CVE ID : CVE-2025-46533
Published : April 24, 2025, 4:15 p.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpdrift.no Landing pages and Domain aliases for WordPress allows Stored XSS. This issue affects Landing pages and Domain aliases for WordPress: from n/a through 0.8.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46536
Published : April 24, 2025, 4:15 p.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in RichardHarrison Carousel-of-post-images allows DOM-Based XSS. This issue affects Carousel-of-post-images: from n/a through 1.07.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46542
Published : April 24, 2025, 4:15 p.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeXpert Xpert Tab allows Stored XSS. This issue affects Xpert Tab: from n/a through 1.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46541
Published : April 24, 2025, 4:15 p.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in elrata_ WP-reCAPTCHA-bp allows Stored XSS. This issue affects WP-reCAPTCHA-bp: from n/a through 4.1.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46540
Published : April 24, 2025, 4:15 p.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chris Mok GNA Search Shortcode allows Stored XSS. This issue affects GNA Search Shortcode: from n/a through 0.9.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46538
Published : April 24, 2025, 4:15 p.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in webplanetsoft Inline Text Popup allows DOM-Based XSS. This issue affects Inline Text Popup: from n/a through 1.0.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2023-37534
Published : April 24, 2025, 5:15 p.m. | 1 hour, 44 minutes ago
Description : Insufficient URI protocol whitelist in HCL Leap
allows script injection through query parameters.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2023-45720
Published : April 24, 2025, 5:15 p.m. | 1 hour, 44 minutes ago
Description : Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-30113
Published : April 24, 2025, 5:15 p.m. | 1 hour, 44 minutes ago
Description : Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-30147
Published : April 24, 2025, 5:15 p.m. | 1 hour, 44 minutes ago
Description : Multiple vectors in HCL Leap allow client-side
script injection in the authoring environment and deployed applications.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31324
Published : April 24, 2025, 5:15 p.m. | 1 hour, 44 minutes ago
Description : SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-30114
Published : April 24, 2025, 5:15 p.m. | 1 hour, 44 minutes ago
Description : Insufficient sanitization in HCL Leap allows
client-side script injection in the authoring environment.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43858
Published : April 24, 2025, 6:15 p.m. | 45 minutes ago
Description : YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting `yt-dlp` from a commands prompt running on Windows OS with the `UseWindowsEncodingWorkaround` value defined to true (default behavior). If a user is using built-in methods from the YoutubeDL.cs file, the value is true by default and a user cannot disable it from these methods. This issue has been patched in version 1.1.2.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Flyby is a console based satellite tracking program that can track a satellite across the sky with an antenna The…
Chawan is a text-mode web browser. It displays websites in your terminal and allows you to navigate on them. The…
To ensure that you have access to the best technology available, we’re continuously adding support for new models to GitHub…
GitLab Security Update – Patch for XSS, DoS & Account Takeover Vulnerabilities
GitLab has released critical security patches addressing multiple high-severity vulnerabilities in its platform, highlighting robust security measures amid increasing cyber threats.
The company has is …
Read more
Published Date:
Apr 24, 2025 (3 hours, 22 minutes ago)
Vulnerabilities has been mentioned in this article.
Commvault back-upserver via kritiek path traversal-lek over te nemen
Een kritieke kwetsbaarheid in de back-upsoftware van Commvault maakt het mogelijk voor ongeauthenticeerde aanvallers om op afstand kwetsbare servers via een zip-bestand over te nemen. De impact van he …
Read more
Published Date:
Apr 24, 2025 (3 hours, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-34028
Redis DoS Vulnerability: Attackers Can Exhaust Server Memory or Cause Crashes
A high-severity vulnerability in Redis, the popular open-source in-memory data structure store, that could allow unauthenticated attackers to cause denial-of-service conditions by exhausting server me …
Read more
Published Date:
Apr 24, 2025 (2 hours, 3 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-21605
CVE ID : CVE-2025-27820
Published : April 24, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…