CVE ID : CVE-2025-49260
Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in thembay Aora allows PHP Local File Inclusion. This issue affects Aora: from n/a through 1.3.9.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49255
Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in thembay Ruza allows PHP Local File Inclusion. This issue affects Ruza: from n/a through 1.0.7.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49258
Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in thembay Maia allows PHP Local File Inclusion. This issue affects Maia: from n/a through 1.1.15.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49256
Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in thembay Sapa allows PHP Local File Inclusion. This issue affects Sapa: from n/a through 1.1.14.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49415
Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Fastw3b LLC FW Gallery allows Path Traversal. This issue affects FW Gallery: from n/a through 8.0.0.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49261
Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in thembay Diza allows PHP Local File Inclusion. This issue affects Diza: from n/a through 1.3.8.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49330
Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago
Description : Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin allows Object Injection. This issue affects Integration for Contact Form 7 and Zoho CRM, Bigin: from n/a through 1.3.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49508
Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in LoftOcean CozyStay allows PHP Local File Inclusion. This issue affects CozyStay: from n/a through n/a.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49444
Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor allows Upload a Web Shell to a Web Server. This issue affects Reformer for Elementor: from n/a through 1.0.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49447
Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49452
Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Adrian Ladó PostaPanduri allows SQL Injection. This issue affects PostaPanduri: from n/a through 2.1.3.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49861
Published : June 17, 2025, 3:15 p.m. | 3 hours, 12 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Timur Kamaev Kama Click Counter allows Stored XSS. This issue affects Kama Click Counter: from n/a through 4.0.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49857
Published : June 17, 2025, 3:15 p.m. | 3 hours, 12 minutes ago
Description : Missing Authorization vulnerability in WPExperts.io myCred allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects myCred: from n/a through 2.9.4.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49858
Published : June 17, 2025, 3:15 p.m. | 3 hours, 12 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in tychesoftwares Arconix Shortcodes allows Stored XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.17.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49859
Published : June 17, 2025, 3:15 p.m. | 3 hours, 12 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in etruel WP Views Counter allows Stored XSS. This issue affects WP Views Counter: from n/a through 2.0.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49862
Published : June 17, 2025, 3:15 p.m. | 3 hours, 12 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in motov.net Ebook Store allows Stored XSS. This issue affects Ebook Store: from n/a through 5.8008.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49863
Published : June 17, 2025, 3:15 p.m. | 3 hours, 12 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Codeus Advanced Sermons allows Stored XSS. This issue affects Advanced Sermons: from n/a through 3.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49864
Published : June 17, 2025, 3:15 p.m. | 3 hours, 12 minutes ago
Description : Missing Authorization vulnerability in AFS Analytics AFS Analytics allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AFS Analytics: from n/a through 4.21.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49868
Published : June 17, 2025, 3:15 p.m. | 3 hours, 12 minutes ago
Description : URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in FunnelKit Automation By Autonami allows Phishing. This issue affects Automation By Autonami: from n/a through 3.6.0.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49871
Published : June 17, 2025, 3:15 p.m. | 3 hours, 12 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brian Mutende Noptin allows Stored XSS. This issue affects Noptin: from n/a through 3.8.7.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…