CVE ID : CVE-2024-53591
Published : April 18, 2025, 9:15 p.m. | 2 days, 9 hours ago
Description : An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29058
Published : April 18, 2025, 9:15 p.m. | 2 days, 9 hours ago
Description : An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3821
Published : April 20, 2025, 4:15 a.m. | 1 day, 2 hours ago
Description : A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0632
Published : April 21, 2025, 6:15 a.m. | 40 minutes ago
Description : Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise.
This issue affects Rock Maker Web: from 3.2.1.1 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39588
Published : April 17, 2025, 4:15 p.m. | 3 days, 10 hours ago
Description : Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39595
Published : April 17, 2025, 4:15 p.m. | 3 days, 10 hours ago
Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Quentn.com GmbH Quentn WP allows SQL Injection. This issue affects Quentn WP: from n/a through 1.2.8.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43929
Published : April 20, 2025, 3:15 a.m. | 23 hours ago
Description : open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2020-36844
Published : April 20, 2025, 10:15 p.m. | 4 hours ago
Description : The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2020-36845
Published : April 20, 2025, 10:15 p.m. | 4 hours ago
Description : The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43961
Published : April 21, 2025, 12:15 a.m. | 2 hours ago
Description : In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43962
Published : April 21, 2025, 12:15 a.m. | 2 hours ago
Description : In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43964
Published : April 21, 2025, 12:15 a.m. | 2 hours ago
Description : In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43966
Published : April 21, 2025, 12:15 a.m. | 2 hours ago
Description : libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43967
Published : April 21, 2025, 12:15 a.m. | 2 hours ago
Description : libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43963
Published : April 21, 2025, 12:15 a.m. | 2 hours ago
Description : In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43971
Published : April 21, 2025, 1:15 a.m. | 1 hour ago
Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43970
Published : April 21, 2025, 1:15 a.m. | 1 hour ago
Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g.. by ensuring that there are 12 bytes or 36 bytes (depending on the address family).
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43973
Published : April 21, 2025, 1:15 a.m. | 1 hour ago
Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43972
Published : April 21, 2025, 1:15 a.m. | 1 hour ago
Description : An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3819
Published : April 19, 2025, 8:15 p.m. | 1 day, 2 hours ago
Description : A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…