CVE-2025-10161 Authentication Bypass in Turkguven's Perfektive

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass. This...

CVE-2025-10161

CVE-2025-10161 concerns Turkguven Software Technologies Inc. Perfektive prior to version 12574 Build 2701. Affected component/behavior: improper restriction of excessive authentication attempts, client-side enforcement of server-side security, and reliance on untrusted inputs in security decision...

CVE-2025-10161

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass. This...

MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator ...

PT-2025-46345

Name of the Vulnerable Software and Affected Versions Premierturk Information Technologies Inc. Excavation Management Information System versions prior to 10.2025.01 Description A condition exists that allows exposure of private personal information to an unauthorized actor and enables...

PT-2025-46330

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This iss...

CVE-2025-62057

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

CVE-2025-5483

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wpuser.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO...

CVE-2025-5483 LC Wizard 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wpuser.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO...

CVE-2025-5483

The WordPress plugin affected is the LC Wizard (WordPress LC Wizard plugin). The root cause is a missing capability check in ghl-wizard/inc/wp_user.php, affecting versions 1.2.10 to 1.3.0. The vulnerability allows unauthenticated attackers to create new user accounts with Administrator privileges...

CVE-2022-50589

SuiteCRM versions before 7.12.6 are affected by a SQL injection vulnerability in the export functionality, triggered by processing the uid parameter. The root cause, per multiple sources, is improper sanitization of the SQL query structure, enabling remote unauthenticated attackers to execute arb...

CVE-2022-50589 SuiteCRM < 7.12.6 SQL Injection via 'export' Functionality

SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code...

EUVD-2025-38071

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

CVE-2025-62057

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

CVE-2025-60247

Missing Authorization vulnerability in Bux Bux Woocommerce bux-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bux Woocommerce: from n/a through = 1.2.3...

CVE-2025-62057

CVE-2025-62057 is an XSS vulnerability in the WordPress plugin Houzez Theme - Functionality (versions

CVE-2025-62057 WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

CVE-2025-62057 WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

PT-2025-45317

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

CVE-2025-60503

A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...