Security Vulnerabilities - CVEs Published In April 2025
Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password
CVSS Score
8.1
EPSS Score
0.003
Published
2025-04-16
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.
CVSS Score
7.3
EPSS Score
0.008
Published
2025-04-16
Vulnerability in Drupal Panelizer (obsolete).This issue affects Panelizer (obsolete): *.*.
CVSS Score
5.9
EPSS Score
0.002
Published
2025-04-16
Vulnerability in Drupal Simple GTM.This issue affects Simple GTM: *.*.
CVSS Score
5.9
EPSS Score
0.002
Published
2025-04-16
Vulnerability in Drupal Google Maps: Store Locator.This issue affects Google Maps: Store Locator: *.*.
CVSS Score
5.9
EPSS Score
0.002
Published
2025-04-16
Vulnerability in Drupal Google Optimize.This issue affects Google Optimize: *.*.
CVSS Score
5.9
EPSS Score
0.002
Published
2025-04-16
Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue affects Drupal 8 Google Optimize Hide Page: *.*.
CVSS Score
5.9
EPSS Score
0.002
Published
2025-04-16
Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-16
Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-16
Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'.
CVSS Score
4.8
EPSS Score
0.002
Published
2025-04-16