Latest CVE Feed
-
9.1
CRITICALCVE-2025-4603
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauth... Read more
Affected Products : emagicone_store_manager_for_woocommerce- Published: May. 24, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-5058
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticate... Read more
Affected Products : emagicone_store_manager_for_woocommerce- Published: May. 24, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-5128
A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Password leads to sql i... Read more
Affected Products : real_estate_management_system- Published: May. 24, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2025-32440
NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.p... Read more
Affected Products : netalertx- Published: May. 27, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authentication
-
6.4
MEDIUMCVE-2025-3813
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping. This ... Read more
Affected Products : royal_elementor_addons- Published: May. 31, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-5482
The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-s... Read more
Affected Products : sunshine_photo_cart- Published: Jun. 04, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-7193
A vulnerability was found in itsourcecode Agri-Trading Online Shopping System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/suppliercontroller.php. The manipulation of the argument supplier leads to sql ... Read more
Affected Products : agri-trading_online_shopping_system- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-7212
A vulnerability was found in itsourcecode Insurance Management System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertAgent.php. The manipulation of the argument agent_id leads to sql injection. The ... Read more
- Published: Jul. 09, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-50213
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters we... Read more
Affected Products : apache-airflow-providers-snowflake- Published: Jun. 24, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-6376
A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file... Read more
Affected Products : arena- Published: Jul. 09, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-6377
A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file... Read more
Affected Products : arena- Published: Jul. 09, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-6234
The Hostel WordPress plugin before 1.1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more
Affected Products : hostel- Published: Jul. 10, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-6236
The Hostel WordPress plugin before 1.1.5.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e... Read more
Affected Products : hostel- Published: Jul. 10, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-5865
A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout ... Read more
Affected Products : rt-thread- Published: Jun. 09, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-12835
Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is requ... Read more
Affected Products : drasimucad- Published: Dec. 30, 2024
- Modified: Jul. 11, 2025
-
7.8
HIGHCVE-2024-12834
Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required ... Read more
Affected Products : drasimucad- Published: Dec. 30, 2024
- Modified: Jul. 11, 2025
-
7.8
HIGHCVE-2024-12836
Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required ... Read more
Affected Products : drasimucad- Published: Dec. 30, 2024
- Modified: Jul. 11, 2025
-
9.8
CRITICALCVE-2025-5866
A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.... Read more
- Published: Jun. 09, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-5867
A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference.... Read more
- Published: Jun. 09, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-5868
A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validat... Read more
- Published: Jun. 09, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Misconfiguration