WordPress DocCheck Login Access Control Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An Access Control Error vulnerability exists in WordPress DocCheck Login, which originates from a page load that redirects a user to login, and can be exploited by an...

CVE-2025-7127

A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System up to 1.0. This affects an unknown part of the file /admin/changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to initiate the attack...

PT-2025-29372 · Tenda · Tenda Fh1202

Name of the Vulnerable Software and Affected Versions: Tenda FH1202 version 1.2.0.14408 Description: A critical vulnerability exists in the fromPptpUserSetting function of the /goform/PPTPUserSetting file. Manipulation of the delno argument leads to a stack-based buffer overflow, allowing for...

PT-2025-29848 · Gnu +1 · Gpac +1

Уязвимость функции gf filter pid get packet утилиты MP4Box мультимедийной платформы GPAC связана с разыменованием указателя с истекшим сроком действия. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании или выполнить произвольный код...

Hash Collision

llamaindexreaderspapers is vulnerable to Hash Collision. The vulnerability is due to the use of MD5 hashing to generate filenames for downloaded papers, which allows an attacker to exploit hash collisions by submitting papers with identical titles but different content...

CVE-2025-7152

CVE-2025-7152 affects Campcodes Advanced Online Voting System 1.0. Affected component: an unknown function in /admin/candidates_add.php where manipulating the photo parameter enables unrestricted file upload. The vulnerability can be exploited remotely and the exploit has been publicly disclosed....

CVE-2025-7094 Belkin F9K1122 webs formBSSetSitesurvey stack-based overflow

A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument submit-url-ok leads to stack-based buffer overflow. The...

Exploit for Code Injection in Grafana

CVE-2024-92...

CVE-2025-52830 WordPress bSecure – Your Universal Checkout plugin <= 1.7.9 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bSecure – Your Universal Checkout bSecure – Your Universal Checkout bsecure allows Blind SQL Injection.This issue affects bSecure – Your Universal Checkout: from n/a through = 1.7.9...

Security Vulnerabilities fixed in Thunderbird 128.12 — Mozilla

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. Th...

GHSA-VH5J-5FHQ-9XWG Taylor has race condition in /get-patch that allows purchase token replay

Hi team, I was looking at the recent fix and you limited the exploitability of race conditions but unfortunately it is still possible to exploit the issue since two requests happening at the exact same time will still go through. You should be able to completely fix the race conditions by...

CVE-2025-53091 WeGIA has Unauthenticated Time-Based Blind SQL Injection in almox Parameter

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in version 3.3.3 the almox parameter of the /controle/getProdutosPorAlmox.php endpoint. This issue allows any unauthenticated...

PT-2025-28303 · Npm · Taylored

Hi team, I was looking at the recent fix and you limited the exploitability of race conditions but unfortunately it is still possible to exploit the issue since two requests happening at the exact same time will still go through. You should be able to completely fix the race conditions by...

WordPress Classified Listing plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Classified Listing plugin that stems from not doing effective filtering of local file resource calls, which can be exploit...

PDF-XChange Editor Code Execution Vulnerability (CNVD-2025-16301)

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. A code execution vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit the vulnerability to execu...

CVE-2025-34046 Fanwei E-Office Unauthenticated File Upload

An unauthenticated file upload vulnerability exists in the Fanwei E-Office = v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters uploadType=eofficelogo or...

CVE-2025-6534

A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation leads to improper...

CVE-2025-6420

CVE-2025-6420 affects code-projects Simple Online Hotel Reservation System 1.0, with SQL injection in /admin/add_room.php via the room_type parameter. Exploitation can be remote; exploits have been disclosed publicly. Several connected sources confirm the issue across NVD, CNVD, CIRCL, and vendor...

Exploit for CVE-2025-49113

Install docker run --name ubuntu24 \ -p 9876:80 \ -v...

WordPress Axle Demo Importer plugin file upload vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file upload vulnerability exists in the WordPress Axle Demo Importer plugin that stems from an unverified uploaded file, which can be exploited by an attacker to cause arbitra...