CVE-2025-8151

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'saveblockcss' function. This makes it possible for authenticated attackers, with Author-level access and above, to create CSS files in any director...

CVE-2025-8372

A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/updates7.php. The manipulation of the argument credits leads to sql injection. The attack may be launched remotely. The exploit h...

PT-2025-31505 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions prior to 2.9.2 Description: The HT Mega – Absolute Addons For Elementor plugin for WordPress is susceptible to a path traversal issue. This allows authenticated attackers...

CVE-2025-8333 code-projects Online Farm System categoryvalue.php sql injection

A vulnerability was found in code-projects Online Farm System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /categoryvalue.php. The manipulation of the argument Value leads to sql injection. The attack can be launched remotely. The...

CVE-2025-8327 code-projects Exam Form Submission delete_s8.php sql injection

A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/deletes8.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has...

CVE-2025-0712

An uncontrolled search path element vulnerability can lead to local privilege Escalation LPE via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files,...

CVE-2025-8233

A vulnerability has been found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user.php. The manipulation of the argument un leads to sql injection. The attack can be launched remotely. The explo...

CVE-2025-8188

A vulnerability classified as critical has been found in Campcodes Courier Management System 1.0. This affects an unknown part of the file /editstaff.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2025-8182

A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etcro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an atta...

PT-2025-31060 · Code Projects · Exam Form Submission

Name of the Vulnerable Software and Affected Versions: code-projects Exam Form Submission version 1.0 Description: A vulnerability exists in the file /admin/delete s1.php within the software. Manipulation of the ID argument leads to a SQL injection. The attack can be launched remotely. The exploi...

CVE-2025-8167

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/editmembers.php. The manipulation of the argument fname leads to cross site scripting. The attack can be launch...

CVE-2025-8234

A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/deletemember.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2025-8115 PHPGurukul Taxi Stand Management System new-autoortaxi-entry-form.php cross site scripting

A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument registrationnumber/licensenumber leads to cros...

CVE-2025-54140

pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...

PT-2025-30377 · Unknown +1 · Sanluan Publiccms +1

Name of the Vulnerable Software and Affected Versions: Sanluan PublicCMS versions up to 5.202506.a Description: A problematic vulnerability has been identified in Sanluan PublicCMS. The issue involves unknown processing of the file...

CVE-2025-7877 Metasoft 美特软件 MetaCRM sendfile.jsp unrestricted upload

A vulnerability, which was classified as critical, has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This issue affects some unknown processing of the file sendfile.jsp. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has be...

CVE-2025-7755

CVE-2025-7755 affects code-projects Online Ordering System 1.0. The vulnerability resides in the processing of the file parameter in /admin/edit_product.php, where manipulation of the image argument enables unrestricted file uploads. This could allow remote attackers to upload arbitrary files, po...

CVE-2025-7581

A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/positionsedit.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The...

CVE-2025-7558

A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/positionsadd.php. The manipulation of the argument description leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2025-7555

CVE-2025-7555 affects code-projects Voting System 1.0. The vulnerability is in the file /admin/voters_add.php where user-supplied firstname/lastname are directly concatenated into an SQL statement, enabling SQL injection. Several connected sources (CNVD, CNNVD, Red Hat, NVD, PT-2025-29400) confir...