April 2025

CVE ID : CVE-2025-29482 Published : April 7, 2025, 8:15 p.m. | 1 hour, 5 minutes ago Description : Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected […]

CVE ID : CVE-2025-29594 Published : April 7, 2025, 8:15 p.m. | 1 hour, 5 minutes ago Description : A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed. Specifically, the $_GET[‘errorcode’] parameter can be manipulated to access unauthorized error codes, leading to Cross-Site Scripting (XSS)

CVE ID : CVE-2025-29769 Published : April 7, 2025, 8:15 p.m. | 1 hour, 5 minutes ago Description : libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips

CVE ID : CVE-2025-3381 Published : April 7, 2025, 8:15 p.m. | 1 hour, 5 minutes ago Description : A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It

CVE ID : CVE-2025-3382 Published : April 7, 2025, 8:15 p.m. | 1 hour, 5 minutes ago Description : A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. This vulnerability affects the function update of the file /api/user/update. The manipulation of the argument state leads to sql injection. The attack can

CVE ID : CVE-2025-31407 Published : April 4, 2025, 2:15 p.m. | 44 minutes ago Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected

CVE ID : CVE-2025-31405 Published : April 4, 2025, 2:15 p.m. | 44 minutes ago Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in zankover Fami WooCommerce Compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through 1.0.5. Severity: 7.5 | HIGH Visit

CVE ID : CVE-2025-31416 Published : April 4, 2025, 2:15 p.m. | 44 minutes ago Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AwesomeTOGI Awesome Event Booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through 2.8.4. Severity: 7.1 | HIGH Visit the link for more details, such

CVE ID : CVE-2025-31418 Published : April 4, 2025, 2:15 p.m. | 44 minutes ago Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in noonnoo Gravel allows Reflected XSS.This issue affects Gravel: from n/a through 1.6. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected

CVE ID : CVE-2025-3249 Published : April 4, 2025, 2:15 p.m. | 44 minutes ago Description : A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been