๐จ CVE-2024-14015
The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
๐@cveNotify
The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
๐@cveNotify
WPScan
Studiocart <= 2.9.0 - Reflected XSS
See details on Studiocart <= 2.9.0 - Reflected XSS CVE 2024-14015. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2025-12394
The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable without authentication.
๐@cveNotify
The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable without authentication.
๐@cveNotify
WPScan
Backup Migration < 2.0.0 - Unauthenticated Backup Download
See details on Backup Migration < 2.0.0 - Unauthenticated Backup Download CVE 2025-12394. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2025-12569
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
๐@cveNotify
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
๐@cveNotify
WPScan
WP Front User Submit < 5.0.0 - Open Redirect
See details on WP Front User Submit < 5.0.0 - Open Redirect CVE 2025-12569. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2025-12629
The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
๐@cveNotify
The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
๐@cveNotify
WPScan
Broken Link Manager <= 0.6.5 - Reflected XSS
See details on Broken Link Manager <= 0.6.5 - Reflected XSS CVE 2025-12629. View the latest Plugin Vulnerabilities on WPScan.
๐ฅ1
๐จ CVE-2025-12287
A security vulnerability has been detected in Bdtask Wholesale Inventory Control and Inventory Management System up to 20251013. This impacts an unknown function of the file /Admin_dashboard/edit_profile. Such manipulation of the argument first_name/last_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A security vulnerability has been detected in Bdtask Wholesale Inventory Control and Inventory Management System up to 20251013. This impacts an unknown function of the file /Admin_dashboard/edit_profile. Such manipulation of the argument first_name/last_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
PoCVulDb/CVE-2025-12287.md at main ยท 4m3rr0r/PoCVulDb
PoC of CVEs 4m3rr0r. Contribute to 4m3rr0r/PoCVulDb development by creating an account on GitHub.
๐จ CVE-2025-12288
A vulnerability was detected in Bdtask Pharmacy Management System up to 9.4. Affected is an unknown function of the file /user/edit_user/ of the component User Profile Handler. Performing manipulation results in authorization bypass. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was detected in Bdtask Pharmacy Management System up to 9.4. Affected is an unknown function of the file /user/edit_user/ of the component User Profile Handler. Performing manipulation results in authorization bypass. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
PoCVulDb/CVE-2025-12288.md at main ยท 4m3rr0r/PoCVulDb
PoC of CVEs 4m3rr0r. Contribute to 4m3rr0r/PoCVulDb development by creating an account on GitHub.
๐จ CVE-2025-13123
A flaw has been found in AMTT Hotel Broadband Operation System 1.0. The impacted element is an unknown function of the file /user/portal/get_firstdate.php. Executing manipulation of the argument uid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A flaw has been found in AMTT Hotel Broadband Operation System 1.0. The impacted element is an unknown function of the file /user/portal/get_firstdate.php. Executing manipulation of the argument uid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
Anmei Digital Hotel Broadband Operation System has a front-end SQL injection vulnerability ยท Issue #2 ยท R178/cve
Anmei Digital Hotel Broadband Operation System has a front-end SQL injection vulnerability Vulnerability Description Anmei Century (Beijing) Technology Co., Ltd. (http://www.amttgroup.com/) is a di...
๐จ CVE-2025-47220
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 1 of 3.
๐@cveNotify
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 1 of 3.
๐@cveNotify
๐จ CVE-2025-47221
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 2 of 3.
๐@cveNotify
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 2 of 3.
๐@cveNotify
๐จ CVE-2025-12740
A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters.
Looker-hosted and Self-hosted were found to be vulnerable.
This issue has already been mitigated for Looker-hosted instances. No user action is required for these.
Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.
The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :
* 25.0.93+
* 25.6.84+
* 25.12.42+
* 25.14.50+
* 25.16.44+
๐@cveNotify
A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters.
Looker-hosted and Self-hosted were found to be vulnerable.
This issue has already been mitigated for Looker-hosted instances. No user action is required for these.
Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.
The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :
* 25.0.93+
* 25.6.84+
* 25.12.42+
* 25.14.50+
* 25.16.44+
๐@cveNotify
Google Cloud Documentation
Security Bulletins | Cloud Customer Care | Google Cloud Documentation
๐จ CVE-2025-12741
A Looker user with Developer role could create a database connection using Denodo driver and, by manipulating LookML, cause Looker to execute a malicious command.
Looker-hosted and Self-hosted were found to be vulnerable.
This issue has already been mitigated for Looker-hosted instances. No user action is required for these.
Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.
The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :
* 24.12.108+
* 24.18.200+
* 25.0.78+
* 25.6.65+
* 25.8.47+
* 25.12.10+
* 25.14+
๐@cveNotify
A Looker user with Developer role could create a database connection using Denodo driver and, by manipulating LookML, cause Looker to execute a malicious command.
Looker-hosted and Self-hosted were found to be vulnerable.
This issue has already been mitigated for Looker-hosted instances. No user action is required for these.
Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.
The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :
* 24.12.108+
* 24.18.200+
* 25.0.78+
* 25.6.65+
* 25.8.47+
* 25.12.10+
* 25.14+
๐@cveNotify
Google Cloud Documentation
Security Bulletins | Cloud Customer Care | Google Cloud Documentation
๐จ CVE-2025-41087
Cross-Site Scripting (XSS) vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of any user who accesses the compromised resource.
๐@cveNotify
Cross-Site Scripting (XSS) vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of any user who accesses the compromised resource.
๐@cveNotify
www.incibe.es
Cross-Site Scripting (XSS) stored in Taclia's web application
INCIBE has coordinated the publication of 1 medium-severity vulnerability that affects the web applica
๐จ CVE-2025-41729
An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service.
๐@cveNotify
An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service.
๐@cveNotify
Certvde
Janitza: Vulnerability in Modbus interface of UMG 96-PA and UMG 96-PA-MID+
๐ฅ2
๐จ CVE-2025-47222
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 3 of 3.
๐@cveNotify
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 3 of 3.
๐@cveNotify
๐จ CVE-2021-4462
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
๐@cveNotify
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
๐@cveNotify
Exploit Database
Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated)
Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated).. webapps exploit for PHP platform
๐จ CVE-2025-12628
The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them
๐@cveNotify
The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them
๐@cveNotify
WPScan
WP 2FA < 3.0.0 - Second Factor Bypass
See details on WP 2FA < 3.0.0 - Second Factor Bypass CVE 2025-12628. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2025-40212
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix refcount leak in nfsd_set_fh_dentry()
nfsd exports a "pseudo root filesystem" which is used by NFSv4 to find
the various exported filesystems using LOOKUP requests from a known root
filehandle. NFSv3 uses the MOUNT protocol to find those exported
filesystems and so is not given access to the pseudo root filesystem.
If a v3 (or v2) client uses a filehandle from that filesystem,
nfsd_set_fh_dentry() will report an error, but still stores the export
in "struct svc_fh" even though it also drops the reference (exp_put()).
This means that when fh_put() is called an extra reference will be dropped
which can lead to use-after-free and possible denial of service.
Normal NFS usage will not provide a pseudo-root filehandle to a v3
client. This bug can only be triggered by the client synthesising an
incorrect filehandle.
To fix this we move the assignments to the svc_fh later, after all
possible error cases have been detected.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix refcount leak in nfsd_set_fh_dentry()
nfsd exports a "pseudo root filesystem" which is used by NFSv4 to find
the various exported filesystems using LOOKUP requests from a known root
filehandle. NFSv3 uses the MOUNT protocol to find those exported
filesystems and so is not given access to the pseudo root filesystem.
If a v3 (or v2) client uses a filehandle from that filesystem,
nfsd_set_fh_dentry() will report an error, but still stores the export
in "struct svc_fh" even though it also drops the reference (exp_put()).
This means that when fh_put() is called an extra reference will be dropped
which can lead to use-after-free and possible denial of service.
Normal NFS usage will not provide a pseudo-root filehandle to a v3
client. This bug can only be triggered by the client synthesising an
incorrect filehandle.
To fix this we move the assignments to the svc_fh later, after all
possible error cases have been detected.
๐@cveNotify
๐ฅ1
๐จ CVE-2025-61757
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
๐@cveNotify
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
๐@cveNotify
๐จ CVE-2025-13179
A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. This issue affects some unknown processing. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. This issue affects some unknown processing. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
Cross-Site Request Forgery (CSRF) in Wholesale Management System] leading to Account Takeover ยท Issue #3 ยท 4m3rr0r/PoCVulDb
[Cross-Site Request Forgery (CSRF)] in [Wholesale Management System] leading to Account Takeover ๐จโ๐ป BUG Author: 4m3rr0r ๐ฆ Product Information: Vendor Homepage: https://www.bdtask.com Software Link...
๐จ CVE-2025-13180
A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /edit_profile. Performing manipulation of the argument first_name/last_name results in basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /edit_profile. Performing manipulation of the argument first_name/last_name results in basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
Stored HTML Injection in Wholesale Management System leading to Phishing Risk ยท Issue #4 ยท 4m3rr0r/PoCVulDb
[Stored HTML Injection] in [Wholesale Management System] leading to Phishing Risk ๐จโ๐ป BUG Author: 4m3rr0r ๐ฆ Product Information: Vendor Homepage: https://www.bdtask.com Software Link: https://codec...
๐จ CVE-2025-62293
SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status.
This issue was fixed in version 1.55.
๐@cveNotify
SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status.
This issue was fixed in version 1.55.
๐@cveNotify
cert.pl
Vulnerabilities in SOPlanning software
CERT Polska has received a report about 8 vulnerabilities (from CVE-2025-62293 to 62297 and from 2025-62729 to CVE-2025-62731) found in SOPlanning software.