Latest Vulnerabilities

CVE ID : CVE-2025-3805 Published : April 19, 2025, 4:15 p.m. | 22 minutes ago Description : A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Affected by this vulnerability is an unknown functionality of the file check_id.py of the component Jinja2 Template Handler. The manipulation of the argument ID leads to injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3804 Published : April 19, 2025, 4:15 p.m. | 22 minutes ago Description : A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3803 Published : April 19, 2025, 3:15 p.m. | 1 hour, 22 minutes ago Description : A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3802 Published : April 19, 2025, 3:15 p.m. | 1 hour, 22 minutes ago Description : A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3801 Published : April 19, 2025, 2:15 p.m. | 2 hours, 22 minutes ago Description : A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Severity: 2.4 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3800 Published : April 19, 2025, 12:15 p.m. | 4 hours, 22 minutes ago Description : A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobile_phone leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3799 Published : April 19, 2025, 11:15 a.m. | 5 hours, 22 minutes ago Description : A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3798 Published : April 19, 2025, 10:15 a.m. | 6 hours, 22 minutes ago Description : A vulnerability, which was classified as critical, has been found in WCMS 11. This issue affects the function sub of the file app/admin/AdvadminController.php of the component Advertisement Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Severity: 4.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3661 Published : April 19, 2025, 10:15 a.m. | 6 hours, 22 minutes ago Description : The SB Chart block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2021-4455 Published : April 19, 2025, 8:15 a.m. | 8 hours, 22 minutes ago Description : The WordPress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3404 Published : April 19, 2025, 8:15 a.m. | 8 hours, 22 minutes ago Description : The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3797 Published : April 19, 2025, 7:15 a.m. | 9 hours, 22 minutes ago Description : A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Severity: 4.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2111 Published : April 19, 2025, 6:15 a.m. | 10 hours, 22 minutes ago Description : The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the ‘custom_plugin_set_option’ function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. The ‘WPBRIGADE_SDK__DEV_MODE’ constant must be set to ‘true’ to exploit the vulnerability. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3809 Published : April 19, 2025, 6:15 a.m. | 10 hours, 22 minutes ago Description : The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto-refresh debug log in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-13926 Published : April 19, 2025, 6:15 a.m. | 10 hours, 22 minutes ago Description : The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3103 Published : April 19, 2025, 5:15 a.m. | 11 hours, 22 minutes ago Description : The CLEVER – HTML5 Radio Player With History – Shoutcast and Icecast – Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the ‘history.php’ file in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to read arbitrary files on the affected site’s server, which may contain sensitive information including database credentials. The vulnerability was partially patched in version 2.4. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1457 Published : April 19, 2025, 4:15 a.m. | 12 hours, 22 minutes ago Description : The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Wrapper Link, Countdown and Gallery widgets in all versions up to, and including, 5.10.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3275 Published : April 19, 2025, 4:15 a.m. | 12 hours, 22 minutes ago Description : The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider widget in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1093 Published : April 19, 2025, 4:15 a.m. | 12 hours, 22 minutes ago Description : The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43896 Published : April 19, 2025, 3:15 a.m. | 13 hours, 22 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43897 Published : April 19, 2025, 3:15 a.m. | 13 hours, 22 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43898 Published : April 19, 2025, 3:15 a.m. | 13 hours, 22 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43899 Published : April 19, 2025, 3:15 a.m. | 13 hours, 22 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43900 Published : April 19, 2025, 3:15 a.m. | 13 hours, 22 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43901 Published : April 19, 2025, 3:15 a.m. | 13 hours, 22 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…