Security Vulnerabilities - CVEs Published In April 2025
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
CVSS Score
2.9
EPSS Score
0.001
Published
2025-04-17
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8
CVSS Score
7.2
EPSS Score
0.03
Published
2025-04-17
In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST parameters are directly concatenated into SQL statements without filtering.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-04-17
Pydio Core <= 8.2.5 is vulnerable to Cross Site Scripting (XSS) via the New URL Bookmark feature.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-04-17
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
CVSS Score
6.1
EPSS Score
0.0
Published
2025-04-17
In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces
CVSS Score
8.3
EPSS Score
0.001
Published
2025-04-17
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
CVSS Score
4.2
EPSS Score
0.0
Published
2025-04-17
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible
CVSS Score
8.3
EPSS Score
0.0
Published
2025-04-17
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
CVSS Score
6.9
EPSS Score
0.0
Published
2025-04-17
Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-04-17