Latest CVE Feed
-
9.8
CVSS31CVE-2025-7593
A vulnerability was found in code-projects Job Diary 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view-all.php. The manipulation of the argument ID leads to sql injection. The attack may be launched rem... Read more
Affected Products : job_diary- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.8
CVSS31CVE-2025-7594
A vulnerability was found in code-projects Job Diary 1.0. It has been classified as critical. This affects an unknown part of the file /view-emp.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotel... Read more
Affected Products : job_diary- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.8
CVSS31CVE-2025-7595
A vulnerability was found in code-projects Job Diary 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view-cad.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely... Read more
Affected Products : job_diary- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.8
CVSS31CVE-2025-7606
A vulnerability classified as critical has been found in code-projects AVL Rooms 1.0. This affects an unknown part of the file /city.php. The manipulation of the argument city leads to sql injection. It is possible to initiate the attack remotely. The exp... Read more
Affected Products : avl_rooms- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.8
CVSS31CVE-2025-7607
A vulnerability, which was classified as critical, has been found in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Customers/save_order.php. The manipulation of the argument order_price leads to sql inject... Read more
Affected Products : simple_shopping_cart- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.8
CVSS31CVE-2025-7608
A vulnerability, which was classified as critical, was found in code-projects Simple Shopping Cart 1.0. Affected is an unknown function of the file /userlogin.php. The manipulation of the argument user_email leads to sql injection. It is possible to launc... Read more
Affected Products : simple_shopping_cart- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.8
CVSS31CVE-2025-7609
A vulnerability has been found in code-projects Simple Shopping Cart 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument ruser_email leads to sql injection.... Read more
Affected Products : simple_shopping_cart- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.8
CVSS31CVE-2025-7610
A vulnerability was found in code-projects Electricity Billing System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/change_password.php. The manipulation of the argument new_password leads to sql in... Read more
Affected Products : electricity_billing_system- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.8
CVSS31CVE-2025-7611
A vulnerability was found in code-projects Wedding Reservation 1.0. It has been classified as critical. This affects an unknown part of the file /global.php. The manipulation of the argument lu leads to sql injection. It is possible to initiate the attack... Read more
Affected Products : wedding_reservation- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.8
CVSS31CVE-2025-7612
A vulnerability was found in code-projects Mobile Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remote... Read more
Affected Products : mobile_shop- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.8
CVSS31CVE-2025-52376
An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet service without authentication, bypassing security contr... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025
-
9.1
CVSS31CVE-2025-7341
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the temp_file_delete() function in all versions up to, and i... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025
-
9.8
CVSS31CVE-2025-7451
The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. This vulnerability has already been exploited. Please update immediately.... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.8
CVSS31CVE-2025-7574
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.0
CVSS31CVE-2025-53835
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the `xdom+xml/current... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
10.0
CVSS31CVE-2025-53833
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulner... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.9
CVSS31CVE-2025-53836
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025
-
9.6
CVSS31CVE-2025-3621
Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems. * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use o... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025
-
9.8
CVSS31CVE-2025-53890
pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025
-
9.8
CVSS31CVE-2025-5394
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3. This ... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025