Security Vulnerabilities - CVEs Published In April 2025
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
CVSS Score
4.9
EPSS Score
0.002
Published
2025-04-02
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-04-02
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-04-02
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-04-02
Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.005
Published
2025-04-02
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent unsafe calculations. As a result, an attacker can still craft malicious frames that cause a negative tf_payload_len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call.
CVSS Score
9.3
EPSS Score
0.006
Published
2025-04-01
Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service (DoS).
CVSS Score
6.7
EPSS Score
0.003
Published
2025-04-01
Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Privilege Escalation.This issue affects Salon booking system: from n/a through < 10.15.
CVSS Score
7.2
EPSS Score
0.003
Published
2025-04-01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Watu Quiz watu allows Reflected XSS.This issue affects Watu Quiz: from n/a through <= 3.4.2.
CVSS Score
7.1
EPSS Score
0.002
Published
2025-04-01
CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-04-01