CVE-2025-48415 Backdoor Functionality via USB Drive in eCharge Hardy Barth cPH2 / cPP2 charging stations

A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or perform other...

CVE-2025-48415 Backdoor Functionality via USB Drive in eCharge Hardy Barth cPH2 / cPP2 charging stations

A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or perform other...

PT-2025-22419

Name of the Vulnerable Software and Affected Versions SeedDMS version 6.0.32 Description A vulnerability in SeedDMS allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. Recommendations For SeedDMS version 6.0.3...

CVE-2025-45752

A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager...

CVE-2025-45753

Vulnerability CVE-2025-45753 affects Vtiger CRM Open Source Edition v8.3.0. An attacker with admin privileges can execute arbitrary PHP code by abusing the ZIP import functionality in the Module Import feature. The entry indicates high impact (C/H/I/A) with a CVSSv3.1 base score of 7.2. Connected...

Drupal One Time Password 安全漏洞

Drupal One Time Password is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal One Time Password versions prior to 1.3.0 that stems from bypassing authentication using an alternate path or channel, which could lead to...

PT-2025-22387 · Drupal · Drupal Single Content Sync

Name of the Vulnerable Software and Affected Versions: Drupal Single Content Sync versions 0.0.0 through 1.4.11 Description: The issue is related to a Missing Authorization vulnerability in Drupal Single Content Sync, which allows functionality misuse. Recommendations: For versions 0.0.0 through...

CVE-2025-45752

A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager...

PT-2025-22343 · Echarge Hardy Barth · Cph2 / Cpp2 Charging Stations

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns several scripts in the web interface that are accessible via undocumented hard-coded credentials. These scripts provide access to additional administrative and debug...

PT-2025-22123 · WordPress · Order Delivery Date

Name of the Vulnerable Software and Affected Versions: Order Delivery Date WordPress plugin versions prior to 12.4.0 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitise and escape a parameter before outputting it...

CVE-2025-39449

Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through = 2.1.18...

CVE-2025-39449 WordPress JetWooBuilder plugin <= 2.1.18 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through = 2.1.18...

CVE-2025-48346

Missing Authorization vulnerability in Embed360 Embed and Integrate Etsy Shop embed-and-integrate-etsy-shop allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embed and Integrate Etsy Shop: from n/a through = 1.0.8...

CVE-2025-4931

A vulnerability classified as critical was found in projectworlds Online Lawyer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /userregistation.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. T...

CVE-2025-4907

The CVE-2025-4907 entry affects PHPGurukul Daily Expense Tracker System 1.1. A SQL injection vulnerability exists in the forgot-password.php handling of the email parameter. Descriptions from multiple sources indicate remote exploitation is possible and that exploitation details have been disclos...

CVE-2025-4887

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclos...

CVE-2025-47564

Missing Authorization vulnerability in ashanjay EventON eventon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 4.9.8...

CVE-2025-47563 WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in villatheme CURCY woocommerce-multi-currency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CURCY: from n/a through = 2.3.7...

CVE-2025-47564 WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ashanjay EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 4.9.9...

CVE-2025-2306

An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The attack requires the attacker to know the documents UUIDv4...