Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-05-03 CVE-2025-4222 The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location.
network
high complexity
CWE-200
5.9
2025-05-02 CVE-2022-21546 In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out.
network
low complexity
7.7
2025-05-02 CVE-2025-21572 OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page.
network
low complexity
6.1
2025-05-02 CVE-2025-4215 A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16.
network
high complexity
3.1
2025-05-02 CVE-2025-4218 A vulnerability was found in handrew browserpilot up to 0.2.51.
local
low complexity
CWE-74
5.3
2025-05-02 CVE-2025-4214 A vulnerability was found in PHPGuruku Online DJ Booking Management System 1.0 and classified as critical.
network
low complexity
CWE-74
7.3
2025-05-02 CVE-2025-4213 A vulnerability has been found in PHPGurukul Online Birth Certificate System 1.0 and classified as critical.
network
low complexity
CWE-74
7.3
2025-05-02 CVE-2025-4210 A vulnerability classified as critical was found in Casdoor up to 1.811.0.
network
low complexity
CWE-639
7.3
2025-05-02 CVE-2025-4204 The Ultimate Auction Pro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
2025-05-02 CVE-2025-2421 Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection.This issue affects SambaBox: before 5.1.
local
low complexity
CWE-94
8.2