scip AG [Security - Consulting - Information - Process]

CVE-2025-4186 | Wangshen SecGate 3600 2024 ?g=route_ispinfo_export_save file_name path traversal

01.05.2025 14:53

A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 2024. Affected is an unknown function of the file /?g=route_ispinfo_export_save. The manipulation of the argument ...

CVE-2025-4185 | Wangshen SecGate 3600 2024 ?g=obj_area_export_save file_name path traversal

01.05.2025 14:53

A vulnerability, which was classified as critical, has been found in Wangshen SecGate 3600 2024. This issue affects some unknown processing of the file ?g=obj_area_export_save. The manipulation of the...

CVE-2025-4184 | PCMan FTP Server 2.0.7 QUOTE Command buffer overflow

01.05.2025 14:49

A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component QUOTE Command Handler. The manipulation leads to buffer overflow. ...

CVE-2025-4183 | PCMan FTP Server 2.0.7 RECV Command buffer overflow

01.05.2025 14:49

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component RECV Command Handler. The manipulation leads to buffer overflow. This vu...

CVE-2025-4182 | PCMan FTP Server 2.0.7 BELL Command buffer overflow

01.05.2025 14:49

A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component BELL Command Handler. The manipulation leads t...

CVE-2025-4181 | PCMan FTP Server 2.0.7 SEND Command buffer overflow

01.05.2025 14:49

A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SEND Command Handler. The manipulatio...

CVE-2025-4180 | PCMan FTP Server 2.0.7 TRACE Command buffer overflow

01.05.2025 14:49

A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component TRACE Command Handler. The manipulation leads to buffer overfl...

CVE-2025-4178 | xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows File Upload API FoodController.java path traversal

01.05.2025 14:44

A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/m...

CVE-2025-4176 | PHPGurukul Blood Bank & Donor Management System 2.4 request-received-bydonar.php searchdata sql injection

01.05.2025 14:41

A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.ph...

CVE-2025-4175 | AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3 Upload Profile API Endpoint UserProfileController.jav uploadUserProfileImage File path traversal

01.05.2025 14:34

A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file /Spring-Boot-Advance...

CVE-2025-4174 | PHPGurukul COVID19 Testing Management System 1.0 /login.php Username sql injection

01.05.2025 14:29

A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /login.php. The ...

CVE-2025-4173 | SourceCodester Online Eyewear Shop 1.0 Master.php?f=delete_cart ID sql injection

01.05.2025 14:28

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_cart of the file /oews/classes/Master.php?f=delete_car...

CVE-2025-27007 | Brainstorm Force SureTriggers Plugin up to 1.0.82 on WordPress privileges assignment

01.05.2025 13:20

A vulnerability classified as critical has been found in Brainstorm Force SureTriggers Plugin up to 1.0.82 on WordPress. Affected is an unknown function. The manipulation leads to incorrect privilege ...

CVE-2025-47154 | Ladybird LibJS arguments_list missing synchronization

01.05.2025 10:47

A vulnerability was found in Ladybird. It has been rated as problematic. This issue affects some unknown processing of the component LibJS. The manipulation of the argument arguments_list leads to mis...

CVE-2025-3504 | WP Maps Plugin up to 4.7.1 on WordPress Setting cross site scripting

01.05.2025 09:45

A vulnerability was found in WP Maps Plugin up to 4.7.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation le...

CVE-2025-3503 | WP Maps Plugin up to 4.7.1 on WordPress Setting cross site scripting

01.05.2025 09:45

A vulnerability was found in WP Maps Plugin up to 4.7.1 on WordPress. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cr...

CVE-2025-3502 | WP Maps Plugin up to 4.7.1 on WordPress Setting cross site scripting

01.05.2025 09:45

A vulnerability was found in WP Maps Plugin up to 4.7.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulat...

CVE-2024-13381 | Calculated Fields Form Plugin up to 5.2.61 on WordPress Setting cross site scripting

01.05.2025 09:45

A vulnerability has been found in Calculated Fields Form Plugin up to 5.2.61 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Set...

CVE-2025-47153 | libuv/Node.js up to nodejs_20.19.0+dfsg-1_i386.deb on Debian reliance on machine-dependent data representation (Bug 4549)

01.05.2025 09:44

A vulnerability, which was classified as critical, was found in libuv and Node.js up to nodejs_20.19.0+dfsg-1_i386.deb on Debian. Affected is an unknown function. The manipulation leads to reliance on...

CVE-2025-43840 | CheckBot Plugin up to 1.05 on WordPress Setting cross-site request forgery

01.05.2025 07:19

A vulnerability, which was classified as problematic, has been found in CheckBot Plugin up to 1.05 on WordPress. This issue affects some unknown processing of the component Setting Handler. The manipu...

CVE-2025-2759 | GStreamer permission

01.05.2025 07:19

A vulnerability classified as critical was found in GStreamer. This vulnerability affects unknown code. The manipulation leads to permission issues. This vulnerability was named CVE-2025-2759. It is ...

CVE-2025-39374 | Best Posts Summary Plugin up to 1.0 on WordPress Setting cross-site request forgery

01.05.2025 07:19

A vulnerability classified as problematic has been found in Best Posts Summary Plugin up to 1.0 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to c...

CVE-2025-3887 | GStreamer H265 Codec Parser stack-based overflow

01.05.2025 07:19

A vulnerability was found in GStreamer. It has been rated as critical. Affected by this issue is some unknown functionality of the component H265 Codec Parser. The manipulation leads to stack-based bu...

CVE-2025-39369 | Posts for Page Plugin up to 2.1 on WordPress cross site scripting

01.05.2025 07:19

A vulnerability was found in Posts for Page Plugin up to 2.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cr...

CVE-2025-46262 | Mad Mimi Plugin up to 1.5.1 on WordPress cross site scripting

01.05.2025 07:19

A vulnerability was found in Mad Mimi Plugin up to 1.5.1 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vul...

CVE-2025-39372 | Events Calendar Registration & Tickets Plugin up to 2.6.0 on WordPress cross site scripting

01.05.2025 07:17

A vulnerability was found in Events Calendar Registration & Tickets Plugin up to 2.6.0 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to...

CVE-2025-46448 | Document Management System Plugin up to 1.24 on WordPress cross site scripting

01.05.2025 07:17

A vulnerability has been found in Document Management System Plugin up to 1.24 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site...

CVE-2025-46437 | Tayori Form Plugin up to 1.2.9 on WordPress cross site scripting

01.05.2025 07:17

A vulnerability, which was classified as problematic, was found in Tayori Form Plugin up to 1.2.9 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vuln...

CVE-2025-43841 | WP Vegas Plugin up to 2.2 on WordPress cross site scripting

01.05.2025 07:14

A vulnerability, which was classified as problematic, has been found in WP Vegas Plugin up to 2.2 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross si...

CVE-2025-43834 | cookieBAR Plugin up to 1.7.0 on WordPress cross site scripting

01.05.2025 07:14

A vulnerability classified as problematic was found in cookieBAR Plugin up to 1.7.0 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scrip...

CVE-2025-46526 | My Custom Widgets Plugin up to 2.0.5 on WordPress cross site scripting

01.05.2025 07:14

A vulnerability classified as problematic has been found in My Custom Widgets Plugin up to 2.0.5 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vu...

CVE-2025-46543 | Enhanced Paypal Shortcodes Plugin up to 0.5a on WordPress cross site scripting

01.05.2025 07:14

A vulnerability was found in Enhanced Paypal Shortcodes Plugin up to 0.5a on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross si...

CVE-2025-46446 | Libro de Reclamaciones Plugin up to 1.0.1 on WordPress cross site scripting

01.05.2025 07:13

A vulnerability was found in Libro de Reclamaciones Plugin up to 1.0.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site ...

CVE-2025-43835 | wp-cyr-cho Plugin up to 0.1 on WordPress cross-site request forgery

01.05.2025 07:12

A vulnerability was found in wp-cyr-cho Plugin up to 0.1 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. This ...

CVE-2025-46263 | Author Box After Posts Plugin up to 1.6 on WordPress cross site scripting

01.05.2025 07:12

A vulnerability was found in Author Box After Posts Plugin up to 1.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross s...

CVE-2025-3890 | Simple Shopping Cart Plugin up to 5.1.3 on WordPress Shortcode wp_cart_button cross site scripting

01.05.2025 07:11

A vulnerability has been found in Simple Shopping Cart Plugin up to 5.1.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wp_cart_button of the component Sho...

CVE-2025-39371 | Author Box Plugin with Different Description Plugin cross-site request forgery

01.05.2025 07:11

A vulnerability, which was classified as problematic, was found in Author Box Plugin with Different Description Plugin up to 1.3.5 on WordPress. Affected is an unknown function. The manipulation leads...

CVE-2025-39375 | Easy Child Theme Creator Plugin up to 1.3.1 on WordPress cross-site request forgery

01.05.2025 07:09

A vulnerability, which was classified as problematic, has been found in Easy Child Theme Creator Plugin up to 1.3.1 on WordPress. This issue affects some unknown processing. The manipulation leads to ...

CVE-2025-1529 | AM LottiePlayer up to 3.5.3 on WordPress cross site scripting

01.05.2025 07:07

A vulnerability classified as problematic was found in AM LottiePlayer up to 3.5.3 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerab...

CVE-2025-46455 | WP HRM Lite Plugin up to 1.1 on WordPress sql injection

01.05.2025 07:07

A vulnerability classified as critical has been found in WP HRM Lite Plugin up to 1.1 on WordPress. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is unique...

CVE-2025-46460 | Easy Guide up to 1.0.0 on WordPress sql injection

01.05.2025 07:07

A vulnerability was found in Easy Guide up to 1.0.0 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vu...

CVE-2025-46539 | Fable Extra up to 1.0.6 on WordPress sql injection

01.05.2025 07:06

A vulnerability was found in Fable Extra up to 1.0.6 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection...

CVE-2025-39370 | iCafe Library up to 1.8.3 on WordPress sql injection

01.05.2025 07:06

A vulnerability was found in iCafe Library up to 1.8.3 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability i...

CVE-2025-43833 | Absolute Links Plugin up to 1.1.1 on WordPress sql injection

01.05.2025 07:05

A vulnerability was found in Absolute Links Plugin up to 1.1.1 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identi...

CVE-2025-39365 | wProject Plugin up to 5.7.x on WordPress cross site scripting

01.05.2025 07:05

A vulnerability has been found in wProject Plugin up to 5.7.x on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This...

CVE-2025-3889 | Simple Shopping Cart Plugin up to 5.1.3 on WordPress process_payment_data quantity resource injection

01.05.2025 07:04

A vulnerability, which was classified as critical, was found in Simple Shopping Cart Plugin up to 5.1.3 on WordPress. This affects the function process_payment_data. The manipulation of the argument q...

CVE-2025-3874 | Simple Shopping Cart Plugin up to 5.1.3 on WordPress resource injection

01.05.2025 07:03

A vulnerability, which was classified as critical, has been found in Simple Shopping Cart Plugin up to 5.1.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads ...

CVE-2025-39366 | wProject Plugin up to 5.7.x on WordPress privilege escalation

01.05.2025 07:02

A vulnerability classified as critical was found in wProject Plugin up to 5.7.x on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to privilege escalation...

CVE-2025-39350 | wProject Plugin up to 5.7.x on WordPress authorization

01.05.2025 07:02

A vulnerability classified as problematic has been found in wProject Plugin up to 5.7.x on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerabil...

CVE-2025-46463 | Mailing Group Listserv Plugin up to 3.0.4 on WordPress sql injection

01.05.2025 06:55

A vulnerability was found in Mailing Group Listserv Plugin up to 3.0.4 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection....

CVE-2025-46490 | Crossword Compiler Puzzles Plugin up to 5.2 on WordPress unrestricted upload

01.05.2025 06:55

A vulnerability was found in Crossword Compiler Puzzles Plugin up to 5.2 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted...

CVE-2025-46474 | SEUR Oficial Plugin up to 2.2.23 on WordPress Image Parser file inclusion

01.05.2025 06:31

A vulnerability was found in SEUR Oficial Plugin up to 2.2.23 on WordPress. It has been classified as critical. This affects an unknown part of the component Image Parser. The manipulation leads to fi...

CVE-2025-46468 | Fable Extra up to 1.0.6 on WordPress Image Parser file inclusion

01.05.2025 06:29

A vulnerability was found in Fable Extra up to 1.0.6 on WordPress and classified as critical. Affected by this issue is some unknown functionality of the component Image Parser. The manipulation leads...

CVE-2025-39354 | Grand Conference up to 5.2 on WordPress deserialization

01.05.2025 06:28

A vulnerability has been found in Grand Conference up to 5.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to deserializat...

CVE-2025-39356 | Foodbakery Sticky Cart Plugin up to 3.2 on WordPress deserialization

01.05.2025 06:28

A vulnerability, which was classified as critical, was found in Foodbakery Sticky Cart Plugin up to 3.2 on WordPress. Affected is an unknown function. The manipulation leads to deserialization. This ...

CVE-2022-27562 | HCL Domino Volt File Type Filter Policy unrestricted upload (KB0120722)

01.05.2025 06:20

A vulnerability, which was classified as critical, has been found in HCL Domino Volt. This issue affects some unknown processing of the component File Type Filter Policy. The manipulation leads to unr...

CVE-2022-42449 | HCL Domino Volt File Type Filter Policy unrestricted upload (KB0120722)

01.05.2025 06:20

A vulnerability classified as critical was found in HCL Domino Volt. This vulnerability affects unknown code of the component File Type Filter Policy. The manipulation leads to unrestricted upload. T...

CVE-2024-30145 | HCL Domino Volt/Domino Leap cross site scripting (KB0120722)

01.05.2025 06:19

A vulnerability classified as problematic has been found in HCL Domino Volt and Domino Leap. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is unique...

CVE-2024-30115 | HCL Domino Leap HTML Widget HTML injection (KB0120722)

01.05.2025 06:19

A vulnerability was found in HCL Domino Leap. It has been rated as problematic. Affected by this issue is some unknown functionality of the component HTML Widget. The manipulation leads to HTML inject...

CVE-2022-42450 | HCL Domino Volt SVG File Parser cross site scripting (KB0120722)

01.05.2025 06:19

A vulnerability was found in HCL Domino Volt. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component SVG File Parser. The manipulation leads t...

CVE-2023-45721 | HCL Domino Leap Configuration exposure of private personal information to an unauthorized actor (KB0120722)

01.05.2025 06:18

A vulnerability was found in HCL Domino Leap. It has been classified as problematic. Affected is an unknown function of the component Configuration Handler. The manipulation leads to exposure of priva...

CVE-2023-37535 | HCL Domino Volt/Domino Leap URI Protocol cross site scripting (KB0120722)

01.05.2025 06:17

A vulnerability was found in HCL Domino Volt and Domino Leap and classified as problematic. This issue affects some unknown processing of the component URI Protocol Handler. The manipulation leads to ...

CVE-2024-30146 | HCL Domino Leap access control (KB0120722)

01.05.2025 06:15

A vulnerability has been found in HCL Domino Leap and classified as critical. This vulnerability affects unknown code. The manipulation leads to improper access controls. This vulnerability was named...

CVE-2025-30422 | Apple CarPlay Communication Plug-in buffer overflow

01.05.2025 06:15

A vulnerability, which was classified as critical, was found in Apple CarPlay Communication Plug-in. This affects an unknown part. The manipulation leads to buffer overflow. This vulnerability is uni...

CVE-2025-30422 | Apple AirPlay Video SDK buffer overflow

01.05.2025 06:15

A vulnerability, which was classified as critical, has been found in Apple AirPlay Video SDK. Affected by this issue is some unknown functionality. The manipulation leads to buffer overflow. This vul...

CVE-2025-30422 | Apple AirPlay Audio SDK buffer overflow

01.05.2025 06:15

A vulnerability classified as critical was found in Apple AirPlay Audio SDK. Affected by this vulnerability is an unknown functionality. The manipulation leads to buffer overflow. This vulnerability ...

CVE-2025-24132 | Apple CarPlay Communication Plug-in memory corruption

01.05.2025 06:14

A vulnerability classified as critical has been found in Apple CarPlay Communication Plug-in. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is trade...

CVE-2025-24132 | Apple AirPlay Video SDK memory corruption

01.05.2025 06:14

A vulnerability was found in Apple AirPlay Video SDK. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of thi...

CVE-2025-24132 | Apple AirPlay Audio SDK memory corruption

01.05.2025 06:14

A vulnerability was found in Apple AirPlay Audio SDK. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was na...

CVE-2023-37517 | HCL Domino Leap Cache Header cache containing sensitive information (KB0120722)

01.05.2025 06:14

A vulnerability was found in HCL Domino Leap. It has been classified as problematic. This affects an unknown part of the component Cache Header Handler. The manipulation leads to use of cache containi...

CVE-2025-4143 | OAuth server workers-oauth-provider up to 0.0.4 redirect_uri

01.05.2025 06:14

A vulnerability was found in OAuth server workers-oauth-provider up to 0.0.4 and classified as problematic. Affected by this issue is the function redirect_uri of the component OAuth. The manipulation...

CVE-2025-4144 | Cloudflare workers-oauth-provider up to 0.0.4 PKCE improper authentication

01.05.2025 06:13

A vulnerability has been found in Cloudflare workers-oauth-provider up to 0.0.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the component PKCE. The manipu...

CVE-2025-39376 | Car Park Booking System Plugin up to 2.6 on WordPress authorization

30.04.2025 22:29

A vulnerability, which was classified as critical, was found in Car Park Booking System Plugin up to 2.6 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization....

CVE-2025-39380 | Hospital Management System Plugin up to 47.0 on WordPress unrestricted upload

30.04.2025 22:28

A vulnerability, which was classified as critical, has been found in Hospital Management System Plugin up to 47.0 on WordPress. This issue affects some unknown processing. The manipulation leads to un...

CVE-2025-39393 | Hospital Management System Plugin up to 47.0 on WordPress cross site scripting

30.04.2025 22:28

A vulnerability classified as problematic was found in Hospital Management System Plugin up to 47.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scriptin...

CVE-2025-39355 | FAT Services Booking Plugin up to 5.6 on WordPress sql injection

30.04.2025 22:28

A vulnerability classified as critical has been found in FAT Services Booking Plugin up to 5.6 on WordPress. This affects an unknown part. The manipulation leads to sql injection. This vulnerability ...

CVE-2025-39386 | Hospital Management System Plugin up to 47.0 on WordPress sql injection

30.04.2025 22:28

A vulnerability was found in Hospital Management System Plugin up to 47.0 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to s...

CVE-2025-39357 | Hospital Management System Plugin up to 47.0 on WordPress sql injection

30.04.2025 22:28

A vulnerability was found in Hospital Management System Plugin up to 47.0 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation l...

CVE-2025-32924 | Revy Plugin up to 2.1 on WordPress sql injection

30.04.2025 22:28

A vulnerability was found in Revy Plugin up to 2.1 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is tr...

CVE-2025-39389 | AnalyticsWP Plugin up to 2.1.2 on WordPress sql injection

30.04.2025 22:28

A vulnerability was found in AnalyticsWP Plugin up to 2.1.2 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identific...

CVE-2025-39352 | Grand Restaurant Theme up to 7.0 on WordPress authorization

30.04.2025 22:26

A vulnerability has been found in Grand Restaurant Theme up to 7.0 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation leads to missing authorization. T...

CVE-2025-39349 | CiyaShop Theme up to 4.18.0 on WordPress deserialization

30.04.2025 22:26

A vulnerability, which was classified as critical, was found in CiyaShop Theme up to 4.18.0 on WordPress. This affects an unknown part. The manipulation leads to deserialization. This vulnerability i...

CVE-2025-32928 | Altair Theme up to 5.2.2 on WordPress deserialization

30.04.2025 22:26

A vulnerability, which was classified as critical, has been found in Altair Theme up to 5.2.2 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to deserializat...

CVE-2025-32925 | SUMO Reward Points up to 30.7.0 on WordPress file inclusion

30.04.2025 22:26

A vulnerability classified as critical was found in SUMO Reward Points up to 30.7.0 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to file inclusion. ...

CVE-2025-39398 | Hotel+Bed and Breakfast Booking Calendar Theme up to 4.2.2 on WordPress authorization

30.04.2025 22:26

A vulnerability classified as critical has been found in Hotel+Bed and Breakfast Booking Calendar Theme up to 4.2.2 on WordPress. Affected is an unknown function. The manipulation leads to missing aut...

CVE-2025-32926 | Grand Restaurant Theme up to 7.0 on WordPress deserialization

30.04.2025 22:26

A vulnerability was found in Grand Restaurant Theme up to 7.0 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to deserialization. The i...

CVE-2025-39348 | Grand Restaurant Theme up to 7.0 on WordPress deserialization

30.04.2025 22:26

A vulnerability was found in Grand Restaurant Theme up to 7.0 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to deserialization. This ...

CVE-2025-39373 | JNews Plugin up to 11.6.5 on WordPress authorization

30.04.2025 22:25

A vulnerability was found in JNews Plugin up to 11.6.5 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to missing authorization. This vulnerabil...

CVE-2025-32927 | WP FoodBakery up to 3.3 on WordPress deserialization

30.04.2025 22:25

A vulnerability was found in WP FoodBakery up to 3.3 on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to deserialization. This vul...

CVE-2024-6030 | Tesla Model S 2023.44.29 oFono unnecessary privileges (ZDI-25-263)

30.04.2025 22:24

A vulnerability has been found in Tesla Model S 2023.44.29 and classified as critical. Affected by this vulnerability is an unknown functionality of the component oFono. The manipulation leads to exec...

CVE-2024-13943 | Tesla Model S 7.1/2023.44.29/2024.2/2024.2.3 QCMAP_ConnectionManager sandbox (ZDI-25-262)

30.04.2025 22:24

A vulnerability, which was classified as critical, was found in Tesla Model S 7.1/2023.44.29/2024.2/2024.2.3. Affected is an unknown function of the component QCMAP_ConnectionManager. The manipulation...

CVE-2024-6031 | Tesla Model S 2023.44.29 oFono AT Command heap-based overflow (ZDI-25-261)

30.04.2025 22:23

A vulnerability, which was classified as critical, has been found in Tesla Model S 2023.44.29. This issue affects some unknown processing of the component oFono AT Command Handler. The manipulation le...

CVE-2024-6032 | Tesla Model S 7.1/2024.2.3 Iris Modem ql_atfwd os command injection (ZDI-25-264)

30.04.2025 22:23

A vulnerability classified as critical was found in Tesla Model S 7.1/2024.2.3. This vulnerability affects the function ql_atfwd of the component Iris Modem. The manipulation leads to os command injec...

CVE-2025-27611 | cryptocoinjs base-x up to 3.0.10/4.0.0/5.0.0 homoglyph (GHSA-xq7p-g2vc-g82p)

30.04.2025 22:23

A vulnerability classified as problematic has been found in cryptocoinjs base-x up to 3.0.10/4.0.0/5.0.0. This affects an unknown part. The manipulation leads to insufficient visual distinction of hom...

CVE-2024-6029 | Tesla Model S 7.1 Iris Modem toctou (ZDI-25-260)

30.04.2025 22:22

A vulnerability was found in Tesla Model S 7.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Iris Modem. The manipulation leads to time-of-ch...

CVE-2025-2082 | Tesla Model 3 2024.8 VCSEC Module integer overflow (ZDI-25-265)

30.04.2025 22:22

A vulnerability was found in Tesla Model 3 2024.8. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component VCSEC Module. The manipulation leads to...

CVE-2025-2170 | SonicWall SMA1000 up to 12.4.3-02907 server-side request forgery (SNWLID-2025-0008)

30.04.2025 21:02

A vulnerability was found in SonicWall SMA1000 up to 12.4.3-02907. It has been classified as critical. Affected is an unknown function. The manipulation leads to server-side request forgery. This vul...

CVE-2025-46558 | xwiki-contrib syntax-markdown up to 8.8 cross site scripting

30.04.2025 20:47

A vulnerability was found in xwiki-contrib syntax-markdown up to 8.8 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The ide...

CVE-2024-9876 | ABB ANC/ANC-L/ANC-mini up to 1.1.4 modification of assumed-immutable data

30.04.2025 20:47

A vulnerability has been found in ABB ANC, ANC-L and ANC-mini up to 1.1.4 and classified as critical. This vulnerability affects unknown code. The manipulation leads to modification of assumed-immutab...

CVE-2025-32777 | volcano-sh volcano up to 1.9.0/1.10.1/1.11.1 Elastic Service allocation of resources

30.04.2025 20:46

A vulnerability, which was classified as critical, was found in volcano-sh volcano up to 1.9.0/1.10.1/1.11.1. This affects an unknown part of the component Elastic Service. The manipulation leads to a...