Security Vulnerabilities - CVEs Published In April 2025
Pydio Core <= 8.2.5 is vulnerable to Cross Site Scripting (XSS) via the New URL Bookmark feature.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-04-17
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
CVSS Score
6.1
EPSS Score
0.0
Published
2025-04-17
In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces
CVSS Score
8.3
EPSS Score
0.0
Published
2025-04-17
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
CVSS Score
4.2
EPSS Score
0.0
Published
2025-04-17
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible
CVSS Score
8.3
EPSS Score
0.0
Published
2025-04-17
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
CVSS Score
6.9
EPSS Score
0.0
Published
2025-04-17
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS. This issue affects Zephyr Project Manager: from n/a through 3.3.101.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-04-17
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c
CVSS Score
9.8
EPSS Score
0.028
Published
2025-04-17
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234
CVSS Score
9.8
EPSS Score
0.028
Published
2025-04-17
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-17