Total
3761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6347 | 1 Fabian | 1 Responsive Blog Site | 2025-07-11 | N/A | 5.4 MEDIUM |
| A vulnerability was found in code-projects Responsive Blog 1.0/1.12.4/3.3.4. It has been declared as problematic. This vulnerability affects unknown code of the file /responsive/resblog/blogadmin/admin/pageViewMembers.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5392 | 2025-07-11 | N/A | 9.8 CRITICAL | ||
| The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leverage to inject backdoors or create new administrative user accounts to name a few things. | |||||
| CVE-2024-7650 | 2025-07-10 | N/A | N/A | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in OpenTextâ„¢ Directory Services allows Remote Code Inclusion. The vulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4. | |||||
| CVE-2024-6344 | 1 Zkteco | 1 Zkbiosecurity V5000 | 2025-07-10 | N/A | N/A |
| A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The vendor explains, that "[s]ince ZKBio CVSecurity v5000 has been withdrawn from the market, we recommend upgrading to ZKBio CVSecurity V6600 6.1.3_R or above". This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-11002 | 1 Pluginus | 1 Inpost Gallery | 2025-07-09 | N/A | 6.3 MEDIUM |
| The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | |||||
| CVE-2025-7141 | 1 Mayurik | 1 Best Salon Management System | 2025-07-09 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /panel/edit_plan.php of the component Update Staff Page. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7148 | 1 Codeastro | 1 Simple Hospital Management System | 2025-07-09 | N/A | 5.4 MEDIUM |
| A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /patient.html of the component POST Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. | |||||
| CVE-2025-7144 | 1 Mayurik | 1 Best Salon Management System | 2025-07-09 | N/A | 4.8 MEDIUM |
| A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /panel/admin-profile.php of the component Admin Profile Page. The manipulation of the argument Admin Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7142 | 1 Mayurik | 1 Best Salon Management System | 2025-07-09 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/search-appointment.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7143 | 1 Mayurik | 1 Best Salon Management System | 2025-07-09 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/edit-tax.php of the component Update Tax Page. The manipulation of the argument Tax Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6744 | 1 Xtemos | 1 Woodmart | 2025-07-09 | N/A | 7.3 HIGH |
| The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_get_products_shortcode() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2025-7182 | 1 Itsourcecode | 1 Student Transcript Processing System | 2025-07-09 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/modules/subject/edit.php. The manipulation of the argument pre leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8581 | 1 Lollms | 1 Lollms Web Ui | 2025-07-08 | N/A | N/A |
| A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the `filename` value, causing a Path Traversal error. | |||||
| CVE-2025-52718 | 2025-07-04 | N/A | N/A | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. This issue affects Alone: from n/a through 7.8.2. | |||||
| CVE-2025-49302 | 2025-07-04 | N/A | N/A | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. This issue affects Easy Stripe: from n/a through 1.1. | |||||
| CVE-2025-29807 | 1 Microsoft | 1 Dataverse | 2025-07-03 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-6613 | 1 Anujk305 | 1 Hospital Management System | 2025-07-02 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6694 | 1 Wegia | 1 Wegia | 2025-07-01 | N/A | 4.1 MEDIUM |
| A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vulnerability affects unknown code of the file /html/matPat/adicionar_unidade.php of the component Adicionar Unidade. The manipulation of the argument Insira a nova unidade leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6695 | 1 Wegia | 1 Wegia | 2025-07-01 | N/A | 4.1 MEDIUM |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the file /html/matPat/adicionar_categoria.php of the component Additional Categoria. The manipulation of the argument Insira a nova categoria leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6696 | 1 Wegia | 1 Wegia | 2025-07-01 | N/A | 4.1 MEDIUM |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been classified as problematic. Affected is an unknown function of the file /html/atendido/Cadastro_Atendido.php of the component Cadastro de Atendio. The manipulation of the argument Nome/Sobrenome leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This is a different issue than CVE-2025-22615. The vendor was contacted early about this disclosure but did not respond in any way. | |||||