CVE-2024-21682 CVSS:7.2 EPSS:0.09%
This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network. This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation). This vulnerability was reported via our Penetration Testing program. (Last Update:2025-04-30 14:06:22) (Publish Update:2024-02-20 18:15:51)
CVE-2025-3472 CVSS:9.8 EPSS:0.11%
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is also installed and activated. (Last Update:2025-04-30 14:01:16) (Publish Update:2025-04-22 11:12:21)
CVE-2025-4120 CVSS:9.0
A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been classified as critical. Affected is the function sub_4238E8. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. (Last Update:2025-04-30 14:00:06) (Publish Update:2025-04-30 14:00:06)
CVE-2025-45427 CVSS:9.8 EPSS:0.21%
In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution. (Last Update:2025-04-30 13:51:20) (Publish Update:2025-04-23 15:16:01)
CVE-2025-3341 CVSS:9.8 EPSS:0.04%
A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0. This affects an unknown part of the file /admin/reservation_view.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. (Last Update:2025-04-30 13:44:37) (Publish Update:2025-04-07 07:00:07)
CVE-2025-3342 CVSS:9.8 EPSS:0.04%
A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/payment_save.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. (Last Update:2025-04-30 13:40:03) (Publish Update:2025-04-07 07:31:04)
CVE-2023-22512 CVSS:7.5 EPSS:3.25%
This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a vulnerable host (Confluence instance) connected to a network, which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.14 Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.1 Confluence Data Center and Server 8.6 or above: No need to upgrade, you're already on a patched version See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ]). This vulnerability was reported via our Bug Bounty program. (Last Update:2025-04-30 13:34:35) (Publish Update:2024-01-16 18:15:09)
CVE-2025-4116 CVSS:9.0
A vulnerability, which was classified as critical, has been found in Netgear JWNR2000v2 1.0.0.11. Affected by this issue is the function get_cur_lang_ver. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. (Last Update:2025-04-30 13:15:50) (Publish Update:2025-04-30 12:31:06)
CVE-2025-4115 CVSS:9.0
A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function default_version_is_new. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. (Last Update:2025-04-30 13:15:50) (Publish Update:2025-04-30 12:31:04)
CVE-2025-3395 CVSS:8.4
Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. (Last Update:2025-04-30 13:15:49) (Publish Update:2025-04-30 12:40:38)
This vulnerability list widget is provided by www.cvedetails.com. CVEdetails.com is updated! Visit www.cvedetails.com to see what's new in the new version!