CVE-2013-10071 Nagios XI < 2012R1.6 Reflected XSS via Dashlet AJAX Load Functionality

Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting XSS vulnerability in the dashboard dashlet AJAX load functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...

CVE-2013-10073 Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection

Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary...

CVE-2025-62976

Missing Authorization vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sendle Shipping: from n/a through = 6.02...

CVE-2025-61235

An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device...

CVE-2025-12289

CVE-2025-12289 affects the Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. The flaw is an cross-site scripting vulnerability arising from manipulating the argument category_id in the file /Point/index/activity_state/1/category_id/1001. The issue can be...

CVE-2025-12222

CVE-2025-12222 affects Bdtask Flight Booking Software up to v3.1. The vulnerability exists in the Deposit Handler’s Deposit component, specifically the /admin/transaction/deposit path, where an unknown functionality allows unrestricted file upload. This can be exploited remotely and was publicly ...

EUVD-2025-36031

Missing Authorization vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Podlove Web Player: from n/a through = 5.9.1...

CVE-2025-62884

Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coupon Affiliates: from n/a through = 7.2.0...

PT-2025-43845

Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through = 2.9.0...

CVE-2025-12278 Logout Functionality not Working

Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-8536

A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks. This issue affects older branches of this software...

CVE-2025-11889

The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.18. This makes it possible for authenticated attackers, with Administrator-level access...

CVE-2025-8536

A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks. This issue affects older branches of this software...

CVE-2025-8536

DobryCMS is affected by CVE-2025-8536, a SQL injection arising from improper neutralization of user input in the system’s language functionality. The vulnerability impacts older branches of DobryCMS and is rated high impact (CVSS 4.0: Critical overall, with high impact to confidentiality and inte...

CVE-2025-8536 SQL Injection in DobryCMS

A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks. This issue affects older branches of this software...

CVE-2025-11889

The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.18. This makes it possible for authenticated attackers, with Administrator-level access...

EUVD-2025-35812

The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.15. This makes it possible for authenticated attackers, with Administrator-level access...

CVE-2025-49899

Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through = 4.0.15...

CVE-2025-62054

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through = 4.1.8...

CVE-2025-62058

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...