a.m. | 26 minutes ago
Description : An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1908 - GitLab Information Disclosure and Session Hijacking Vulnerability
CVE ID : CVE-2025-1908
Published : April 24, 2025, 8:15 a.m. | 26 minutes ago
Description : An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1908
Published : April 24, 2025, 8:15 a.m. | 26 minutes ago
Description : An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...