Total
88327 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46690 | 2025-04-29 | N/A | 5.0 MEDIUM | ||
| Ververica Platform 2.14.0 allows low-privileged users to access SQL connectors via a direct namespaces/default/formats request. | |||||
| CVE-2024-10635 | 2025-04-29 | N/A | 6.1 MEDIUM | ||
| Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system. | |||||
| CVE-2025-46577 | 2025-04-29 | N/A | 6.5 MEDIUM | ||
| There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information. | |||||
| CVE-2025-4059 | 2025-04-29 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical was found in code-projects Prison Management System 1.0. This vulnerability affects the function addrecord of the component Prison_Mgmt_Sys. The manipulation of the argument filename leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4002 | 2025-04-29 | 4.6 MEDIUM | 5.5 MEDIUM | ||
| A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-4018 | 2025-04-29 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The manipulation leads to missing authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4038 | 2025-04-29 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-32499 | 2025-04-29 | N/A | 4.9 MEDIUM | ||
| Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed. | |||||
| CVE-2025-3915 | 2025-04-29 | N/A | 4.3 MEDIUM | ||
| The Aeropage Sync for Airtable plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'aeropageDeletePost' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. | |||||
| CVE-2025-1458 | 2025-04-29 | N/A | 6.4 MEDIUM | ||
| The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button, Creative Button, Image Stack and more in all versions up to, and including, 5.10.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-3978 | 2025-04-29 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in dazhouda lecms 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/view/default/user_set.htm. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-46652 | 2025-04-29 | N/A | 6.1 MEDIUM | ||
| In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files. | |||||
| CVE-2025-4036 | 2025-04-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/AuthorController.java of the component Chapter Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-13688 | 2025-04-29 | N/A | 5.3 MEDIUM | ||
| The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request | |||||
| CVE-2025-3957 | 2025-04-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in opplus springboot-admin 1.0 and classified as critical. This issue affects some unknown processing of the file \src\main\resources\mapper\sys\SysLogDao.xml. The manipulation of the argument order leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4021 | 2025-04-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in code-projects Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /edit_spatient.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4035 | 2025-04-29 | N/A | 4.3 MEDIUM | ||
| A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation. | |||||
| CVE-2025-46576 | 2025-04-29 | N/A | 5.4 MEDIUM | ||
| There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content. | |||||
| CVE-2025-4006 | 2025-04-29 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability classified as critical has been found in youyiio BeyongCms 1.6.0. Affected is an unknown function of the file /admin/theme/Upload.html of the component Document Management Page. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-52888 | 2025-04-29 | N/A | 5.4 MEDIUM | ||
| For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties. | |||||