7.2

CVSS3.1

CVE-2025-46657 -

Karaz Karazal through 2025-04-14 allows reflected XSS via the lang parameter to the default URI.

πŸ“… Published: April 27, 2025, midnight πŸ”„ Last Modified: May 12, 2025, 7:07 p.m.

5

CVSS3.1

CVE-2025-46690 -

Ververica Platform 2.14.0 allows low-privileged users to access SQL connectors via a direct namespaces/default/formats request.

πŸ“… Published: April 27, 2025, midnight πŸ”„ Last Modified: May 12, 2025, 7:31 p.m.

3.5

CVSS3.1

CVE-2025-46674 -

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.

πŸ“… Published: April 27, 2025, midnight πŸ”„ Last Modified: May 29, 2025, 2:02 p.m.

5.4

CVSS3.1

CVE-2025-46689 -

Ververica Platform 2.14.0 contain an Reflected XSS vulnerability via a namespaces/default/formats URI.

πŸ“… Published: April 27, 2025, midnight πŸ”„ Last Modified: May 12, 2025, 7:32 p.m.

3.5

CVSS3.1

CVE-2025-46675 -

In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.

πŸ“… Published: April 27, 2025, midnight πŸ”„ Last Modified: May 12, 2025, 7:34 p.m.

6.3

CVSS4.0

CVE-2025-3954 - ChurchCRM Referer server-side request forgery

A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack is…

πŸ“… Published: April 26, 2025, 9:31 p.m. πŸ”„ Last Modified: May 29, 2025, 3:48 p.m.

8.1

CVSS3.1

CVE-2025-2101 - Edumall <= 4.2.4 - Unauthenticated Local File Inclusion

The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumall_lazy_load_template' AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the serv…

πŸ“… Published: April 26, 2025, 8:23 a.m. πŸ”„ Last Modified: April 21, 2026, 9:15 p.m.

6.5

CVSS3.1

CVE-2024-13812 - Anps Theme plugin <= 1.1.1 - Unauthenticated Arbitrary Shortcode Execution

The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for …

πŸ“… Published: April 26, 2025, 8:23 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.6

CVSS4.0

CVE-2025-2851 - GL.iNet GL-A1300 Slate Plus RPC plugins.so buffer overflow

A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango,…

πŸ“… Published: April 26, 2025, 8 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.1

CVSS4.0

CVE-2025-2850 - GL.iNet GL-A1300 Slate Plus Download Interface improper authorization

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 …

πŸ“… Published: April 26, 2025, 7:31 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 5657 of 34,919
Β« previous page Β» next page
Filters