Full List

Search

Recent Vulnerabilities

• CVE-2025-43858 • published on April 24, 2025 YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting `yt-dlp` from a commands prompt running on Windows OS with the `UseWindowsEncodingWorkaround` value defined to true (default behavior). If a user is using built-in methods from the YoutubeDL.cs file, the value is true by default and a user cannot disable it from these methods. This issue has been patched in version 1.1.2.
• CVE-2025-31324 • published on April 24, 2025 SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
• CVE-2023-37534 • published on April 24, 2025 Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters.
• CVE-2023-45720 • published on April 24, 2025 Insufficient default configuration in HCL Leap allows anonymous access to directory information.
• CVE-2024-30113 • published on April 24, 2025 Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.
• CVE-2024-30114 • published on April 24, 2025 Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment.
• CVE-2024-30147 • published on April 24, 2025 Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications.
• CVE-2024-30148 • published on April 24, 2025 Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem.
• CVE-2025-46498 • published on April 24, 2025 Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat allows Cross Site Request Forgery. This issue affects Zalo Official Live Chat: from n/a through 1.0.0.
• CVE-2025-46473 • published on April 24, 2025 Deserialization of Untrusted Data vulnerability in djjmz Social Counter allows Object Injection. This issue affects Social Counter: from n/a through 2.0.5.
• CVE-2025-46523 • published on April 24, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devignstudiosltd COVID-19 (Coronavirus) Update Your Customers allows Stored XSS. This issue affects COVID-19 (Coronavirus) Update Your Customers: from n/a through 1.5.1.
• CVE-2025-46507 • published on April 24, 2025 Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes allows Stored XSS. This issue affects Unsafe Mimetypes: from n/a through 0.1.4.
• CVE-2025-46481 • published on April 24, 2025 Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer allows Object Injection. This issue affects Flickr Shortcode Importer: from n/a through 2.2.3.
• CVE-2025-46447 • published on April 24, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFable Fable Extra allows DOM-Based XSS. This issue affects Fable Extra: from n/a through 1.0.6.
• CVE-2025-46531 • published on April 24, 2025 Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper (formerly WPFlyLeads) allows Server Side Request Forgery. This issue affects WP AVCL Automation Helper (formerly WPFlyLeads): from n/a through 3.4.
• CVE-2025-46519 • published on April 24, 2025 Missing Authorization vulnerability in Michael Revellin-Clerc Media Library Downloader allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Library Downloader: from n/a through 1.3.1.
• CVE-2025-46511 • published on April 24, 2025 Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery. This issue affects BeerXML Shortcode: from n/a through 0.71.
• CVE-2025-46503 • published on April 24, 2025 Server-Side Request Forgery (SSRF) vulnerability in josheli Simple Google Photos Grid allows Server Side Request Forgery. This issue affects Simple Google Photos Grid: from n/a through 1.5.
• CVE-2025-46489 • published on April 24, 2025 Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bulk Assign Linked Products For WooCommerce: from n/a through 2.1.
• CVE-2025-46485 • published on April 24, 2025 Missing Authorization vulnerability in Carlo La Pera WP Customize Login Page allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Customize Login Page: from n/a through 1.6.5.