CVE-2025-66434

An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

CVE-2025-12824

The Player Leaderboard plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.2 via the 'playerleaderboard' shortcode. This is due to the plugin using an unsanitized user-supplied value from the shortcode's 'mode' attribute in a call to include withou...

PT-2025-50870

The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.3.9. This is due to the plugin explicitly whitelisting the tag in its WPJOBPORTAL ALLOWED TAGS configuration and using insufficient input sanitization when saving job...

PT-2025-50824

The Easy Map Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

CVE-2024-58294 FreePBX 16 Authenticated Remote Code Execution via API Module

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

CVE-2025-53949

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...

CVE-2025-65879

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOADPATH and passed to File.delete without validation. A remote...

CVE-2025-65879

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOADPATH and passed to File.delete without validation. A remote...

WordPress VikRentCar Car Rental Management System plugin <= 1.4.4 - Authenticated (Author+) SQL Injection via 'month' Parameter vulnerability

Authenticated Author+ SQL Injection via 'month' Parameter vulnerability discovered by zhenhua fan in WordPress Plugin VikRentCar versions = 1.4.4...

CVE-2025-63523

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes...

UBUNTU-CVE-2025-60797

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...

CVE-2025-12174 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directoristpreparelistingsexportfile' and 'directoristtypeslugchange' AJAX actions in all versions up to, and...

CVE-2025-8693

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50ABVY.6.3C0 and earlier could allow an authenticated attacker to execute operating system OS commands on an affected device...

PT-2025-47450

Name of the Vulnerable Software and Affected Versions Apache Causeway affected versions not specified Description Apache Causeway is susceptible to Java deserialization issues that can lead to remote code execution RCE. Exploitation occurs through user-controllable URL parameters. Authenticated...

EUVD-2025-198007

An Out-of-bounds Write vulnerability CWE-787 in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests...

CVE-2025-54321

CVE-2025-54321 affects Ascertia SigningHub up to version 8.6.8. The issue is a lack of rate limiting on the reset-password function, enabling an authenticated attacker to automate reset requests and trigger email bombing. Impact is described as high (confidentiality, integrity, availability). No ...

CVE-2025-12983

Removed by vendor...

CVE-2025-8994

CVE-2025-8994 : WP Project Manager (WordPress) is vulnerable to a time-based SQL Injection via the completed_at_operator parameter in all versions up to 2.6.26. Exploitation requires authenticated access at Subscriber level or higher and can be used to extract sensitive data from the database. Pu...

CVE-2025-42887 Code Injection vulnerability in SAP Solution Manager

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...

CVE-2025-63416

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...