CVE-2012-10005

A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PFBC/Element/Textarea.php of the component Textarea Handler. The manipulation of the argument value leads to cross site...

Oracle Linux 9 : expat (ELSA-2025-7444)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7444 advisory. - Fix CVE-2024-8176 - Fix CVE-2024-50602 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...

PT-2025-22319 · Unknown · Moonlightl Hexo-Boot

Name of the Vulnerable Software and Affected Versions: moonlightL hexo-boot version 4.3.0 Description: A problematic issue has been discovered, affecting an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the Description argument leads to...

Atlassian Confluence 7.19.x < 8.5.20 / 8.6.x < 9.2.2 / 9.3.x < 9.3.2 DoS (CONFSERVER-99540)

The version of Atlassian Confluence Server running on the remote host is affected by a denial of service vulnerability as referenced in the CONFSERVER-99540 advisory. - Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and pri...

WordPress Mobile Contact Bar plugin < 3.0.5 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Mobile Contact Bar versions 3.0.5...

PT-2025-21926 · Unknown · Phpgurukul Auto Taxi Stand Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Auto Taxi Stand Management System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Auto Taxi Stand Management System. The issue is related to an unknown function of the file...

WordPress tarteaucitron.js for WordPress plugin < 0.3.0 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin tarteaucitron.js for WordPress versions 0.3.0...

PT-2025-21774 · Sourcecodester · Sourcecodester Doctors Appointment System

Name of the Vulnerable Software and Affected Versions: SourceCodester Doctor's Appointment System version 1.0 Description: A critical issue affects the processing of the file /admin/delete-doctor.php, specifically the GET Parameter Handler component. The manipulation of the ID argument leads to S...

WordPress LogDash Activity Log plugin < 1.1.4 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Nicolas Surribas in WordPress Plugin LogDash Activity Log versions 1.1.4...

PT-2025-21765 · Unknown · Phpgurukul Human Metapneumovirus Testing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Human Metapneumovirus Testing Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /edit-phlebotomist.php. The manipulation of the mobilenumber argument lead...

PT-2025-21642 · Seaweedfs · Seaweedfs

Name of the Vulnerable Software and Affected Versions: seaweedfs version 3.68 Description: A SQL injection issue was discovered in the component /abstract sql/abstract sql store.go. This issue affects seaweedfs and can be exploited via the vulnerable component. Recommendations: For seaweedfs...

PT-2025-21604 · Unknown · Campcodes Sales/Inventory System

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0 Description: A critical vulnerability has been found in the Campcodes Sales and Inventory System. This issue affects the file /pages/purchase delete.php and is related to SQL injection. The...

PT-2025-21700 · Valvepress · Valvepress Rankie

Name of the Vulnerable Software and Affected Versions: ValvePress Rankie versions 1.8.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in ValvePress Rankie, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

PT-2025-21758 · Unknown · Phpgurukul Park Ticketing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Park Ticketing Management System version 2.0 Description: A critical issue affects the processing of the file /add-normal-ticket.php, where the manipulation of the noadult argument leads to SQL injection. The attack can be initiate...

PT-2025-21339 · Unknown · Projectworlds Online Examination System

Name of the Vulnerable Software and Affected Versions: ProjectWorlds Online Examination System version 1.0 Description: A critical issue has been identified, affecting the file /Procedure3b yearwiseVisit.php. The manipulation of the Visit year argument leads to SQL injection. This issue can be...

ManageEngine ADSelfService Plus < build 6514 SQLi

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6514. It is, therefore, affected by an authenticated SQL injection vulnerability in the MFA reports. Note that Nessus has not tested for this issue but has instead...

10,000 WordPress Sites Affected by Remote Code Execution Vulnerability in UiPress lite WordPress Plugin

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On March 29th, 2025, we received a submission for a Remote Code Executio...

CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks

Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile EPMM software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below - CVE-2025-4427 CVSS score: 5.3 - An authentication bypass in Ivanti Endpoi...