Security Vulnerabilities - CVEs Published In April 2025
CVE-2025-31324
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
Known exploited
CVSS Score
10.0
EPSS Score
0.341
Published
2025-04-24
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
CVSS Score
5.3
EPSS Score
0.003
Published
2025-04-24
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
CVSS Score
6.3
EPSS Score
0.002
Published
2025-04-24
Insufficient URI protocol whitelist in HCL Leap
allows script injection through query parameters.
CVSS Score
7.1
EPSS Score
0.002
Published
2025-04-24
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Stored XSS.This issue affects Seriously Simple Podcasting: from n/a through <= 3.9.0.
CVSS Score
4.8
EPSS Score
0.002
Published
2025-04-24
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through < 4.2.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-04-24
Improper access control of endpoint in HCL Leap
allows certain admin users to import applications from the
server's filesystem.
CVSS Score
4.1
EPSS Score
0.002
Published
2025-04-24
A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the file /Scheduling/pages/class_save.php. Manipulation of parameter class will lead to SQL injection attacks.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-04-24
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Scheduling/pages/profile_update.php. Manipulating the parameter username will cause SQL injection attacks.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-04-24
A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/class_sched.php. Manipulating the class parameter can lead to cross-site scripting (XSS).
CVSS Score
4.8
EPSS Score
0.002
Published
2025-04-24