Development

CVE ID : CVE-2025-4162

Published : May 1, 2025, 11:15 a.m. | 37 minutes ago

Description : A vulnerability classified as critical was found in PCMan FTP Server up to 2.0.7. This vulnerability affects unknown code of the component ASCII Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

SonicWall OS Command Injection Vulnerability Exploited in the Wild

SonicWall has issued an urgent warning to customers that threat actors are actively exploiting a high-severity command injection vulnerability in its Secure Mobile Access (SMA) appliances.
The vulnera …
Read more

Published Date:
May 01, 2025 (3 hours, 52 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-44221

CVE-2021-20035

Apache ActiveMQ Vulnerability Allows Remote Attackers to Execute Arbitrary Code

A critical security vulnerability (CVE-2025-29953) in Apache ActiveMQ’s NMS OpenWire Client has been disclosed, enabling remote attackers to execute arbitrary code on vulnerable systems.
The flaw, roo …
Read more

Published Date:
May 01, 2025 (21 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-29953

CVE ID : CVE-2025-1304

Published : May 1, 2025, 4:16 a.m. | 2 hours, 53 minutes ago

Description : The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1305

Published : May 1, 2025, 4:16 a.m. | 3 hours, 55 minutes ago

Description : The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2168

Published : May 1, 2025, 4:16 a.m. | 3 hours, 55 minutes ago

Description : The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1. This is due to missing or incorrect nonce validation on the dismiss() function. This makes it possible for unauthenticated attackers to set arbitrary user meta values to `1` which can be leveraged to lock and administrator out of their site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4149

Published : May 1, 2025, 4:16 a.m. | 3 hours, 54 minutes ago

Description : A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4148

Published : May 1, 2025, 4:16 a.m. | 3 hours, 54 minutes ago

Description : A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-13845

Published : May 1, 2025, 5:15 a.m. | 2 hours, 56 minutes ago

Description : The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the ‘process_feed’ method of the GF_Webhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4150

Published : May 1, 2025, 5:15 a.m. | 1 hour, 54 minutes ago

Description : A vulnerability was found in Netgear EX6200 1.0.3.94. It has been declared as critical. This vulnerability affects the function sub_54340. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3952

Published : May 1, 2025, 5:15 a.m. | 1 hour, 54 minutes ago

Description : The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the ‘pto_remove_logo’ function in all versions up to, and including, 5.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4099

Published : May 1, 2025, 5:15 a.m. | 2 hours, 56 minutes ago

Description : The List Children plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘list_children’ shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-13381

Published : May 1, 2025, 6:15 a.m. | 1 hour, 56 minutes ago

Description : The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3502

Published : May 1, 2025, 6:15 a.m. | 1 hour, 56 minutes ago

Description : The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3503

Published : May 1, 2025, 6:15 a.m. | 1 hour, 56 minutes ago

Description : The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3504

Published : May 1, 2025, 6:15 a.m. | 1 hour, 56 minutes ago

Description : The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4151

Published : May 1, 2025, 6:15 a.m. | 1 hour, 56 minutes ago

Description : A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4152

Published : May 1, 2025, 6:15 a.m. | 1 hour, 56 minutes ago

Description : A vulnerability classified as critical has been found in PHPGurukul Online Birth Certificate System 1.0. Affected is an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4153

Published : May 1, 2025, 7:15 a.m. | 55 minutes ago

Description : A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3521

Published : May 1, 2025, 7:15 a.m. | 55 minutes ago

Description : The Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social Link icons in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…