Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-27 CVE-2025-2849 A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0.
local
low complexity
CWE-122
3.3
3.3
2025-03-27 CVE-2025-2846 A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0.
network
low complexity
CWE-74
7.3
7.3
2025-03-27 CVE-2025-2847 A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0.
network
low complexity
CWE-74
6.3
6.3
2025-03-27 CVE-2025-2332 The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function.
network
low complexity
CWE-502
critical
 9.8
9.8
2025-03-27 CVE-2025-2685 The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-03-27 CVE-2025-2481 The MediaView plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id' parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-03-26 CVE-2025-20230 In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created.
network
low complexity
CWE-284
4.3
4.3
2025-03-26 CVE-2025-20226 In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the "/services/streams/search" endpoint through its "q" parameter.
network
low complexity
CWE-200
5.7
5.7
2025-03-26 CVE-2025-20227 In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure.
network
low complexity
CWE-20
4.3
4.3
2025-03-26 CVE-2025-20228 In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).
network
low complexity
CWE-352
6.5
6.5