Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-04-03 CVE-2025-22007 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix error code in chan_alloc_skb_cb() The chan_alloc_skb_cb() function is supposed to return error pointers on error.
local
low complexity
linux CWE-476
5.5
5.5
2025-04-03 CVE-2025-2874 The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20240319 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2025-04-03 CVE-2025-3150 A vulnerability was found in itning Student Homework Management System up to 1.2.7.
network
low complexity
CWE-862
4.3
4.3
2025-04-03 CVE-2025-3142 A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0.
network
low complexity
CWE-74
6.3
6.3
2025-04-03 CVE-2025-3143 A vulnerability classified as critical has been found in SourceCodester Apartment Visitor Management System 1.0.
network
low complexity
CWE-74
6.3
6.3
2025-04-03 CVE-2025-3139 A vulnerability was found in code-projects Bus Reservation System 1.0 and classified as critical.
local
low complexity
CWE-120
5.3
5.3
2025-04-03 CVE-2025-3134 A vulnerability classified as critical has been found in code-projects Payroll Management System 1.0.
network
low complexity
CWE-74
6.3
6.3
2025-04-02 CVE-2025-3123 A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0.
network
low complexity
CWE-434
4.7
4.7
2025-04-02 CVE-2025-3120 A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0.
network
low complexity
CWE-74
6.3
6.3
2025-04-02 CVE-2025-20120 A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
CWE-79
6.1
6.1