31 new CVEs published on 2025-04-15 (CVSS: 7.1 - 9.9)
CybersecurityVulnerabilitiesExploitsSoftwareSecurity
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
| CVE ID | CVSS | Description |
|---|---|---|
| CVE-2025-30985 | 9.8 | Deserialization of Untrusted Data vulnerability in NotFound GNUCommerce allows Object Injection. This issue affects GNUCommerce: from n/a through 1.5. |
| CVE-2025-24797 | 9.4 | Meshtastic is an open source mesh networking solution.
A fault in the handling of mesh packets containing invalid protobuf data can result in an attack. |
| CVE-2025-31491 | 8.6 | AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to the fix, an issue allowed unauthorized access to certain features. |
| CVE-2025-32929 | 7.5 | Missing Authorization vulnerability in Dmitry V.
(CEO of "UKR Solution") Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control. |
| CVE-2025-32931 | 9.1 | DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specially crafted payload. |
| CVE-2025-26741 | 8.8 | Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates allows Privilege Escalation.
This issue affects Email Notifications for Updates: from n/a through 1.5. |
| CVE-2025-26959 | 8.8 | Missing Authorization vulnerability in Quý Lê 91 Administrator Z allows Privilege Escalation. This issue affects Administrator Z: from n/a through 2025. |
| CVE-2025-1782 | 9.9 | In HylaFAX Enterprise Web Interface and AvantFAX,
the language form element is not properly sanitized before being used and can be misused to include malicious code. |
| CVE-2025-2160 | 8.1 | Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup. |
| CVE-2025-2161 | 7.1 | Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup. |
| CVE-2025-26743 | 7.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TC.K Advance WP Query Search Filter allows Reflected XSS. |
|
target="_blank" rel="noopener noreferrer">CVE-2025-31490 | 7.5 | AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to the fix, an issue allowed unauthorized access to certain features. |
| CVE-2025-26889 | 7.5 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound hockeydata LOS allows remote attackers to include arbitrary files. |
| CVE-2025-26894 | 7.5 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Coming Soon,
Maintenance Mode & Under Construction allows remote attackers to include arbitrary files. |
| CVE-2025-32914 | 7.4 | A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious user to cause a denial of service or possibly execute arbitrary code. |