Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-08 CVE-2025-2004 The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17.
network
low complexity
CWE-73
critical
 9.1
9.1
2025-04-08 CVE-2025-3409 A vulnerability classified as critical has been found in Nothings stb up to f056911.
network
low complexity
CWE-121
6.3
6.3
2025-04-08 CVE-2025-3405 A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27.
network
low complexity
CWE-99
4.3
4.3
2025-04-08 CVE-2025-3406 A vulnerability was found in Nothings stb up to f056911.
network
low complexity
CWE-125
4.3
4.3
2025-04-08 CVE-2025-3407 A vulnerability was found in Nothings stb up to f056911.
network
low complexity
CWE-125
6.3
6.3
2025-04-08 CVE-2025-3364 The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system.
local
low complexity
 6.7
6.7
2025-04-08 CVE-2025-3401 SQL Injection vulnerability in Esafenet CDG 5.6.3.154.20520250114
A vulnerability has been found in ESAFENET CDG 5.6.3.154.205_20250114 and classified as critical.
network
low complexity
esafenet CWE-89
critical
 9.8
9.8
2025-04-08 CVE-2025-2519 The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1.
network
low complexity
CWE-22
6.5
6.5
2025-04-08 CVE-2025-2525 The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'st_Authentication_Controller::edit_profile' function in all versions up to, and including, 4.0.1.
network
low complexity
CWE-434
8.8
8.8
2025-04-08 CVE-2025-2526 The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2.
network
low complexity
CWE-639
8.8
8.8