Security Vulnerabilities - CVEs Published In April 2025
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-04-24
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-04-24
Insufficient URI protocol whitelist in HCL Leap
allows script injection through query parameters.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-04-24
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting allows Stored XSS. This issue affects Seriously Simple Podcasting: from n/a through 3.9.0.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-04-24
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Reflected XSS. This issue affects User Registration: from n/a through n/a.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-04-24
Improper access control of endpoint in HCL Leap
allows certain admin users to import applications from the
server's filesystem.
CVSS Score
4.1
EPSS Score
0.0
Published
2025-04-24
A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the file /Scheduling/pages/class_save.php. Manipulation of parameter class will lead to SQL injection attacks.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-04-24
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Scheduling/pages/profile_update.php. Manipulating the parameter username will cause SQL injection attacks.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-04-24
A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/class_sched.php. Manipulating the class parameter can lead to cross-site scripting (XSS).
CVSS Score
4.8
EPSS Score
0.0
Published
2025-04-24
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-24