| 2025-04-27 | CVE-2025-46577 | SQL Injection vulnerability in ZTE Zxcloud Goldendb 7.2.01.01
There is a SQL injection vulnerability in the GoldenDB database product. | 7.5 |
| 2025-04-27 | CVE-2025-46578 | SQL Injection vulnerability in ZTE Zxcloud Goldendb 7.2.01.01
There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. | 7.5 |
| 2025-04-27 | CVE-2025-46579 | Code Injection vulnerability in ZTE Zxcloud Goldendb 7.2.01.01
There is a DDE injection vulnerability in the GoldenDB database product. | 7.8 |
| 2025-04-27 | CVE-2025-3955 | SQL Injection vulnerability in Code-Projects Patient Record Management System 1.0
A vulnerability, which was classified as critical, was found in codeprojects Patient Record Management System 1.0. | 7.5 |
| 2025-04-27 | CVE-2025-46672 | Unchecked Return Value vulnerability in Nasa Cryptolib
NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking. | 8.8 |
| 2025-04-26 | CVE-2025-2101 | The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumall_lazy_load_template' AJAX action. network high complexity CWE-98 | 8.1 |
| 2025-04-26 | CVE-2025-2851 | A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. | 8.0 |
| 2025-04-26 | CVE-2025-2105 | Deserialization of Untrusted Data vulnerability in Artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'raven_download_file' function. | 8.1 |
| 2025-04-26 | CVE-2025-3491 | The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'acpt_validate_setting' function. | 7.2 |
| 2025-04-26 | CVE-2025-3906 | The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wep_opcoes' function in all versions up to, and including, 1.7.5. | 8.8 |