CVE-2025-48346

Missing Authorization vulnerability in Embed360 Embed and Integrate Etsy Shop embed-and-integrate-etsy-shop allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embed and Integrate Etsy Shop: from n/a through = 1.0.9...

USN-7525-1: Tomcat vulnerability

It was discovered that Apache Tomcat incorrectly implemented partial PUT functionality by replacing path separators with dots in temporary files. A remote attacker could possibly use this issue to access sensitive files, inject malicious content, or execute remote code...

CVE-2025-48414

There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack surface...

CVE-2025-48416

CVE-2025-48416 describes a vulnerability in an OpenSSH daemon where a hard-coded entry for root exists in the firmware image’s /etc/shadow. Despite PermitRootLogin being disabled by default, the credential can be bypassed or altered through multiple paths, enabling potential unauthorized root acc...

CVE-2025-48415 Backdoor Functionality via USB Drive in eCharge Hardy Barth cPH2 / cPP2 charging stations

A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or perform other...

CVE-2025-48415 Backdoor Functionality via USB Drive in eCharge Hardy Barth cPH2 / cPP2 charging stations

A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or perform other...

CVE-2025-45752

A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager...

CVE-2025-45752

A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager...

PT-2025-22419

Name of the Vulnerable Software and Affected Versions SeedDMS version 6.0.32 Description A vulnerability in SeedDMS allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. Recommendations For SeedDMS version 6.0.3...

PT-2025-22387 · Drupal · Drupal Single Content Sync

Name of the Vulnerable Software and Affected Versions: Drupal Single Content Sync versions 0.0.0 through 1.4.11 Description: The issue is related to a Missing Authorization vulnerability in Drupal Single Content Sync, which allows functionality misuse. Recommendations: For versions 0.0.0 through...

CVE-2025-45753

Vulnerability CVE-2025-45753 affects Vtiger CRM Open Source Edition v8.3.0. An attacker with admin privileges can execute arbitrary PHP code by abusing the ZIP import functionality in the Module Import feature. The entry indicates high impact (C/H/I/A) with a CVSSv3.1 base score of 7.2. Connected...

Drupal One Time Password 安全漏洞

Drupal One Time Password is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal One Time Password versions prior to 1.3.0 that stems from bypassing authentication using an alternate path or channel, which could lead to...

PT-2025-22343 · Echarge Hardy Barth · Cph2 / Cpp2 Charging Stations

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns several scripts in the web interface that are accessible via undocumented hard-coded credentials. These scripts provide access to additional administrative and debug...

PT-2025-22123 · WordPress · Order Delivery Date

Name of the Vulnerable Software and Affected Versions: Order Delivery Date WordPress plugin versions prior to 12.4.0 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitise and escape a parameter before outputting it...

CVE-2025-39449

Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through = 2.1.18...

CVE-2025-39449 WordPress JetWooBuilder plugin <= 2.1.18 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through = 2.1.18...

CVE-2025-48346

Missing Authorization vulnerability in Embed360 Embed and Integrate Etsy Shop embed-and-integrate-etsy-shop allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embed and Integrate Etsy Shop: from n/a through = 1.0.8...

CVE-2025-4931

A vulnerability classified as critical was found in projectworlds Online Lawyer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /userregistation.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. T...

CVE-2025-4907

The CVE-2025-4907 entry affects PHPGurukul Daily Expense Tracker System 1.1. A SQL injection vulnerability exists in the forgot-password.php handling of the email parameter. Descriptions from multiple sources indicate remote exploitation is possible and that exploitation details have been disclos...

CVE-2025-4887

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclos...