8.8

CVSS3.1

CVE-2025-1770 - Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Authenticated (Contrib…

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inc…

πŸ“… Published: March 20, 2025, 5:22 a.m. πŸ”„ Last Modified: April 21, 2026, 10 p.m.

4.3

CVSS3.1

CVE-2025-1314 - Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin…

The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or incorrect nonce validation on the ctf_clear_cache_admin() function. This makes it possible for unauthen…

πŸ“… Published: March 20, 2025, 5:22 a.m. πŸ”„ Last Modified: April 22, 2026, 6 p.m.

4.9

CVSS3.1

CVE-2025-2559 - Org.keycloak/keycloak-services: jwt token cache exhaustion leading to denial of service (dos) in ke…

A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This i…

πŸ“… Published: March 20, 2025, midnight πŸ”„ Last Modified: May 6, 2026, 4:48 p.m.

4.8

CVSS3.1

CVE-2025-29412 -

A cross-site scripting (XSS) vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

πŸ“… Published: March 20, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 8:19 p.m.

10

CVSS3.1

CVE-2025-26853 -

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.

πŸ“… Published: March 20, 2025, midnight πŸ”„ Last Modified: April 23, 2025, 7:13 p.m.

6.1

CVSS3.1

CVE-2025-29410 -

A cross-site scripting (XSS) vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the txtEmail parameter.

πŸ“… Published: March 20, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 8:19 p.m.

6.5

CVSS3.1

CVE-2025-29215 -

Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList.

πŸ“… Published: March 20, 2025, midnight πŸ”„ Last Modified: March 25, 2025, 5:38 p.m.

7.5

CVSS3.1

CVE-2025-29101 -

Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function.

πŸ“… Published: March 20, 2025, midnight πŸ”„ Last Modified: March 25, 2025, 5:37 p.m.

9.8

CVSS3.1

CVE-2024-48590 -

Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. This allows an attacker to escalate privileges and obtain sensitive information.

πŸ“… Published: March 20, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 8:20 p.m.

9.8

CVSS3.1

CVE-2025-29411 -

An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

πŸ“… Published: March 20, 2025, midnight πŸ”„ Last Modified: March 28, 2025, 7:38 p.m.
Total resulsts: 349182
Page 6299 of 34,919
Β« previous page Β» next page
Filters