Common Vulnerabilities and Exposures (CVEs)

CVE ID : CVE-2024-11617

Published : May 9, 2025, 7:16 a.m. | 59 minutes ago

Description : The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘zetra_languageUpload’ and ‘zetra_fontsUpload’ functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2253

Published : May 9, 2025, 7:16 a.m. | 59 minutes ago

Description : The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imic_reset_password_init() function. This makes it possible for unauthenticated attackers to change any user’s passwords, including administrators if the users email is known.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3605

Published : May 9, 2025, 7:16 a.m. | 59 minutes ago

Description : The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user’s identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user’s email addresses, including administrators, and leverage that to reset the user’s password and gain access to their account.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3455

Published : May 9, 2025, 7:16 a.m. | 59 minutes ago

Description : The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘start_restore’ function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3710

Published : May 9, 2025, 4:16 a.m. | 2 hours, 25 minutes ago

Description : The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3711

Published : May 9, 2025, 4:16 a.m. | 2 hours, 25 minutes ago

Description : The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3714

Published : May 9, 2025, 4:16 a.m. | 1 hour, 58 minutes ago

Description : The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3712

Published : May 9, 2025, 4:16 a.m. | 2 hours, 25 minutes ago

Description : The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-service attack.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3713

Published : May 9, 2025, 4:16 a.m. | 2 hours, 25 minutes ago

Description : The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-service attack.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4456

Published : May 9, 2025, 4:16 a.m. | 2 hours, 24 minutes ago

Description : A vulnerability classified as critical has been found in Project Worlds Car Rental Project 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4457

Published : May 9, 2025, 4:16 a.m. | 2 hours, 24 minutes ago

Description : A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4458

Published : May 9, 2025, 4:16 a.m. | 2 hours, 24 minutes ago

Description : A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit_upatient.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4459

Published : May 9, 2025, 4:16 a.m. | 2 hours, 24 minutes ago

Description : A vulnerability was found in code-projects Patient Record Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file fecalysis_form.php. The manipulation of the argument itr_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4460

Published : May 9, 2025, 4:16 a.m. | 2 hours, 24 minutes ago

Description : A vulnerability classified as problematic has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the component URL Filtering Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47735

Published : May 9, 2025, 5:15 a.m. | 1 hour, 25 minutes ago

Description : inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47737

Published : May 9, 2025, 5:15 a.m. | 1 hour, 25 minutes ago

Description : lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47736

Published : May 9, 2025, 5:15 a.m. | 1 hour, 25 minutes ago

Description : dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4462

Published : May 9, 2025, 5:15 a.m. | 59 minutes ago

Description : A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4461

Published : May 9, 2025, 5:15 a.m. | 1 hour, 25 minutes ago

Description : A vulnerability classified as problematic was found in TOTOLINK N150RT 3.4.0-B20190525. This vulnerability affects unknown code of the component Virtual Server Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4463

Published : May 9, 2025, 5:15 a.m. | 1 hour, 25 minutes ago

Description : A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_package. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…