CVE-2025-54847 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-54847
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54847
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5947 - WordPress Service Finder Bookings Privilege Escalation
CVE ID : CVE-2025-5947
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5947
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8433 - Dell Document Management System Path Traversal Vulnerability
CVE ID : CVE-2025-8433
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8433
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8434 - Apache Code-projects Online Movie Streaming Remote File Inclusion Vulnerability
CVE ID : CVE-2025-8434
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8434
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4523 - IDonate WordPress Plugin Unauthorized Data Access Vulnerability
CVE ID : CVE-2025-4523
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose an administrator’s username, email address, and all donor fields.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4523
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose an administrator’s username, email address, and all donor fields.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7443 - BerqWP Arbitrary File Upload Vulnerability
CVE ID : CVE-2025-7443
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up to, and including, 2.2.42. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7443
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up to, and including, 2.2.42. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7725 - WordPress OpenAI Plugin Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-7725
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7725
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7845 - Stratum Elementor Widgets Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-7845
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7845
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8435 - Code-projects Online Movie Streaming PHP Remote Authorization Bypass Vulnerability
CVE ID : CVE-2025-8435
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8435
Published : Aug. 1, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31716 - Cisco Bootloader Out-of-Bounds Write Denial of Service
CVE ID : CVE-2025-31716
Published : Aug. 1, 2025, 6:15 a.m. | 2 hours, 3 minutes ago
Description : In bootloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31716
Published : Aug. 1, 2025, 6:15 a.m. | 2 hours, 3 minutes ago
Description : In bootloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54939 - LiteSpeed QUIC (LSQUIC) Library LSQUIC Engine Packet In Memory Leak
CVE ID : CVE-2025-54939
Published : Aug. 1, 2025, 6:15 a.m. | 2 hours, 3 minutes ago
Description : LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54939
Published : Aug. 1, 2025, 6:15 a.m. | 2 hours, 3 minutes ago
Description : LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5921 - "SureForms WordPress Reflected Cross-Site Scripting"
CVE ID : CVE-2025-5921
Published : Aug. 1, 2025, 6:15 a.m. | 2 hours, 3 minutes ago
Description : The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5921
Published : Aug. 1, 2025, 6:15 a.m. | 2 hours, 3 minutes ago
Description : The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8436 - Projectworlds Online Admission System SQL Injection Vulnerability
CVE ID : CVE-2025-8436
Published : Aug. 1, 2025, 6:15 a.m. | 2 hours, 3 minutes ago
Description : A vulnerability was found in projectworlds Online Admission System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /viewdoc.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8436
Published : Aug. 1, 2025, 6:15 a.m. | 2 hours, 3 minutes ago
Description : A vulnerability was found in projectworlds Online Admission System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /viewdoc.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8454 - Debian Package devscripts OpenPGP Verification Bypass
CVE ID : CVE-2025-8454
Published : Aug. 1, 2025, 6:15 a.m. | 2 hours, 3 minutes ago
Description : It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification for files already downloaded even if a previous verification did fail.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8454
Published : Aug. 1, 2025, 6:15 a.m. | 2 hours, 3 minutes ago
Description : It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification for files already downloaded even if a previous verification did fail.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7646 - Elementor Addons Stored Cross-Site Scripting
CVE ID : CVE-2025-7646
Published : Aug. 1, 2025, 7:15 a.m. | 1 hour, 3 minutes ago
Description : The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when the user does not have the unfiltered_html capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7646
Published : Aug. 1, 2025, 7:15 a.m. | 1 hour, 3 minutes ago
Description : The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when the user does not have the unfiltered_html capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8437 - Kitchen Treasure SQL Injection Vulnerability
CVE ID : CVE-2025-8437
Published : Aug. 1, 2025, 7:15 a.m. | 1 hour, 3 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8437
Published : Aug. 1, 2025, 7:15 a.m. | 1 hour, 3 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8438 - Code-Projects Wazifa System SQL Injection Vulnerability
CVE ID : CVE-2025-8438
Published : Aug. 1, 2025, 7:15 a.m. | 1 hour, 3 minutes ago
Description : A vulnerability classified as critical was found in code-projects Wazifa System 1.0. This vulnerability affects unknown code of the file /controllers/postpublish.php. The manipulation of the argument post leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8438
Published : Aug. 1, 2025, 7:15 a.m. | 1 hour, 3 minutes ago
Description : A vulnerability classified as critical was found in code-projects Wazifa System 1.0. This vulnerability affects unknown code of the file /controllers/postpublish.php. The manipulation of the argument post leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8439 - Wazifa System SQL Injection Vulnerability
CVE ID : CVE-2025-8439
Published : Aug. 1, 2025, 7:15 a.m. | 1 hour, 3 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0. This issue affects some unknown processing of the file /controllers/updatesettings.php. The manipulation of the argument Password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8439
Published : Aug. 1, 2025, 7:15 a.m. | 1 hour, 3 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0. This issue affects some unknown processing of the file /controllers/updatesettings.php. The manipulation of the argument Password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8441 - Code-projects Online Medicine Guide SQL Injection Vulnerability
CVE ID : CVE-2025-8441
Published : Aug. 1, 2025, 8:15 a.m. | 4 hours, 5 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The manipulation of the argument phuname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8441
Published : Aug. 1, 2025, 8:15 a.m. | 4 hours, 5 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The manipulation of the argument phuname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8442 - Code-projects Online Medicine Guide SQL Injection Vulnerability
CVE ID : CVE-2025-8442
Published : Aug. 1, 2025, 8:15 a.m. | 4 hours, 5 minutes ago
Description : A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cussignup.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8442
Published : Aug. 1, 2025, 8:15 a.m. | 4 hours, 5 minutes ago
Description : A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cussignup.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6398 - ASUS AI Suite 3 Null Pointer Dereference Vulnerability
CVE ID : CVE-2025-6398
Published : Aug. 1, 2025, 9:15 a.m. | 3 hours, 5 minutes ago
Description : A null pointer dereference vulnerability exists in the IOMap64.sys driver of ASUS AI Suite 3. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the ' Security Update for for AI Suite 3 ' section on the ASUS Security Advisory for more information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6398
Published : Aug. 1, 2025, 9:15 a.m. | 3 hours, 5 minutes ago
Description : A null pointer dereference vulnerability exists in the IOMap64.sys driver of ASUS AI Suite 3. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the ' Security Update for for AI Suite 3 ' section on the ASUS Security Advisory for more information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...