165 new CVEs published on 2025-04-10 (CVSS: 7.5 - 10.0)
CybersecurityVulnerabilitiesExploitsSoftwareSecurity
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
| CVE ID | CVSS | Description |
|---|---|---|
| CVE-2025-32642 | 10.0 | Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1... |
| CVE-2025-32375 | 9.8 | BentoML is a Python library for building online serving systems optimized for AI apps and model inference.
Prior to 1.4.8, there was an insecure deserialization vulnerability. |
| CVE-2025-32743 | 9.0 | In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. |
| CVE-2025-32687 | 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce allows remote attackers to execute arbitrary SQL commands. |
| CVE-2025-32119 | 8.2 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability
in CardGate CardGate Payments for WooCommerce allows remote attackers to execute arbitrary SQL commands. |
| CVE-2025-32695 | 9.8 | Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation. |
| CVE-2025-27690 | 9.8 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability.
An unauthenticated attacker with remote access can exploit this to gain unauthorized access. |
| CVE-2025-31036 | 8.8 | Cross-Site Request Forgery (CSRF) vulnerability in WPSolr free WPSolr allows Privilege Escalation. This issue affects WPSolr: from n/a through 24.0. |
| CVE-2025-31038 | 8.8 | Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs allows Privilege Escalation.
This issue affects Essential Breadcrumbs: from n/a through 24.0. |
| CVE-2025-3417 | 8.8 | The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check. |
| CVE-2025-2631 | 7.8 | Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. |
| CVE-2025-2632 | 7.8 | Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information
disclosure or arbitrary code execution. |
| CVE-2025-30658 | 7.5 | A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series allows an attacker to cause a denial of service or potentially execute arbitrary code. |
| CVE-2025-3102 | 8.1 | The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation. |
| CVE-2025-31377 | 7.5 | Missing Authorization vulnerability in Asaquzzaman mishu Woo Product Feed For Marketing Channels allows
exploiting incorrectly configured access controls. |
| CVE-2025-32380 | 7.5 | The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in the router allows an attacker to cause a denial of service. |
| CVE-2025-21594 | 7.5 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series allows an attacker to cause a denial of service. |
| CVE-2025-21601 | 7.5 | An Improper Following of Specification by Caller
vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS allows an attacker to cause a denial of service. |
| CVE-2025-30644 | 7.5 | A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300-MP, EX4600, and EX9200 allows an attacker to cause a denial of service or potentially execute arbitrary code. |
| CVE-2025-31033 | 9.8 | Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity allows Cross Site Request Forgery.
This issue affects Buddypress Humanity: from n/a through 1... |
| CVE-2025-32496 | 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer allows an attacker to upload a web shell to a web server. |
| CVE-2025-32576 | 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop allows an attacker to upload a web shell to a web server. |
| CVE-2025-32641 | 9.6 | Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor allows Cross Site Request Forgery. |
|
rhub.blog/cves/CVE-2025-32140" target="_blank" rel="noopener noreferrer">CVE-2025-32140 | 9.9 | Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail allows an attacker to upload a web shell to a web server. |
| CVE-2025-31002 | 9.1 | Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows using malicious files. |
| CVE-2025-32202 | 9.1 | Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress allows an attacker to upload a web shell to a web server. |
|
rel="noopener noreferrer">CVE-2025-32206 | 9.1 | Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects allows an attacker to upload a web shell to a web server. |
| CVE-2025-32754 | 9.1 | In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers to share the same host keys. |