Latest CVE Feed
-
7.2
HIGHCVE-2024-13162
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-6770
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution... Read more
Affected Products : endpoint_manager_mobile- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-6771
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution... Read more
Affected Products : endpoint_manager_mobile- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-6970
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter ... Read more
Affected Products : events_manager- Published: Jul. 09, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2025-6975
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘calendar_header’ parameter in all versions up to, and including, 7.0.3 due to insufficient input sanitization and out... Read more
Affected Products : events_manager- Published: Jul. 09, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-6976
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escapi... Read more
Affected Products : events_manager- Published: Jul. 09, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Cross-Site Scripting
-
8.4
HIGHCVE-2025-6995
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.... Read more
Affected Products : endpoint_manager- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Cryptography
-
8.4
HIGHCVE-2025-6996
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.... Read more
Affected Products : endpoint_manager- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Cryptography
-
7.2
HIGHCVE-2025-7037
SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database... Read more
Affected Products : endpoint_manager- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-7186
A vulnerability was found in code-projects Chat System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/fetch_chat.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
9.0
CRITICALCVE-2025-49136
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host.... Read more
Affected Products : listmonk- Published: Jun. 09, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-7187
A vulnerability classified as critical has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /user/fetch_member.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack rem... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-7188
A vulnerability classified as critical was found in code-projects Chat System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/addmember.php. The manipulation of the argument ID leads to sql injection. The attack can be la... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-7210
A vulnerability was found in code-projects/Fabian Ros Library Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/profile_update.php. The manipulation of the argument photo leads to unre... Read more
- Published: Jul. 09, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-7189
A vulnerability, which was classified as critical, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /user/send_message.php. The manipulation of the argument msg leads to sql injection. The a... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-7190
A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. This affects an unknown part of the file /admin/student_edit_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is... Read more
Affected Products : library_management_system- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-7191
A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be i... Read more
Affected Products : student_enrollment- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-7196
A vulnerability was found in code-projects Jonnys Liquor 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /browse.php. The manipulation of the argument Search leads to sql injection. The attack may be la... Read more
Affected Products : jonnys_liquor- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-7197
A vulnerability classified as critical has been found in code-projects Jonnys Liquor 1.0. This affects an unknown part of the file /admin/delete-row.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack rem... Read more
Affected Products : jonnys_liquor- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-7198
A vulnerability classified as critical was found in code-projects Jonnys Liquor 1.0. This vulnerability affects unknown code of the file /admin/admin-area.php. The manipulation of the argument drink leads to sql injection. The attack can be initiated remo... Read more
Affected Products : jonnys_liquor- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection