CVE-2025-20194

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2025-20193

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.r This vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2025-4467 SourceCodester Online Student Clearance System edit-admin.php sql injection

A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-admin.php. The manipulation of the argument id/txtfullname/txtemail/cmddesignation leads to sql injection. The attack...

CVE-2025-4304

A vulnerability, which was classified as critical, was found in PHPGurukul Cyber Cafe Management System 1.0. This affects an unknown part of the file /adminprofile.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The exploi...

CVE-2025-20194

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2025-20193

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.r This vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2025-20194

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2025-20194

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2025-20194

Cisco IOS XE Software Web-Based Management Interface vulnerability (CVE-2025-20194) affects Cisco IOS XE: an authenticated, low-privileged, remote attacker can exploit insufficient input validation in the web UI to perform an injection attack. Consequences described include reading limited files ...

CVE-2025-20193

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.r This vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2025-20193

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.r This vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2025-20193

CVE-2025-20193 affects the Cisco IOS XE Software web-based management interface. The root cause is insufficient input validation, enabling an authenticated, low-privilege attacker over the network to perform an injection attack that could read files from the underlying operating system. Connected...

WordPress WP Discord Invite plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin WP Discord Invite versions = 2.5.3...

WordPress Inline Related Posts plugin <= 3.8.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Inline Related Posts versions = 3.8.0...

WordPress Blockspare plugin <= 3.2.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Blockspare versions = 3.2.9...

PT-2025-20266 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: The issue is due to insufficient input validation in the web-based management interface, allowing an authenticated, low-privileged, remote attacker to perform an injection...

CVE-2025-4247 SourceCodester Simple To-Do List System delete_task.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Simple To-Do List System 1.0. Affected is an unknown function of the file /deletetask.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting

Summary Vulnerable Version: Yeswiki alert1 Details Reflected Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in...

Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting

Summary Vulnerable Version: Yeswiki alert1 Details Reflected Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in...

WordPress Separator Shortcode and Widget plugin <= 5.9.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Separator Shortcode and Widget versions = 5.9.10...