CVE-2025-14952

A vulnerability was detected in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addcategory.php. Performing a manipulation of the argument txtCategoryName results in sql injection. The attack is possible to be carried out remotely. The exploit is now...

EUVD-2025-204624

The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers ...

CVE-2025-13329

CVE-2025-13329 (File Uploader for WooCommerce) in WordPress is an unauthenticated arbitrary file upload vulnerability. The issue arises from missing file type validation in the add-image-data REST endpoint, allowing attackers to upload arbitrary files via the Uploadcare service. Impact note: coul...

CVE-2025-13329 File Uploader for WooCommerce <= 1.0.3 - Unauthenticated Arbitrary File Upload via add-image-data

The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers ...

PT-2025-52536

Name of the Vulnerable Software and Affected Versions File Uploader for WooCommerce versions up to and including 1.0.3 Description The File Uploader for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the callback function...

CVE-2025-14877

A vulnerability was identified in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addretailer.php. The manipulation of the argument cmbAreaCode leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly availabl...

CVE-2025-14954

A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogspfcppdrfindoradd/ogspfcpfarfindoradd/ogspfcpurrfindoradd/ogspfcpqerfindoradd in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation leads to reachable assertion. It is possible to...

CVE-2025-14952 Campcodes Supplier Management System add_category.php sql injection

A vulnerability was detected in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addcategory.php. Performing a manipulation of the argument txtCategoryName results in sql injection. The attack is possible to be carried out remotely. The exploit is now...

CVE-2025-14952 Campcodes Supplier Management System add_category.php sql injection

A vulnerability was detected in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addcategory.php. Performing a manipulation of the argument txtCategoryName results in sql injection. The attack is possible to be carried out remotely. The exploit is now...

CVE-2025-14952

CVE-2025-14952 affects Campcodes Supplier Management System 1.0. The vulnerability lies in /admin/add_category.php where manipulating the txtCategoryName parameter leads to SQL injection. It is a remote issue and, according to multiple sources, the exploit is publicly available. The Red Hat and E...

CVE-2025-14952

A vulnerability was detected in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addcategory.php. Performing a manipulation of the argument txtCategoryName results in sql injection. The attack is possible to be carried out remotely. The exploit is now...

CVE-2025-60080

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: from n/a through = 6.5.0...

CVE-2025-14899

A weakness has been identified in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /admin/stateadd.php of the component Administrator Endpoint. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made availabl...

PT-2025-52484

Name of the Vulnerable Software and Affected Versions Open5GS versions up to 2.7.5 Description A flaw exists in Open5GS related to assertions within the ogs pfcp pdr find or add, ogs pfcp far find or add, ogs pfcp urr find or add, and ogs pfcp qer find or add functions located in the...

CampCodes Supplier Management System SQL注入漏洞

CampCodes Supplier Management System is a supplier management system from CampCodes, Inc. A SQL injection vulnerability exists in CampCodes Supplier Management System version 1.0, which stems from an incorrect manipulation of the parameter txtCategoryName in the file /admin/addcategory.php, which...

WordPress HUSKY – Products Filter Professional for WooCommerce plugin <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr' vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference via 'woofaddsubscr' vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin HUSKY versions = 1.3.7.3...

EUVD-2025-204301

A vulnerability was identified in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addretailer.php. The manipulation of the argument cmbAreaCode leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly availabl...

CVE-2025-14877 Campcodes Supplier Management System add_retailer.php sql injection

A vulnerability was identified in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addretailer.php. The manipulation of the argument cmbAreaCode leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly availabl...

EUVD-2025-204262

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woofaddsubscr" function due to missing validation on a user controlled key. This makes it possible for authenticat...

EUVD-2025-204107

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Contact Form 7 pdf-for-contact-form-7 allows Object Injection.This issue affects PDF for Contact Form 7: from n/a through = 6.3.4...