CVE-2025-46536 - RichardHarrison Carousel-of-post-images Cross-site Scripting
CVE ID : CVE-2025-46536
Published : April 24, 2025, 4:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RichardHarrison Carousel-of-post-images allows DOM-Based XSS. This issue affects Carousel-of-post-images: from n/a through 1.07.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46536
Published : April 24, 2025, 4:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RichardHarrison Carousel-of-post-images allows DOM-Based XSS. This issue affects Carousel-of-post-images: from n/a through 1.07.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46538 - Webplanetsoft Inline Text Popup Cross-site Scripting Vulnerability
CVE ID : CVE-2025-46538
Published : April 24, 2025, 4:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webplanetsoft Inline Text Popup allows DOM-Based XSS. This issue affects Inline Text Popup: from n/a through 1.0.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46538
Published : April 24, 2025, 4:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webplanetsoft Inline Text Popup allows DOM-Based XSS. This issue affects Inline Text Popup: from n/a through 1.0.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46540 - Chris Mok GNA Search Shortcode Cross-site Scripting
CVE ID : CVE-2025-46540
Published : April 24, 2025, 4:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Mok GNA Search Shortcode allows Stored XSS. This issue affects GNA Search Shortcode: from n/a through 0.9.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46540
Published : April 24, 2025, 4:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Mok GNA Search Shortcode allows Stored XSS. This issue affects GNA Search Shortcode: from n/a through 0.9.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46541 - Elrata WP-reCAPTCHA-bp Cross-site Scripting (XSS)
CVE ID : CVE-2025-46541
Published : April 24, 2025, 4:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elrata_ WP-reCAPTCHA-bp allows Stored XSS. This issue affects WP-reCAPTCHA-bp: from n/a through 4.1.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46541
Published : April 24, 2025, 4:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elrata_ WP-reCAPTCHA-bp allows Stored XSS. This issue affects WP-reCAPTCHA-bp: from n/a through 4.1.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46542 - ThemeXpert Xpert Tab Stored Cross-site Scripting
CVE ID : CVE-2025-46542
Published : April 24, 2025, 4:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeXpert Xpert Tab allows Stored XSS. This issue affects Xpert Tab: from n/a through 1.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46542
Published : April 24, 2025, 4:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeXpert Xpert Tab allows Stored XSS. This issue affects Xpert Tab: from n/a through 1.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-37534 - HCL Leap URI Protocol Whitelist Bypass Vulnerability
CVE ID : CVE-2023-37534
Published : April 24, 2025, 5:15 p.m. | 3 hours, 26 minutes ago
Description : Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-37534
Published : April 24, 2025, 5:15 p.m. | 3 hours, 26 minutes ago
Description : Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-45720 - HCL Leap Directory Information Information Disclosure
CVE ID : CVE-2023-45720
Published : April 24, 2025, 5:15 p.m. | 3 hours, 26 minutes ago
Description : Insufficient default configuration in HCL Leap allows anonymous access to directory information.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-45720
Published : April 24, 2025, 5:15 p.m. | 3 hours, 26 minutes ago
Description : Insufficient default configuration in HCL Leap allows anonymous access to directory information.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-30113 - HCL Leap Cross-Site Scripting Vulnerability
CVE ID : CVE-2024-30113
Published : April 24, 2025, 5:15 p.m. | 3 hours, 26 minutes ago
Description : Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-30113
Published : April 24, 2025, 5:15 p.m. | 3 hours, 26 minutes ago
Description : Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-30114 - HCL Leap Cross-Site Scripting (XSS)
CVE ID : CVE-2024-30114
Published : April 24, 2025, 5:15 p.m. | 3 hours, 26 minutes ago
Description : Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-30114
Published : April 24, 2025, 5:15 p.m. | 3 hours, 26 minutes ago
Description : Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-30147 - "Oracle HCL Leap Client-Side Script Injection Vulnerability"
CVE ID : CVE-2024-30147
Published : April 24, 2025, 5:15 p.m. | 3 hours, 26 minutes ago
Description : Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-30147
Published : April 24, 2025, 5:15 p.m. | 3 hours, 26 minutes ago
Description : Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31324 - SAP NetWeaver Unauthenticated Remote Code Execution
CVE ID : CVE-2025-31324
Published : April 24, 2025, 5:15 p.m. | 3 hours, 26 minutes ago
Description : SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31324
Published : April 24, 2025, 5:15 p.m. | 3 hours, 26 minutes ago
Description : SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43858 - YouTubeDLSharp Windows Command Injection Vulnerability
CVE ID : CVE-2025-43858
Published : April 24, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting `yt-dlp` from a commands prompt running on Windows OS with the `UseWindowsEncodingWorkaround` value defined to true (default behavior). If a user is using built-in methods from the YoutubeDL.cs file, the value is true by default and a user cannot disable it from these methods. This issue has been patched in version 1.1.2.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43858
Published : April 24, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting `yt-dlp` from a commands prompt running on Windows OS with the `UseWindowsEncodingWorkaround` value defined to true (default behavior). If a user is using built-in methods from the YoutubeDL.cs file, the value is true by default and a user cannot disable it from these methods. This issue has been patched in version 1.1.2.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43859 - Apache h11 Chunked-Coding Request Smuggling Vulnerability
CVE ID : CVE-2025-43859
Published : April 24, 2025, 7:15 p.m. | 1 hour, 26 minutes ago
Description : h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43859
Published : April 24, 2025, 7:15 p.m. | 1 hour, 26 minutes ago
Description : h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26382 - iSTAR ICU Buffer Overflow
CVE ID : CVE-2025-26382
Published : April 24, 2025, 8:15 p.m. | 26 minutes ago
Description : Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26382
Published : April 24, 2025, 8:15 p.m. | 26 minutes ago
Description : Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-44759 - HCL Leap SVG Injection Vulnerability
CVE ID : CVE-2022-44759
Published : April 24, 2025, 9:15 p.m. | 3 hours, 27 minutes ago
Description : Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-44759
Published : April 24, 2025, 9:15 p.m. | 3 hours, 27 minutes ago
Description : Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-44760 - HCL Leap JavaScript Injection
CVE ID : CVE-2022-44760
Published : April 24, 2025, 9:15 p.m. | 3 hours, 27 minutes ago
Description : Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-44760
Published : April 24, 2025, 9:15 p.m. | 3 hours, 27 minutes ago
Description : Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-37516 - HCL Leap Information Disclosure
CVE ID : CVE-2023-37516
Published : April 24, 2025, 9:15 p.m. | 3 hours, 27 minutes ago
Description : Missing "no cache" headers in HCL Leap permits user directory information to be cached.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-37516
Published : April 24, 2025, 9:15 p.m. | 3 hours, 27 minutes ago
Description : Missing "no cache" headers in HCL Leap permits user directory information to be cached.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-30127 - HCL Leap HTTP Cache Exposure Vulnerability
CVE ID : CVE-2024-30127
Published : April 24, 2025, 9:15 p.m. | 3 hours, 27 minutes ago
Description : Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-30127
Published : April 24, 2025, 9:15 p.m. | 3 hours, 27 minutes ago
Description : Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25777 - Codeastro Bus Ticket Booking System IDOR
CVE ID : CVE-2025-25777
Published : April 24, 2025, 9:15 p.m. | 3 hours, 27 minutes ago
Description : Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25777
Published : April 24, 2025, 9:15 p.m. | 3 hours, 27 minutes ago
Description : Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29529 - ITC Systems Multiplan/Matrix OneCard SQL Injection
CVE ID : CVE-2025-29529
Published : April 24, 2025, 9:15 p.m. | 3 hours, 27 minutes ago
Description : ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29529
Published : April 24, 2025, 9:15 p.m. | 3 hours, 27 minutes ago
Description : ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43861 - ManageWiki Stored and Reflected XSS Vulnerability
CVE ID : CVE-2025-43861
Published : April 24, 2025, 9:15 p.m. | 3 hours, 26 minutes ago
Description : ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43861
Published : April 24, 2025, 9:15 p.m. | 3 hours, 26 minutes ago
Description : ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...