WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability

WordPress Houzez Theme - Functionality plugin 4.2.0 - Cross Site Scripting XSS vulnerability discovered by ? in WordPress Plugin Houzez Theme - Functionality versions 4.2.0...

WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability

WordPress Houzez Theme - Functionality plugin 4.2.0 - Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Houzez Theme - Functionality versions 4.2.0...

WordPress Houzez Theme - Functionality plugin <= 4.1.8 - Local File Inclusion vulnerability

WordPress Houzez Theme - Functionality plugin = 4.1.8 - Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Houzez Theme - Functionality versions = 4.1.8...

CVE-2025-58325

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands...

EUVD-2025-34560

The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.0 via the import functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...

CVE-2025-59051

The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows authenticated OS command...

EUVD-2025-34246

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands...

CVE-2025-58325

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands...

CVE-2025-58325

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands...

CVE-2025-11673

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server...

Microsoft ASP.NET Core 环境问题漏洞

Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft Corporation USA. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Microsoft ASP.NET Core suffers from an environment issue...

EUVD-2025-34050

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server...

EUVD-2025-34053

A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addcandidatemodal.php.. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has...

CVE-2025-11673

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server...

CVE-2025-11673 PiExtract ｜SOOP-CLM - Hidden Functionality

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server...

CVE-2025-11673 PiExtract ｜SOOP-CLM - Hidden Functionality

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server...

CVE-2025-11673

CVE-2025-11673 affects PiExtract SOOP-CLM. The connected sources describe a Hidden Functionality vulnerability that allows a privileged remote attacker to exploit hidden functionality to execute arbitrary code on the server. The entries list high-impact scores (CVSS 3.1/3.1 base 7.2; CVSS 4.0/4.0...

PT-2025-41773

Name of the Vulnerable Software and Affected Versions SOOP-CLM affected versions not specified Description SOOP-CLM, developed by PiExtract, contains a Hidden Functionality issue. Privileged remote attackers can exploit this functionality to execute arbitrary code on the server. Recommendations A...

PiExtract SOOP-CLM 安全漏洞

PiExtract SOOP-CLM is a cost-effective, enterprise-grade, centralized log management solution from China Xinyan PiExtract. A security vulnerability exists in PiExtract SOOP-CLM that stems from the presence of hidden functionality that could lead to the execution of arbitrary code by a privileged...

WordPress Porto Theme - Functionality plugin < 3.7.3 - Broken Access Control vulnerability

WordPress Porto Theme - Functionality plugin 3.7.3 - Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Porto Theme - Functionality versions 3.7.3...