Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2025
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.
CVSS Score
7.3
EPSS Score
0.005
Published
2025-04-16
Vulnerability in Drupal Panelizer (obsolete).This issue affects Panelizer (obsolete): *.*.
CVSS Score
5.9
EPSS Score
0.003
Published
2025-04-16
Vulnerability in Drupal Simple GTM.This issue affects Simple GTM: *.*.
CVSS Score
5.9
EPSS Score
0.003
Published
2025-04-16
Vulnerability in Drupal Google Maps: Store Locator.This issue affects Google Maps: Store Locator: *.*.
CVSS Score
5.9
EPSS Score
0.003
Published
2025-04-16
Vulnerability in Drupal Google Optimize.This issue affects Google Optimize: *.*.
CVSS Score
5.9
EPSS Score
0.003
Published
2025-04-16
Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue affects Drupal 8 Google Optimize Hide Page: *.*.
CVSS Score
5.9
EPSS Score
0.003
Published
2025-04-16
Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-04-16
Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-04-16
Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'.
CVSS Score
4.8
EPSS Score
0.002
Published
2025-04-16
A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user.
CVSS Score
8.8
EPSS Score
0.009
Published
2025-04-16


Contact Us

Shodan ® - All rights reserved