Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-05-09 CVE-2025-4382 A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption.
low complexity
CWE-306
5.9
5.9
2025-05-09 CVE-2025-3949 The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'seedprod_lite_get_revisisons' function in all versions up to, and including, 6.18.15.
network
low complexity
CWE-862
4.3
4.3
2025-05-09 CVE-2025-4403 The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user-supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function.
network
low complexity
CWE-434
critical
 9.8
9.8
2025-05-09 CVE-2025-4471 Stack-based Buffer Overflow vulnerability in Fabianros Jewellery Store Management System 1.0
A vulnerability, which was classified as critical, has been found in code-projects Jewelery Store Management system 1.0.
local
low complexity
fabianros CWE-121
7.8
7.8
2025-05-09 CVE-2025-4472 Stack-based Buffer Overflow vulnerability in Fabianros Departmental Store Management System 1.0
A vulnerability was found in code-projects Departmental Store Management System 1.0.
local
low complexity
fabianros CWE-121
7.8
7.8
2025-05-09 CVE-2024-11617 The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetra_languageUpload' and 'zetra_fontsUpload' functions in all versions up to, and including, 1.0.
network
low complexity
CWE-434
critical
 9.8
9.8
2025-05-09 CVE-2025-2253 The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.
network
low complexity
CWE-620
critical
 9.8
9.8
2025-05-09 CVE-2025-3455 The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2.
network
low complexity
CWE-434
8.8
8.8
2025-05-09 CVE-2025-3605 The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7.
network
low complexity
CWE-639
critical
 9.8
9.8
2025-05-09 CVE-2025-4467 Unspecified vulnerability in Senior-Walter Online Student Clearance System 1.0
A vulnerability was found in SourceCodester Online Student Clearance System 1.0.
network
low complexity
senior-walter
critical
 9.8
9.8