Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-03 | CVE-2025-3148 | Classic Buffer Overflow vulnerability in Code-Projects Product Management System 1.0 A vulnerability was found in codeprojects Product Management System 1.0 and classified as problematic. | 7.8 |
| 2025-04-03 | CVE-2025-3142 | Injection vulnerability in Oretnom23 Apartment Visitor Management System 1.0 A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. | 8.8 |
| 2025-04-03 | CVE-2025-3143 | Injection vulnerability in Oretnom23 Apartment Visitor Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Apartment Visitor Management System 1.0. | 8.8 |
| 2025-04-03 | CVE-2025-3139 | Classic Buffer Overflow vulnerability in Fabian BUS Reservation System 1.0 A vulnerability was found in code-projects Bus Reservation System 1.0 and classified as critical. | 7.8 |
| 2025-04-03 | CVE-2025-3134 | Injection vulnerability in Fabian Payroll Management System 1.0 A vulnerability classified as critical has been found in code-projects Payroll Management System 1.0. | 8.8 |
| 2025-04-02 | CVE-2025-3123 | Unrestricted Upload of File with Dangerous Type vulnerability in Wondercms 3.5.0 A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. | 7.2 |
| 2025-04-02 | CVE-2025-0257 | Missing Authentication for Critical Function vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | 7.5 |
| 2025-04-02 | CVE-2025-20139 | A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. | 7.5 |
| 2025-04-02 | CVE-2025-20212 | A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. | 7.7 |
| 2025-04-02 | CVE-2025-21991 | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask. According to Documentation/admin-guide/mm/numaperf.rst: "Some memory may share the same node as a CPU, and others are provided as memory only nodes." Therefore, some node CPU masks may be empty and wouldn't have a "first CPU". On a machine with far memory (and therefore CPU-less NUMA nodes): - cpumask_of_node(nid) is 0 - cpumask_first(0) is CONFIG_NR_CPUS - cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an index that is 1 out of bounds This does not have any security implications since flashing microcode is a privileged operation but I believe this has reliability implications by potentially corrupting memory while flashing a microcode update. When booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes a microcode update. | 7.8 |