CVE-2025-63640

Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Medicine Name" and "Notes Optional" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser up...

EUVD-2025-38264

A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploi...

CVE-2025-12862

A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploi...

CVE-2025-12862

A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploi...

CVE-2025-12862

CVE-2025-12862 affects projectworlds Online Notes Sharing Platform 1.0. The vulnerability is in the file /dashboard/userprofile.php where manipulation of the image argument enables unrestricted file uploads. The issue is exploitable remotely and an exploit is publicly available. Multiple connecte...

Insecure Direct Object Reference (IDOR)

com.liferay.commerce, com.liferay.commerce.service is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId parameter not being validated across virtual instances. This allows an attacker in on...

CVE-2025-12527 Page & Post Notes <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/Deletion

The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydevnotessavedashboarddata' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-12527

CVE-2025-12527 affects the WordPress plugin Page & Post Notes. A missing capability check in yydev_notes_save_dashboard_data allows authenticated users with Subscriber+ privileges to modify notes in all versions up to 1.3.4. Wordfence and PTSecurity indicate the issue is fixed in a later release ...

EUVD-2025-38235

The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydevnotessavedashboarddata' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-12527 Page & Post Notes <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/Deletion

The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydevnotessavedashboarddata' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

WordPress Page & Post Notes plugin <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Note Update/Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Page & Post Notes versions = 1.3.4...

Sourcecodester Medicine Reminder App 安全漏洞

SourceCodester Medicine Reminder App is an open source medication reminder application from SourceCodester. A security vulnerability exists in version 1.0 of the Sourcecodester Medicine Reminder App, which stems from the Medicine Name and Notes Optional fields not properly filtering inputs, which...

CVE-2025-63640

Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Medicine Name" and "Notes Optional" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser up...

PT-2025-45467

Name of the Vulnerable Software and Affected Versions projectworlds Online Notes Sharing Platform version 1.0 Description A flaw exists in projectworlds Online Notes Sharing Platform that allows for unrestricted file uploads. This issue is related to the manipulation of the image argument within...

CVE-2025-63544

TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...

CVE-2025-63544

TechStore 1.0 is affected by a Cross-Site Scripting (XSS) vulnerability in the /order_notes endpoint through the id parameter. The issue stems from insufficient input handling for the id parameter, enabling script injection. Impact is XSS in affected pages; no exploitation details are provided in...

PT-2025-45410

Name of the Vulnerable Software and Affected Versions Page & Post Notes plugin for WordPress versions prior to 1.3.5 Description The Page & Post Notes plugin for WordPress has a flaw that allows unauthorized modification of notes. This is due to a missing capability check within the yydev notes...

TechStore Pro 安全漏洞

TechStore Pro is an e-commerce platform for nooncarlett individual developers. A security vulnerability exists in TechStore Pro version 1.0, which stems from incorrect manipulation of the parameter id in the file /ordernotes and could lead to a cross-site scripting attack...

Projectworlds Online Notes Sharing Platform 安全漏洞

Projectworlds Online Notes Sharing Platform is an online notes sharing platform from Projectworlds India. A security vulnerability exists in Projectworlds Online Notes Sharing Platform version 1.0, which stems from an incorrect manipulation of the parameter image in the file...

PT-2025-45504

Name of the Vulnerable Software and Affected Versions TechStore version 1.0 Description TechStore version 1.0 is susceptible to Cross Site Scripting XSS. The issue occurs in the /order notes API endpoint through the id parameter. Recommendations As a mitigation, restrict or sanitize input to the ...