Security Vulnerabilities - CVEs Published In April 2025
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.
CVSS Score
3.5
EPSS Score
0.001
Published
2025-04-28
DevExpress before 23.1.3 allows AsyncDownloader SSRF.
CVSS Score
5.0
EPSS Score
0.001
Published
2025-04-28
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms.
CVSS Score
3.5
EPSS Score
0.002
Published
2025-04-28
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.
CVSS Score
3.5
EPSS Score
0.001
Published
2025-04-28
SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in the context of the user root.
CVSS Score
6.0
EPSS Score
0.002
Published
2025-04-28
The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress allows header.php tcp_register_error XSS. NOTE: CVE-2015-4582 is not assigned to any Oracle product.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-04-28
A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /add_drive.php. The manipulation of the argument drive_title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-04-28
A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /registration.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-04-28
Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-04-28
Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.
CVSS Score
2.3
EPSS Score
0.0
Published
2025-04-28