Latest CVE Feed
-
4.3
MEDIUMCVE-2025-54702
Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store allows Cross Site Request Forgery. This issue affects Ebook Store: from n/a through 5.8013.... Read more
Affected Products : ebook_store- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.5
HIGHCVE-2025-52820
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) allows SQL Injection. This issue affects WooCommerce Point Of Sale (POS): from n/a through 1.4.... Read more
Affected Products :- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-54680
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Blogger Buzz allows Stored XSS. This issue affects Blogger Buzz: from n/a through 1.2.6.... Read more
Affected Products :- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-52716
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acato WP REST Cache allows PHP Local File Inclusion. This issue affects WP REST Cache: from n/a through 2025.1.0.... Read more
Affected Products :- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-24766
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Royal Themes News Magazine X allows PHP Local File Inclusion. This issue affects News Magazine X: from n/a through 1.2.37.... Read more
Affected Products :- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-8937
A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to ... Read more
Affected Products :- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-8938
A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initia... Read more
Affected Products :- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authentication
-
8.7
HIGHCVE-2012-10056
PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. B... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authentication
-
10.0
CRITICALCVE-2011-10013
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functional... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authorization
-
8.4
HIGHCVE-2011-10012
NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds ... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
9.0
CRITICALCVE-2025-8904
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Use... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Information Disclosure
-
10.0
CRITICALCVE-2025-25174
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions allows PHP Local File Inclusion. This issue affects BeeTeam368 Extensions: from n/a through 1.9.4.... Read more
Affected Products : vidmov- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Path Traversal
-
6.4
MEDIUMCVE-2025-28987
Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward allows Server Side Request Forgery. This issue affects PressForward: from n/a through 5.9.1.... Read more
Affected Products : pressforward- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Server-Side Request Forgery
-
8.1
HIGHCVE-2025-30635
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro allows PHP Local File Inclusion. This issue affects IDonatePro: from n/a through 2.1.9.... Read more
Affected Products :- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-39483
Improper Control of Generation of Code ('Code Injection') vulnerability in imithemes Eventer allows Code Injection. This issue affects Eventer: from n/a through 3.9.6.... Read more
Affected Products : eventer- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-47610
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wetail WooCommerce Fortnox Integration allows Stored XSS. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.6.... Read more
Affected Products :- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-48332
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks allows PHP Local File Inclusion. This issue affects Gutenberg Blocks: from n/a through 3.3.1.... Read more
Affected Products :- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-49433
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThanhD Supermalink allows DOM-Based XSS. This issue affects Supermalink: from n/a through 1.1.... Read more
Affected Products :- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-50031
Missing Authorization vulnerability in syedamirhussain91 DB Backup allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DB Backup: from n/a through 6.0.... Read more
Affected Products :- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authorization
-
9.3
CRITICALCVE-2025-52720
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection. This issue affects Super Store Finder: from n/a through 7.5.... Read more
Affected Products : super_store_finder- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Injection