CVE-2025-48073 - OpenEXR NULL Pointer Dereference Vulnerability
CVE ID : CVE-2025-48073
Published : July 31, 2025, 9:15 p.m. | 56 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48073
Published : July 31, 2025, 9:15 p.m. | 56 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8431 - PHPGurukul Boat Booking System SQL Injection Vulnerability
CVE ID : CVE-2025-8431
Published : Aug. 1, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the argument boatname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8431
Published : Aug. 1, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the argument boatname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5954 - WordPress Service Finder SMS System Plugin Unauthenticated Administrator Account Takeover Vulnerability
CVE ID : CVE-2025-5954
Published : Aug. 1, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5954
Published : Aug. 1, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54840 - Apache HTTP Server Denial of Service
CVE ID : CVE-2025-54840
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54840
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54841 - Apache Struts SQL Injection
CVE ID : CVE-2025-54841
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54841
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54842 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-54842
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54842
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54843 - Fortinet DNS Server Insufficient Input Validation
CVE ID : CVE-2025-54843
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54843
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54844 - Apache Struts Command Execution
CVE ID : CVE-2025-54844
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54844
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54845 - Adobe Flash Memory Corruption Vulnerability
CVE ID : CVE-2025-54845
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54845
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54846 - Apache HTTP Server HTTP Request Smuggling
CVE ID : CVE-2025-54846
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54846
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54847 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-54847
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54847
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5947 - WordPress Service Finder Bookings Privilege Escalation
CVE ID : CVE-2025-5947
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5947
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8433 - Dell Document Management System Path Traversal Vulnerability
CVE ID : CVE-2025-8433
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8433
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8434 - Apache Code-projects Online Movie Streaming Remote File Inclusion Vulnerability
CVE ID : CVE-2025-8434
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8434
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4523 - IDonate WordPress Plugin Unauthorized Data Access Vulnerability
CVE ID : CVE-2025-4523
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose an administrator’s username, email address, and all donor fields.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4523
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose an administrator’s username, email address, and all donor fields.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7443 - BerqWP Arbitrary File Upload Vulnerability
CVE ID : CVE-2025-7443
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up to, and including, 2.2.42. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7443
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up to, and including, 2.2.42. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7725 - WordPress OpenAI Plugin Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-7725
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7725
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7845 - Stratum Elementor Widgets Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-7845
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7845
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8435 - Code-projects Online Movie Streaming PHP Remote Authorization Bypass Vulnerability
CVE ID : CVE-2025-8435
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8435
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31716 - Cisco Bootloader Out-of-Bounds Write Denial of Service
CVE ID : CVE-2025-31716
Published : Aug. 1, 2025, 6:15 a.m. | 2 hours, 3 minutes ago
Description : In bootloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31716
Published : Aug. 1, 2025, 6:15 a.m. | 2 hours, 3 minutes ago
Description : In bootloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54939 - LiteSpeed QUIC (LSQUIC) Library LSQUIC Engine Packet In Memory Leak
CVE ID : CVE-2025-54939
Published : Aug. 1, 2025, 6:15 a.m. | 2 hours, 3 minutes ago
Description : LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54939
Published : Aug. 1, 2025, 6:15 a.m. | 2 hours, 3 minutes ago
Description : LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...