CVE-2024-43565 - Windows Network Address Translation (NAT) Denial of Service Vulnerability
Published: October 08, 2024; 2:15:23 PM -0400

V3.1: 7.5 HIGH

CVE-2025-27424 - Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136.
Published: March 04, 2025; 9:15:39 AM -0500

CVE-2025-1942 - When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird < 136.
Published: March 04, 2025; 9:15:39 AM -0500

CVE-2025-1941 - Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136.
Published: March 04, 2025; 9:15:39 AM -0500

CVE-2025-1932 - An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunder... read CVE-2025-1932
Published: March 04, 2025; 9:15:38 AM -0500

CVE-2025-25769 - Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /controller/UserController.java.
Published: February 21, 2025; 2:15:14 PM -0500

CVE-2025-25770 - Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /agency/AgencyUserController.java.
Published: February 21, 2025; 2:15:14 PM -0500

CVE-2025-26622 - vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returni... read CVE-2025-26622
Published: February 21, 2025; 5:15:13 PM -0500

CVE-2025-27104 - vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produce... read CVE-2025-27104
Published: February 21, 2025; 5:15:13 PM -0500

CVE-2025-27105 - vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array... read CVE-2025-27105
Published: February 21, 2025; 5:15:13 PM -0500

CVE-2025-25462 - A SQL Injection vulnerability was found in /admin/add-propertytype.php in PHPGurukul Land Record System Project in PHP v1.0 allows remote attackers to execute arbitrary code via the propertytype POST request parameter.
Published: February 26, 2025; 11:15:16 AM -0500

CVE-2025-28011 - A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.
Published: March 13, 2025; 1:15:37 PM -0400

CVE-2025-1668 - The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for... read CVE-2025-1668
Published: March 15, 2025; 12:15:21 AM -0400

V3.1: 5.4 MEDIUM

CVE-2025-1669 - The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of suffic... read CVE-2025-1669
Published: March 15, 2025; 12:15:21 AM -0400

V3.1: 6.5 MEDIUM

CVE-2025-1670 - The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficien... read CVE-2025-1670
Published: March 15, 2025; 12:15:21 AM -0400

V3.1: 6.5 MEDIUM

CVE-2025-27103 - DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connect... read CVE-2025-27103
Published: March 13, 2025; 1:15:36 PM -0400

V3.1: 6.5 MEDIUM

CVE-2025-28015 - A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, a... read CVE-2025-28015
Published: March 13, 2025; 12:15:27 PM -0400

CVE-2025-2163 - The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorum_set_options() function. This makes it possible for ... read CVE-2025-2163
Published: March 15, 2025; 12:15:22 AM -0400

V3.1: 5.4 MEDIUM

CVE-2025-29427 - Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in profile.php via the member_first and member_last parameters.
Published: March 17, 2025; 3:15:27 PM -0400

CVE-2025-29411 - An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
Published: March 20, 2025; 11:15:46 AM -0400