CVE-2025-8905 - WordPress Inpersttion For Theme Remote Code Execution
CVE ID : CVE-2025-8905
Published : Aug. 15, 2025, 9:15 a.m. | 47 minutes ago
Description : The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the theme_section_shortcode() function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server which is limited to arbitrary functions without any user supplied parameters.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8905
Published : Aug. 15, 2025, 9:15 a.m. | 47 minutes ago
Description : The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the theme_section_shortcode() function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server which is limited to arbitrary functions without any user supplied parameters.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9023 - Tenda AC7/AC18 Buffer Overflow in formSetSchedLed
CVE ID : CVE-2025-9023
Published : Aug. 15, 2025, 9:15 a.m. | 47 minutes ago
Description : A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9023
Published : Aug. 15, 2025, 9:15 a.m. | 47 minutes ago
Description : A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9024 - PHPGurukul Beauty Parlour Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9024
Published : Aug. 15, 2025, 9:15 a.m. | 47 minutes ago
Description : A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9024
Published : Aug. 15, 2025, 9:15 a.m. | 47 minutes ago
Description : A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9025 - Simple Cafe Ordering System SQL Injection Vulnerability
CVE ID : CVE-2025-9025
Published : Aug. 15, 2025, 9:15 a.m. | 47 minutes ago
Description : A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /portal.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9025
Published : Aug. 15, 2025, 9:15 a.m. | 47 minutes ago
Description : A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /portal.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9026 - D-Link DIR-860L OS Command Injection Vulnerability
CVE ID : CVE-2025-9026
Published : Aug. 15, 2025, 10:15 a.m. | 3 hours, 48 minutes ago
Description : A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9026
Published : Aug. 15, 2025, 10:15 a.m. | 3 hours, 48 minutes ago
Description : A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9027 - "Code-Projects Online Medicine Guide SQL Injection"
CVE ID : CVE-2025-9027
Published : Aug. 15, 2025, 10:15 a.m. | 3 hours, 48 minutes ago
Description : A vulnerability has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /addelivery.php. The manipulation of the argument deName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9027
Published : Aug. 15, 2025, 10:15 a.m. | 3 hours, 48 minutes ago
Description : A vulnerability has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /addelivery.php. The manipulation of the argument deName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26709 - ZTE F50 Web Module Unauthorized Access Vulnerability
CVE ID : CVE-2025-26709
Published : Aug. 15, 2025, 11:15 a.m. | 2 hours, 48 minutes ago
Description : There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26709
Published : Aug. 15, 2025, 11:15 a.m. | 2 hours, 48 minutes ago
Description : There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9028 - "Code-projects Online Medicine Guide SQL Injection Vulnerability"
CVE ID : CVE-2025-9028
Published : Aug. 15, 2025, 11:15 a.m. | 2 hours, 48 minutes ago
Description : A vulnerability was found in code-projects Online Medicine Guide 1.0. This issue affects some unknown processing of the file /adphar.php. The manipulation of the argument phuname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9028
Published : Aug. 15, 2025, 11:15 a.m. | 2 hours, 48 minutes ago
Description : A vulnerability was found in code-projects Online Medicine Guide 1.0. This issue affects some unknown processing of the file /adphar.php. The manipulation of the argument phuname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9046 - Tenda AC20 Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-9046
Published : Aug. 15, 2025, 11:15 a.m. | 2 hours, 48 minutes ago
Description : A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9046
Published : Aug. 15, 2025, 11:15 a.m. | 2 hours, 48 minutes ago
Description : A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9047 - Projectworlds Visitor Management System SQL Injection
CVE ID : CVE-2025-9047
Published : Aug. 15, 2025, 11:15 a.m. | 2 hours, 48 minutes ago
Description : A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9047
Published : Aug. 15, 2025, 11:15 a.m. | 2 hours, 48 minutes ago
Description : A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1929 - Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı SQL Injection Vulnerability
CVE ID : CVE-2025-1929
Published : Aug. 15, 2025, 12:15 p.m. | 1 hour, 48 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Injection, CAPEC - 7 - Blind SQL Injection.This issue affects Reel Sektör Hazine ve Risk Yönetimi Yazılımı: through 1.0.0.4.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1929
Published : Aug. 15, 2025, 12:15 p.m. | 1 hour, 48 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Injection, CAPEC - 7 - Blind SQL Injection.This issue affects Reel Sektör Hazine ve Risk Yönetimi Yazılımı: through 1.0.0.4.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54473 - Joomla Phoca Commander Authenticated Remote Code Execution
CVE ID : CVE-2025-54473
Published : Aug. 15, 2025, 12:15 p.m. | 1 hour, 48 minutes ago
Description : An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54473
Published : Aug. 15, 2025, 12:15 p.m. | 1 hour, 48 minutes ago
Description : An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54474 - "DJ-Classifieds SQL Injection Vulnerability"
CVE ID : CVE-2025-54474
Published : Aug. 15, 2025, 12:15 p.m. | 1 hour, 48 minutes ago
Description : A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54474
Published : Aug. 15, 2025, 12:15 p.m. | 1 hour, 48 minutes ago
Description : A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54475 - "Joomla JS Jobs Plugin SQL Injection Vulnerability"
CVE ID : CVE-2025-54475
Published : Aug. 15, 2025, 12:15 p.m. | 1 hour, 48 minutes ago
Description : A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54475
Published : Aug. 15, 2025, 12:15 p.m. | 1 hour, 48 minutes ago
Description : A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9050 - "Projectworlds Travel Management System SQL Injection Vulnerability"
CVE ID : CVE-2025-9050
Published : Aug. 15, 2025, 12:15 p.m. | 1 hour, 48 minutes ago
Description : A vulnerability was found in projectworlds Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /addcategory.php. The manipulation of the argument t1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9050
Published : Aug. 15, 2025, 12:15 p.m. | 1 hour, 48 minutes ago
Description : A vulnerability was found in projectworlds Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /addcategory.php. The manipulation of the argument t1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9051 - Projectworlds Travel Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9051
Published : Aug. 15, 2025, 12:15 p.m. | 1 hour, 48 minutes ago
Description : A vulnerability was determined in projectworlds Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /updatecategory.php. The manipulation of the argument t1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9051
Published : Aug. 15, 2025, 12:15 p.m. | 1 hour, 48 minutes ago
Description : A vulnerability was determined in projectworlds Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /updatecategory.php. The manipulation of the argument t1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9052 - Projectworlds Travel Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9052
Published : Aug. 15, 2025, 1:15 p.m. | 48 minutes ago
Description : A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9052
Published : Aug. 15, 2025, 1:15 p.m. | 48 minutes ago
Description : A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9053 - Projectworlds Travel Management System SQL Injection
CVE ID : CVE-2025-9053
Published : Aug. 15, 2025, 1:15 p.m. | 48 minutes ago
Description : A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the argument t1/s1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9053
Published : Aug. 15, 2025, 1:15 p.m. | 48 minutes ago
Description : A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the argument t1/s1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12573 - Apache Web Server Authentication Bypass
CVE ID : CVE-2024-12573
Published : Aug. 15, 2025, 3:15 p.m. | 2 hours, 49 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-24752 Reason: This candidate is a reservation duplicate of CVE-2025-24752. Notes: All CVE users should reference CVE-2025-24752 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12573
Published : Aug. 15, 2025, 3:15 p.m. | 2 hours, 49 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-24752 Reason: This candidate is a reservation duplicate of CVE-2025-24752. Notes: All CVE users should reference CVE-2025-24752 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24975 - Firebird Database Segfault and Encryption Key Vulnerability
CVE ID : CVE-2025-24975
Published : Aug. 15, 2025, 3:15 p.m. | 2 hours, 49 minutes ago
Description : Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24975
Published : Aug. 15, 2025, 3:15 p.m. | 2 hours, 49 minutes ago
Description : Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54466 - Apache OFBiz Scrum Plugin Code Injection Vulnerability
CVE ID : CVE-2025-54466
Published : Aug. 15, 2025, 3:15 p.m. | 2 hours, 49 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54466
Published : Aug. 15, 2025, 3:15 p.m. | 2 hours, 49 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...