CVE ID : CVE-2025-47576
Published : May 19, 2025, 5:15 p.m. | 1 hour, 33 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Bringthepixel Bimber – Viral Magazine WordPress Theme.This issue affects Bimber – Viral Magazine WordPress Theme: from n/a through 9.2.5.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4940
Published : May 19, 2025, 5:15 p.m. | 1 hour, 33 minutes ago
Description : A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admin_info.php. The manipulation of the argument batch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47583
Published : May 19, 2025, 5:15 p.m. | 1 hour, 33 minutes ago
Description : Unauthenticated Cross Site Request Forgery (CSRF) in Salon booking system
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4941
Published : May 19, 2025, 5:15 p.m. | 1 hour, 33 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4945
Published : May 19, 2025, 5:15 p.m. | 1 hour, 33 minutes ago
Description : A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-26735
Published : May 19, 2025, 6:15 p.m. | 33 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Candid themes Grip.This issue affects Grip: from n/a through 1.0.9.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-22287
Published : May 19, 2025, 6:15 p.m. | 33 minutes ago
Description : Missing Authorization vulnerability in Eniture Technology LTL Freight Quotes – FreightQuote Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through 2.3.11.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27010
Published : May 19, 2025, 6:15 p.m. | 1 hour, 22 minutes ago
Description : Path Traversal: ‘…/…//’ vulnerability in bslthemes Tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a before 2.5.2.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-26892
Published : May 19, 2025, 6:15 p.m. | 1 hour, 22 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-26872
Published : May 19, 2025, 6:15 p.m. | 1 hour, 22 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-26997
Published : May 19, 2025, 6:15 p.m. | 33 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in validas Wireless Butler allows Reflected XSS.This issue affects Wireless Butler: from n/a through 1.0.11.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39396
Published : May 19, 2025, 6:15 p.m. | 33 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Crocoblock JetReviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through 2.3.6.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39450
Published : May 19, 2025, 6:15 p.m. | 33 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Crocoblock JetTabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through 2.2.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39398
Published : May 19, 2025, 6:15 p.m. | 33 minutes ago
Description : Missing Authorization vulnerability in Themovation Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue.This issue affects Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue: from n/a through 4.2.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39412
Published : May 19, 2025, 6:15 p.m. | 33 minutes ago
Description : Missing Authorization vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.10.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39448
Published : May 19, 2025, 6:15 p.m. | 33 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Crocoblock JetElements For Elementor allows Stored XSS.This issue affects JetElements For Elementor: from n/a through 2.7.4.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39454
Published : May 19, 2025, 6:15 p.m. | 33 minutes ago
Description : Missing Authorization vulnerability in Jeroen Peters Name Directory.This issue affects Name Directory: from n/a through 1.30.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-39460
Published : May 19, 2025, 6:15 p.m. | 33 minutes ago
Description : Missing Authorization vulnerability in ThimPress Eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through 5.6.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43833
Published : May 19, 2025, 6:15 p.m. | 33 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Amir Helzer Absolute Links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through 1.1.1.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47582
Published : May 19, 2025, 6:15 p.m. | 1 hour, 22 minutes ago
Description : Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…