CVE-2024-13812 - "Anps Theme Plugin WordPress Shortcode Injection Vulnerability"
CVE ID : CVE-2024-13812
Published : April 26, 2025, 9:15 a.m. | 3 hours, 28 minutes ago
Description : The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13812
Published : April 26, 2025, 9:15 a.m. | 3 hours, 28 minutes ago
Description : The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2101 - Edumall WordPress Local File Inclusion Vulnerability
CVE ID : CVE-2025-2101
Published : April 26, 2025, 9:15 a.m. | 3 hours, 27 minutes ago
Description : The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumall_lazy_load_template' AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2101
Published : April 26, 2025, 9:15 a.m. | 3 hours, 27 minutes ago
Description : The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumall_lazy_load_template' AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-53636 - Serosoft Academia Student Information System (SIS) EagleR File Upload Code Execution Vulnerability
CVE ID : CVE-2024-53636
Published : April 26, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-53636
Published : April 26, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46646 - Ghostscript UTF-8 Encoding Vulnerability
CVE ID : CVE-2025-46646
Published : April 26, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46646
Published : April 26, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46652 - IZArc Mark-of-the-Web Bypass Information Disclosure Vulnerability
CVE ID : CVE-2025-46652
Published : April 26, 2025, 6:15 p.m. | 2 hours, 27 minutes ago
Description : In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46652
Published : April 26, 2025, 6:15 p.m. | 2 hours, 27 minutes ago
Description : In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46653 - Formidable File Name Guessing Vulnerability
CVE ID : CVE-2025-46653
Published : April 26, 2025, 9:15 p.m. | 3 hours, 28 minutes ago
Description : Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46653
Published : April 26, 2025, 9:15 p.m. | 3 hours, 28 minutes ago
Description : Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46654 - CodiMD through 2.2.0 has a CSP-based protection me
CVE ID : CVE-2025-46654
Published : April 26, 2025, 9:15 p.m. | 3 hours, 28 minutes ago
Description : CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46654
Published : April 26, 2025, 9:15 p.m. | 3 hours, 28 minutes ago
Description : CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46655 - CodiMD AWS S3 SVG XSS Bypass
CVE ID : CVE-2025-46655
Published : April 26, 2025, 9:15 p.m. | 3 hours, 28 minutes ago
Description : CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46655
Published : April 26, 2025, 9:15 p.m. | 3 hours, 28 minutes ago
Description : CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3954 - ChurchCRM Referer Handler Server-Side Request Forgery Vulnerability
CVE ID : CVE-2025-3954
Published : April 26, 2025, 10:15 p.m. | 2 hours, 28 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3954
Published : April 26, 2025, 10:15 p.m. | 2 hours, 28 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46656 - Markdownify Headline Prefix Overflow
CVE ID : CVE-2025-46656
Published : April 26, 2025, 10:15 p.m. | 2 hours, 28 minutes ago
Description : python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to
through
. This causes memory consumption.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46656
Published : April 26, 2025, 10:15 p.m. | 2 hours, 28 minutes ago
Description : python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to
through
. This causes memory consumption.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3955 - "Codeprojects Patient Record Management System SQL Injection Vulnerability"
CVE ID : CVE-2025-3955
Published : April 27, 2025, 1:15 a.m. | 3 hours, 27 minutes ago
Description : A vulnerability, which was classified as critical, was found in codeprojects Patient Record Management System 1.0. This affects an unknown part of the file /edit_rpatient.php.php. The manipulation of the argument id/lastname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3955
Published : April 27, 2025, 1:15 a.m. | 3 hours, 27 minutes ago
Description : A vulnerability, which was classified as critical, was found in codeprojects Patient Record Management System 1.0. This affects an unknown part of the file /edit_rpatient.php.php. The manipulation of the argument id/lastname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46672 - NASA CryptoLib Crypto Function Status Validation Bypass
CVE ID : CVE-2025-46672
Published : April 27, 2025, 1:15 a.m. | 3 hours, 27 minutes ago
Description : NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46672
Published : April 27, 2025, 1:15 a.m. | 3 hours, 27 minutes ago
Description : NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46673 - NASA CryptoLib SDLS Protocol Bypass Vulnerability
CVE ID : CVE-2025-46673
Published : April 27, 2025, 1:15 a.m. | 3 hours, 27 minutes ago
Description : NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS).
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46673
Published : April 27, 2025, 1:15 a.m. | 3 hours, 27 minutes ago
Description : NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS).
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46674 - NASA CryptoLib Cryptographic Vulnerability
CVE ID : CVE-2025-46674
Published : April 27, 2025, 1:15 a.m. | 3 hours, 27 minutes ago
Description : NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46674
Published : April 27, 2025, 1:15 a.m. | 3 hours, 27 minutes ago
Description : NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46675 - NASA CryptoLib Cryptographic Key State Validation Bypass
CVE ID : CVE-2025-46675
Published : April 27, 2025, 1:15 a.m. | 3 hours, 27 minutes ago
Description : In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46675
Published : April 27, 2025, 1:15 a.m. | 3 hours, 27 minutes ago
Description : In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46574 - GoldenDB Information Disclosure
CVE ID : CVE-2025-46574
Published : April 27, 2025, 2:15 a.m. | 2 hours, 28 minutes ago
Description : There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46574
Published : April 27, 2025, 2:15 a.m. | 2 hours, 28 minutes ago
Description : There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46575 - GoldenDB Information Disclosure Vulnerability
CVE ID : CVE-2025-46575
Published : April 27, 2025, 2:15 a.m. | 2 hours, 28 minutes ago
Description : There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46575
Published : April 27, 2025, 2:15 a.m. | 2 hours, 28 minutes ago
Description : There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46576 - GoldenDB Database Permission Bypass Vulnerability
CVE ID : CVE-2025-46576
Published : April 27, 2025, 2:15 a.m. | 2 hours, 28 minutes ago
Description : There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46576
Published : April 27, 2025, 2:15 a.m. | 2 hours, 28 minutes ago
Description : There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46577 - GoldenDB Database SQL Injection Vulnerability
CVE ID : CVE-2025-46577
Published : April 27, 2025, 2:15 a.m. | 2 hours, 28 minutes ago
Description : There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46577
Published : April 27, 2025, 2:15 a.m. | 2 hours, 28 minutes ago
Description : There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46578 - GoldenDB Database SQL Injection Vulnerability
CVE ID : CVE-2025-46578
Published : April 27, 2025, 2:15 a.m. | 2 hours, 28 minutes ago
Description : There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46578
Published : April 27, 2025, 2:15 a.m. | 2 hours, 28 minutes ago
Description : There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46579 - GoldenDB DDE Injection Vulnerability
CVE ID : CVE-2025-46579
Published : April 27, 2025, 2:15 a.m. | 2 hours, 28 minutes ago
Description : There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46579
Published : April 27, 2025, 2:15 a.m. | 2 hours, 28 minutes ago
Description : There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...