CVE-2025-14565

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed fro...

CVE-2025-0749 Homey <= 2.4.3 - Limited Authentication Bypass due to Missing Empty Value Check

The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the 'verificationid' value being set to empty, and the not empty check is missing in the dashboard user profile page. This makes it possible for unauthenticated attackers t...

Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution

Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/...

verinet.ru XSS vulnerability

Vulnerable URL: http://www.verinet.ru/profile/login.html Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 4 VIP website status:| No Check...

cruises.mileageplus.com XSS vulnerability

Vulnerable URL: https://cruises.mileageplus.com/profile/login.do?origin=javascript:alert%28/XSSPOSED/%29 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...