Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-03 | CVE-2025-3158 | A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. | 5.3 |
| 2025-04-03 | CVE-2025-3159 | A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. | 5.3 |
| 2025-04-03 | CVE-2024-9416 | The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions <= 5.0.36) due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-04-03 | CVE-2025-2946 | Unspecified vulnerability in Pgadmin 4 pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). | 6.1 |
| 2025-04-03 | CVE-2025-2299 | The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. | 6.1 |
| 2025-04-03 | CVE-2024-13673 | The Big Boom Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bbd-search' shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-04-03 | CVE-2025-1663 | Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-04-03 | CVE-2025-21995 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix fence reference count leak The last_scheduled fence leaks when an entity is being killed and adding the cleanup callback fails. Decrement the reference count of prev when dma_fence_add_callback() fails, ensuring proper balance. [phasta: add git tag info for stable kernel] | 5.5 |
| 2025-04-03 | CVE-2025-21996 | Use of Uninitialized Resource vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() On the off chance that command stream passed from userspace via ioctl() call to radeon_vce_cs_parse() is weirdly crafted and first command to execute is to encode (case 0x03000001), the function in question will attempt to call radeon_vce_cs_reloc() with size argument that has not been properly initialized. | 5.5 |
| 2025-04-03 | CVE-2025-21997 | Integer Overflow or Wraparound vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem() Since the i and pool->chunk_size variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different XDP buffers pointing to the same memory area. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE. | 5.5 |