Security

CVE ID : CVE-2025-3838

Published : April 21, 2025, 10:15 a.m. | 41 minutes ago

Description : An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed credentials of the installer. This EOL component was deprecated in September 2023 with end of support extended till January 2024.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3840

Published : April 21, 2025, 10:15 a.m. | 41 minutes ago

Description : An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An actor can manipulate the action parameter of the login form to inject malicious scripts which would lead to a XSS attack under certain conditions.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-53591

Published : April 18, 2025, 9:15 p.m. | 2 days, 9 hours ago

Description : An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-29058

Published : April 18, 2025, 9:15 p.m. | 2 days, 9 hours ago

Description : An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3821

Published : April 20, 2025, 4:15 a.m. | 1 day, 2 hours ago

Description : A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-0632

Published : April 21, 2025, 6:15 a.m. | 40 minutes ago

Description : Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise.

This issue affects Rock Maker Web: from 3.2.1.1 and later

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-39588

Published : April 17, 2025, 4:15 p.m. | 3 days, 10 hours ago

Description : Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-39595

Published : April 17, 2025, 4:15 p.m. | 3 days, 10 hours ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Quentn.com GmbH Quentn WP allows SQL Injection. This issue affects Quentn WP: from n/a through 1.2.8.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43929

Published : April 20, 2025, 3:15 a.m. | 23 hours ago

Description : open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2020-36844

Published : April 20, 2025, 10:15 p.m. | 4 hours ago

Description : The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2020-36845

Published : April 20, 2025, 10:15 p.m. | 4 hours ago

Description : The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43961

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43962

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43964

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43966

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43967

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43963

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43971

Published : April 21, 2025, 1:15 a.m. | 1 hour ago

Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43970

Published : April 21, 2025, 1:15 a.m. | 1 hour ago

Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g.. by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43973

Published : April 21, 2025, 1:15 a.m. | 1 hour ago

Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…