CVE-2025-54714 - Zephyr Project Manager Missing Authorization Vulnerability
CVE ID : CVE-2025-54714
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.201.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54714
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.201.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54716 - Ovatheme Ireca PHP Remote File Inclusion Vulnerability
CVE ID : CVE-2025-54716
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54716
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54720 - SteelThemes Nest Addons SQL Injection
CVE ID : CVE-2025-54720
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SteelThemes Nest Addons allows SQL Injection. This issue affects Nest Addons: from n/a through 1.6.3.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54720
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SteelThemes Nest Addons allows SQL Injection. This issue affects Nest Addons: from n/a through 1.6.3.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54724 - Golo Cross-site Scripting (XSS)
CVE ID : CVE-2025-54724
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54724
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54725 - Uxper Golo Authentication Bypass
CVE ID : CVE-2025-54725
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows Authentication Abuse. This issue affects Golo: from n/a through 1.7.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54725
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows Authentication Abuse. This issue affects Golo: from n/a through 1.7.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54731 - YouTube Showcase Object Injection Vulnerability
CVE ID : CVE-2025-54731
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube Showcase allows Object Injection. This issue affects YouTube Showcase: from n/a through 3.5.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54731
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube Showcase allows Object Injection. This issue affects YouTube Showcase: from n/a through 3.5.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54733 - Miles All Bootstrap Blocks Authentication Bypass
CVE ID : CVE-2025-54733
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Missing Authorization vulnerability in Miles All Bootstrap Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects All Bootstrap Blocks: from n/a through 1.3.28.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54733
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Missing Authorization vulnerability in Miles All Bootstrap Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects All Bootstrap Blocks: from n/a through 1.3.28.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54734 - BPlugins B Slider Missing Authorization Vulnerability
CVE ID : CVE-2025-54734
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Missing Authorization vulnerability in bPlugins B Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B Slider: from n/a through 1.1.30.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54734
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Missing Authorization vulnerability in bPlugins B Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B Slider: from n/a through 1.1.30.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54738 - NooTheme Jobmonster Authentication Bypass
CVE ID : CVE-2025-54738
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster allows Authentication Abuse. This issue affects Jobmonster: from n/a through 4.7.9.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54738
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster allows Authentication Abuse. This issue affects Jobmonster: from n/a through 4.7.9.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54742 - Magepeopleteam WpEvently Untrusted Data Deserialization Object Injection Vulnerability
CVE ID : CVE-2025-54742
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.4.8.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54742
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.4.8.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58123 - Checkmk Exchange Plugin SSL/TLS Certificate Validation Vulnerability
CVE ID : CVE-2025-58123
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58123
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58124 - Checkmk Exchange Certificate Validation Bypass
CVE ID : CVE-2025-58124
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58124
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58125 - Freebox Checkmk Exchange Plugin SSL Certificate Validation Bypass
CVE ID : CVE-2025-58125
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in MitM position to intercept traffic.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58125
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in MitM position to intercept traffic.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58126 - VMware vSAN Checkmk Exchange Plugin SSL/TLS Man-in-the-Middle Attack Vulnerability
CVE ID : CVE-2025-58126
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58126
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58127 - Dell Powerscale Certificate Validation Weakness
CVE ID : CVE-2025-58127
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in MitM position to intercept traffic.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58127
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in MitM position to intercept traffic.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-49790 - IBM Watson Studio on Cloud Pak for Data Cross-Site Scripting (XSS)
CVE ID : CVE-2024-49790
Published : Aug. 28, 2025, 2:15 p.m. | 29 minutes ago
Description : IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-49790
Published : Aug. 28, 2025, 2:15 p.m. | 29 minutes ago
Description : IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51967 - ProjectsAndPrograms School Management System Reflected Cross-site Scripting (XSS)
CVE ID : CVE-2025-51967
Published : Aug. 28, 2025, 2:15 p.m. | 28 minutes ago
Description : A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST parameter, allowing an attacker to inject and execute arbitrary JavaScript in a victim's browser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51967
Published : Aug. 28, 2025, 2:15 p.m. | 28 minutes ago
Description : A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST parameter, allowing an attacker to inject and execute arbitrary JavaScript in a victim's browser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51968 - PuneethReddyHC Online Shopping System SQL Injection
CVE ID : CVE-2025-51968
Published : Aug. 28, 2025, 2:15 p.m. | 28 minutes ago
Description : A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51968
Published : Aug. 28, 2025, 2:15 p.m. | 28 minutes ago
Description : A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51969 - PuneethReddyHC Online Shopping System SQL Injection
CVE ID : CVE-2025-51969
Published : Aug. 28, 2025, 2:15 p.m. | 28 minutes ago
Description : A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being included in a SQL statement.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51969
Published : Aug. 28, 2025, 2:15 p.m. | 28 minutes ago
Description : A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being included in a SQL statement.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51971 - PuneethReddyHC Online Shopping System Reflected XSS
CVE ID : CVE-2025-51971
Published : Aug. 28, 2025, 2:15 p.m. | 28 minutes ago
Description : A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without proper HTML encoding or output escaping. This allows remote attackers to inject arbitrary JavaScript code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51971
Published : Aug. 28, 2025, 2:15 p.m. | 28 minutes ago
Description : A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without proper HTML encoding or output escaping. This allows remote attackers to inject arbitrary JavaScript code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51972 - PuneethReddyHC Online Shopping System SQL Injection
CVE ID : CVE-2025-51972
Published : Aug. 28, 2025, 2:15 p.m. | 28 minutes ago
Description : A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51972
Published : Aug. 28, 2025, 2:15 p.m. | 28 minutes ago
Description : A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...