Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-13 CVE-2025-29773 Unspecified vulnerability in Froxlor 2.2.5
Froxlor is open-source server administration software.
local
low complexity
froxlor
7.8
7.8
2025-03-13 CVE-2025-2263 Out-of-bounds Write vulnerability in Santesoft Sante Pacs Server 4.1.0
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password.
network
low complexity
santesoft CWE-787
critical
 9.8
9.8
2025-03-13 CVE-2025-2264 Path Traversal vulnerability in Santesoft Sante Pacs Server 4.1.0
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe".
network
low complexity
santesoft CWE-22
7.5
7.5
2025-03-13 CVE-2024-10942 The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replace_serialized_values' function.
network
high complexity
CWE-502
7.5
7.5
2025-03-13 CVE-2025-25175 A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002).
local
low complexity
CWE-119
7.8
7.8
2025-03-13 CVE-2025-1785 The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action.
network
low complexity
CWE-22
5.4
5.4
2025-03-13 CVE-2025-1119 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5.
network
low complexity
CWE-94
7.3
7.3
2025-03-13 CVE-2025-1503 The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Roundup Recipe Name field in all versions up to, and including, 9.8.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-03-13 CVE-2025-1561 The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 4.4.10 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2
2025-03-13 CVE-2025-2104 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8.
network
low complexity
CWE-862
4.3
4.3