CVE-2025-10049 Responsive Filterable Portfolio <= 1.0.24 - Authenticated (Admin+) Arbitrary File Upload

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the HdnMediaSelectionimage field in all versions up to, and including, 1.0.24. This makes it possible for authenticated attackers, with Administrator-level acce...

CVE-2025-10049

CVE-2025-10049 affects the WordPress plugin “Responsive Filterable Portfolio” (versions

WordPress plugin Responsive Filterable Portfolio 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Responsive Filterable Portfolio plugin has an arbitrary file upload vulnerability that stems from a lack of file type validation in the HdnMediaSelectionimage fiel...

WordPress Responsive Filterable Portfolio plugin <= 1.0.24 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Responsive Filterable Portfolio versions = 1.0.24...

CVE-2025-5500

A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulation causes improper export of android application components. The attack requires local access. T...

CVE-2025-58839

Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through = 1.2...

CVE-2025-9929

A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogsview.php. Executing manipulation of the argument productcode/genname/productname/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2025-58839

Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through = 1.2...

CVE-2025-58839

CVE-2025-58839 describes a deserialization of untrusted data vulnerability in the WordPress plugin “eDS Responsive Menu” (versions up to and including 1.2). The underlying issue is PHP Object Injection triggered by deserializing untrusted data, enabling an attacker to manipulate objects during ru...

CVE-2025-58839 WordPress eDS Responsive Menu Plugin <= 1.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through = 1.2...

CVE-2025-58839 WordPress eDS Responsive Menu Plugin <= 1.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through = 1.2...

WordPress eDS Responsive Menu Plugin <= 1.2 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin eDS Responsive Menu versions = 1.2...

WordPress plugin eDS Responsive Menu 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-36178

Name of the Vulnerable Software and Affected Versions: eDS Responsive Menu versions through 1.2 Description: A deserialization of untrusted data issue exists in eDS Responsive Menu, allowing object injection. This can occur due to the deserialization of untrusted data. Recommendations: At the...

CVE-2025-9929

A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogsview.php. Executing manipulation of the argument productcode/genname/productname/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2025-9929

A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogsview.php. Executing manipulation of the argument productcode/genname/productname/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2025-9929 code-projects Responsive Blog Site blogs_view.php cross site scripting

A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogsview.php. Executing manipulation of the argument productcode/genname/productname/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2025-9688

A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function writeisviewer of the file src/device/cart/isviewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high...

CVE-2025-9579

A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...

CVE-2025-9576

CVE-2025-9576 concerns Seeedstudio ReSpeaker LinkIt7688, where an Administrative Interface function handling the file "/etc/shadow" can be manipulated to enable default-credential use. Exploitation requires local access and is described as high-complexity with low exploitability in the public mat...