Security

CVE ID : CVE-2025-3914

Published : April 26, 2025, 6:15 a.m. | 1 hour, 15 minutes ago

Description : The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘aeropage_media_downloader’ function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2907

Published : April 26, 2025, 6:15 a.m. | 1 hour, 13 minutes ago

Description : The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modify the default_user_role to administrator and users_can_register, allowing them to register as an administrator of the site for complete site takeover.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3906

Published : April 26, 2025, 6:15 a.m. | 1 hour, 15 minutes ago

Description : The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wep_opcoes’ function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the default registration role within the plugin’s registration flow to Administrator, which allows any user to create an Administrator account.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3491

Published : April 26, 2025, 6:15 a.m. | 1 hour, 13 minutes ago

Description : The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the ‘acpt_validate_setting’ function. This is due to insufficient sanitization of the ‘template_name’ parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3915

Published : April 26, 2025, 6:15 a.m. | 1 hour, 13 minutes ago

Description : The Aeropage Sync for Airtable plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘aeropageDeletePost’ function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-28128

Published : April 25, 2025, 8:15 p.m. | 2 hours, 46 minutes ago

Description : An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request.

Severity: 7.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32979

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32980

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 has a Weak Sudo Configuration.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32982

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32981

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32983

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32984

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32985

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46333

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : z2d is a pure Zig 2D graphics library. In version 0.6.0, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, the source surface can be completely out-of-bounds on the x-axis (but not on the y-axis) by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version 0.6.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32986

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3638

Published : April 25, 2025, 3:15 p.m. | 4 hours, 29 minutes ago

Description : A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3637

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site’s URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.

Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3635

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3628

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3636

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…