This vulnerability allows an attacker to inject malicious SQL code into the Online Doctor Appointment Booking System by manipulating the "ID" argument in the /doctor/deleteschedule.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing direct access to the system, which can lead to data breaches, tampering, and other malicious activities.
This vulnerability allows an attacker to inject malicious SQL code into the Online Doctor Appointment Booking System by manipulating the "ic" argument in the /doctor/deletepatient.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially leading to unauthorized data access, modification, or deletion, which can compromise patient confidentiality and the integrity of the appointment booking system.
This vulnerability allows an attacker to inject malicious SQL code into the Online Doctor Appointment Booking System by manipulating the "ID" argument in the /doctor/deleteappointment.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially leading to unauthorized data access, modification, or deletion, which could compromise patient confidentiality and the integrity of the appointment booking system.
This vulnerability allows an attacker to send extremely large payloads to Snowplow Collector 3.x (before version 3.3.0), causing it to become unresponsive to other requests.
This vulnerability is a problem because it can lead to data loss, as the Collector will be unable to process new requests and collect data, potentially disrupting the entire data pipeline.
The CVE-2024-47217 vulnerability allows an attacker to render Iglu Server completely unresponsive by exploiting an authenticated endpoint, similar to CVE-2024-47214, affecting versions 0.13.0 and below.
This vulnerability is a problem because if Iglu Server becomes unresponsive, event processing in the pipeline will eventually come to a halt, potentially disrupting critical operations and services that rely on it.
The CVE-2024-47215 issue causes Snowbridge setups to send events with an invalid Google Tag Manager Server Side (GTM SS) preview header, resulting in these events being retried indefinitely when sent to the GTM SS server.
This vulnerability is a problem because it can significantly impact the performance of forwarding events to GTM SS, leading to increased latency and reduced throughput, which can hinder the effectiveness of data tracking and analysis.
The CVE-2024-47214 vulnerability allows a malicious payload to render Iglu Server completely unresponsive, similar to a previously discovered issue but with a different type of payload.
This vulnerability is a problem because if Iglu Server becomes unresponsive, it can halt event processing in the pipeline, potentially disrupting critical operations and services that rely on the server.
This vulnerability allows an attacker to send a maliciously crafted Snowplow event to the Enrich pipeline, causing it to crash and repeatedly attempt to restart, halting event processing.
This vulnerability is a problem because it can be used to disrupt the normal functioning of the Enrich pipeline, potentially leading to data loss or delays in event processing, which can have significant impacts on business operations and decision-making.
The CVE-2024-47212 vulnerability allows an attacker to send extremely large payloads to a specific API endpoint in Iglu Server version 0.13.0 and below, causing the server to become completely unresponsive.
This vulnerability is a problem because if the Iglu Server is rendered unresponsive, it can halt event processing in the pipeline, potentially disrupting critical operations and causing significant downtime.
This vulnerability allows attackers to inject malicious parameters into the JDBC URL of insightsoftware Hive JDBC, leading to JNDI injection and potentially resulting in remote code execution when the JDBC Driver connects to the database.
This vulnerability is a problem because it enables attackers to execute arbitrary code on the affected system, potentially allowing them to gain unauthorized access, steal sensitive data, or disrupt system operations.
This vulnerability in FastCMS 0.1.5 allows an attacker to use a hard-coded cryptographic key due to a flaw in the JWT Handler component, which can be exploited remotely.
This vulnerability is a problem because it enables attackers to potentially decrypt sensitive data or forge authentication tokens, compromising the security of the system, especially since the exploit has been made public and can be used by malicious actors.
This vulnerability allows an attacker to inject malicious SQL code into the Project Worlds Online Lawyer Management System 1.0 by manipulating the "u_id" argument in the /single_lawyer.php file, which can be done remotely.
This is a problem because SQL injection attacks can give an attacker unauthorized access to sensitive data, allowing them to modify, delete, or extract confidential information, potentially leading to data breaches, financial loss, and reputational damage.
This vulnerability in MinIO's authorization signature component allows an attacker to upload arbitrary objects to a bucket using any secret, given that they already have WRITE permissions on the bucket and prior knowledge of the access-key and bucket name.
This vulnerability is a problem because it enables unauthorized data uploads to a bucket, potentially leading to data corruption, overwrite, or exposure, even if the attacker doesn't have a valid access-key secret.
The CVE-2025-31485 vulnerability affects the API Platform Core system, specifically in its GraphQL functionality, where a grant on a property might be cached with different objects due to an issue in the ItemNormalizer method, potentially leading to unauthorized access or data exposure.
This vulnerability is a problem because it could allow sensitive data to be accessed or modified by unauthorized users, due to the incorrect caching of grants, which can compromise the security and integrity of the API and its associated data.
The CVE-2025-31481 vulnerability allows an attacker to bypass configured security on API operations by utilizing the Relay special node type in the API Platform Core system.
This vulnerability is a problem because it enables attackers to circumvent security measures, potentially leading to unauthorized access, data breaches, or other malicious activities, which can compromise the integrity and confidentiality of the system.
The CVE-2025-31161 vulnerability allows an attacker to bypass authentication and take over the crushadmin account in CrushFTP versions 10 before 10.8.4 and 11 before 11.3.1, by exploiting a race condition in the AWS4-HMAC authorization method and manipulating the HTTP headers to authenticate as any known or guessable user.
This vulnerability is a problem because it enables an attacker to gain administrative access to the system, potentially leading to a full compromise of the system, data theft, and other malicious activities, with a severity score of 9.8, indicating a critical level of risk.
The generator-jhipster-entity-audit module has a vulnerability that allows an attacker to execute remote code if they can place malicious classes into the classpath and access certain REST endpoints, due to unsafe reflection when using Javers as the Entity Audit Framework.
This vulnerability is a problem because it can lead to unintended remote code execution, which can give an attacker full control over the affected system, allowing them to steal sensitive data, disrupt operations, or spread malware.
This vulnerability allows a local attacker to escalate privileges on the Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 device, version v3.2, by exploiting a weakness in the "tftp_image_check" function of the "rc" binary.
This vulnerability is a problem because it enables an attacker with local access to gain higher-level privileges, potentially allowing them to take control of the device, access sensitive information, or execute malicious actions.
The CVE-2025-29504 vulnerability allows a local attacker to gain higher privileges on a system running the student-manage software due to inadequate permission verification.
This vulnerability is a problem because it enables an attacker with local access to escalate their privileges, potentially allowing them to access sensitive data, modify system settings, or perform other malicious actions that could compromise the security and integrity of the system.
This vulnerability allows an attacker to overflow a buffer on the stack in the Tenda Ac15 router's webCgiGetUploadFile function, potentially enabling them to execute arbitrary code when processing HTTP request messages.
This vulnerability is a problem because it could allow an attacker to gain control of the affected router, potentially leading to unauthorized access, data theft, or disruption of network services.
This vulnerability allows a remote attacker to execute arbitrary code on a TOTOLINK x18 device running version 9.1.0cu.2024_B20220329, by exploiting a weakness in the cstecgi.cgi function.
This vulnerability is a problem because it enables an attacker to gain control over the device, potentially leading to unauthorized access, data theft, or disruption of the device's functionality, which can have serious consequences for the security and integrity of the network.
The CVE-2025-26818 vulnerability allows an attacker to inject commands into the Netwrix Password Secure system, potentially giving them unauthorized access to execute system commands.
This vulnerability is a problem because it could enable malicious actors to gain control over the system, allowing them to access sensitive data, disrupt operations, or install additional malware, ultimately compromising the security and integrity of the system.
The Netwrix Password Secure 9.2.0.32454 vulnerability allows an attacker to inject operating system commands, potentially enabling them to execute unauthorized actions on the system.
This vulnerability is a problem because it could give an attacker the ability to gain control of the system, access sensitive data, or disrupt normal operations, leading to potential data breaches or system compromise.
The CVE-2024-45198 vulnerability allows attackers to inject malicious parameters into the JDBC URL of insightsoftware Spark JDBC 2.6.21, leading to JNDI injection and potentially triggering remote code execution when the JDBC Driver connects to the database.
This vulnerability is a problem because it enables attackers to execute arbitrary code on a remote system, potentially allowing them to gain unauthorized access, steal sensitive data, or disrupt system operations.
This vulnerability allows an attacker to inject malicious SQL code into the Project Worlds Online Lawyer Management System 1.0 by manipulating the "first_Name" argument in the /save_user_edit_profile.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing physical access to the system, which can lead to data breaches, tampering, and other malicious activities.
This vulnerability allows an attacker to inject malicious SQL code into the Project Worlds Online Lawyer Management System through the /searchLawyer.php file by manipulating the "experience" argument, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing physical access to the system, which could lead to data breaches, theft, or corruption.
This vulnerability allows an attacker to inject malicious SQL code into the Project Worlds Online Lawyer Management System 1.0 by manipulating the "lawyer_id" argument in the /save_booking.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing physical access to the system, which could lead to data breaches, theft, or corruption.
The XWiki JIRA extension has a vulnerability that allows any logged-in XWiki user to edit their user profile wiki page and use a JIRA macro to display the content of a local file on the XWiki server host by specifying a fake JIRA URL that returns malicious XML.
This vulnerability is a problem because it allows an attacker to access and display sensitive files on the server, potentially revealing confidential information or allowing further exploitation of the system.
The CVE-2025-31486 vulnerability allows an attacker to access the contents of arbitrary files on a server running Vite, a frontend tooling framework for JavaScript, by bypassing the server.fs.deny restriction using specific file extensions and headers.
This vulnerability is a problem because it enables unauthorized access to sensitive files on the server, potentially leading to data breaches or other security issues, especially if the exposed files contain confidential information.
The CVE-2025-29647 vulnerability allows an attacker to inject malicious SQL code into the admin_tempvideo.php component of SeaCMS version 13.3, potentially granting unauthorized access to sensitive database information.
This vulnerability is a problem because it enables hackers to extract, modify, or delete sensitive data, leading to a loss of data integrity, confidentiality, and potentially even system compromise.
This vulnerability allows an attacker to inject malicious SQL code into OpenEMR's database through specific files, including Pharmacy.class.php, C_Pharmacy.class.php, and controller.php, potentially giving them unauthorized access to sensitive data.
This SQL injection vulnerability is a problem because it can lead to unauthorized data access, modification, or deletion, compromising the confidentiality, integrity, and availability of sensitive healthcare information stored in the OpenEMR system.
This vulnerability allows an attacker to inject malicious SQL code into the Project Worlds Online Lawyer Management System 1.0 by manipulating the "unblock_id" argument in the /lawyer_booking.php file, which can be done remotely.
This is a problem because it enables attackers to access, modify, or delete sensitive data in the system's database, potentially leading to data breaches, unauthorized access, or disruption of services, which can have serious consequences for the affected organization.
This vulnerability allows an attacker to inject malicious SQL code into the Project Worlds Online Lawyer Management System 1.0 by manipulating the "unblock_id" argument in the /approve_lawyer.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access and manipulate sensitive data in the system's database, potentially leading to data breaches, unauthorized access, and other malicious activities.
This vulnerability allows an attacker to inject malicious SQL code into the Project Worlds Online Lawyer Management System 1.0 by manipulating the block_id or unblock_id arguments in the /admin_user.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access, modify, or extract sensitive data from the system's database, potentially leading to unauthorized access, data breaches, or disruption of services.
The CVE-2025-31483 vulnerability allows an attacker to bypass the Content Security Policy (CSP) of the media proxy in Miniflux, a feed reader, and execute cross-site scripting (XSS) when opening external images in a new tab or window.
This vulnerability is a problem because it enables attackers to inject malicious code into the feed reader, potentially allowing them to steal user data, take control of the user's session, or perform other malicious actions.
The CVE-2025-31127 vulnerability in Element X Android allows an entity controlling the element.json well-known file to access media encryption keys used for Element Call calls under certain conditions.
This vulnerability is a problem because it compromises the security and privacy of encrypted calls made through the Element X Android app, potentially allowing unauthorized access to sensitive information.
The CVE-2025-31126 vulnerability in Element X iOS allows an entity controlling the element.json well-known file to access media encryption keys used for Element Call calls under certain conditions, potentially compromising the security of these calls.
This vulnerability is a problem because it could allow unauthorized access to sensitive information, such as encrypted media, which could lead to eavesdropping or interception of private communications, undermining the confidentiality and security of Element Call users.
The CVE-2025-3169 vulnerability allows an attacker to upload files without restrictions to the Projeqtor application, specifically through the /tool/saveAttachment.php file, by manipulating the "attachmentFiles" argument. This can be done remotely.
This vulnerability is a problem because it enables attackers to upload malicious files, potentially including executable files, which could lead to further attacks or damage to the system. Although the vendor notes that the vulnerability can only be exploited if the attachment directory is not properly secured, it still poses a significant risk if the application is not installed correctly.
This vulnerability allows an attacker to inject malicious SQL code into the PHPGurukul Time Table Generator System 1.0 by manipulating the "editid" argument in the /admin/edit-class.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access and manipulate sensitive data in the system's database, potentially leading to data breaches, unauthorized modifications, or even complete system compromise.
The CVE-2025-3167 vulnerability allows an attacker to remotely manipulate the "getuid" argument in the Tenda AC23 router's API interface, specifically in the /goform/VerAPIMant file, which can lead to a denial of service.
This vulnerability is a problem because it can be exploited remotely, allowing an attacker to disrupt the normal functioning of the router, potentially causing network outages and impacting the availability of internet services.
This vulnerability allows an attacker to overflow a buffer on the system's stack by manipulating the "target" argument in the "search_item" function of the Search Product Menu component in the Product Management System 1.0, potentially enabling them to execute arbitrary code.
This vulnerability is a problem because it could allow an attacker with local access to the system to gain control over it, potentially leading to data theft, system compromise, or other malicious activities, especially since the exploit has been publicly disclosed.
This vulnerability in JetBrains IntelliJ IDEA allows source code to be logged in the idea.log file, potentially exposing sensitive information, before version 2024.3 and 2024.2.4.
This is a problem because it could lead to unauthorized access to sensitive source code, potentially allowing attackers to exploit vulnerabilities or steal intellectual property.
The CVE-2025-31115 vulnerability is a bug in the XZ Utils data-compression library that can cause a crash when the multithreaded .xz decoder encounters invalid input, potentially leading to heap use after free and writing to an address based on the null pointer plus an offset.
This vulnerability is a problem because it can be exploited to cause a program to crash or potentially execute arbitrary code, which can lead to security breaches, data corruption, or other malicious activities, affecting applications and libraries that use the affected function.
The API Platform Core system, used for creating REST and GraphQL APIs, has a vulnerability that exposes exception messages in JSON error responses when the exceptions are not related to HTTP.
This vulnerability is a problem because it can potentially reveal sensitive information about the system, such as internal errors or debugging data, to unauthorized users through the error messages, which could be used to exploit other vulnerabilities.
The CVE-2025-3165 vulnerability allows an attacker to manipulate the 'ckpt_path/quant_ckpt_dir' argument in the 'torch.load' function of the 'chitu/chitu/backend.py' file, leading to deserialization of malicious data.
This vulnerability is a problem because it enables an attacker to execute malicious code or access sensitive data by exploiting the deserialization process, which can lead to a range of security issues, including data breaches, code execution, and system compromise.
This vulnerability allows an attacker to inject code into the H2 Database Connection Handler of Tencent Music Entertainment SuperSonic, specifically targeting the /api/semantic/database/testConnect file, which can be exploited remotely.
This vulnerability is a problem because it enables remote attackers to inject malicious code, potentially leading to unauthorized access, data breaches, or disruption of services, making it a critical security threat.
This vulnerability allows an attacker to inject code into the InternLM LMDeploy system by manipulating the "Open" function in the lmdeploy/docs/en/conf.py file, potentially leading to unauthorized access and control.
This vulnerability is a problem because it enables attackers to launch a code injection attack on the local host, which can result in significant security breaches, data theft, and system compromise, especially since the exploit has been publicly disclosed and can be easily used by malicious actors.
The CVE-2025-29987 vulnerability allows an authenticated user from a trusted remote client to execute arbitrary commands with root privileges on Dell PowerProtect Data Domain systems running Data Domain Operating System (DD OS) versions prior to 8.3.0.15.
This vulnerability is a problem because it enables an attacker to gain unrestricted access to the system, potentially leading to data breaches, system compromise, and other malicious activities, all with elevated privileges.
This vulnerability allows a remote attacker to overflow a buffer on the stack in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways, potentially leading to remote code execution.
This is a significant problem because it enables an unauthenticated attacker to execute malicious code on the affected system, potentially allowing them to gain control, steal sensitive data, or disrupt operations.
The CVE-2024-4877 vulnerability allows a lesser privileged process on Windows to create a named pipe that the OpenVPN GUI component connects to, potentially enabling the process to escalate its privileges.
This vulnerability is a problem because it could allow an attacker to gain elevated access and control over the system, potentially leading to unauthorized actions, data breaches, or other malicious activities.
This CVE candidate was issued in error and has been rejected, with all related information removed to prevent accidental usage.
It's not a problem as it was an incorrect assignment and does not represent an actual vulnerability.
The CVE-2025-3162 vulnerability allows an attacker to manipulate the load_weight_ckpt function in the InternLM LMDeploy up to version 0.7.1, leading to deserialization, which can occur when an attacker has local access.
This vulnerability is a problem because it can be exploited by an attacker with local access to execute malicious code, potentially allowing them to gain unauthorized access to sensitive data or disrupt system operations.
This vulnerability allows an attacker to overflow a buffer on the stack by manipulating the argument list in the ShutdownSetAdd function of the Tenda AC10 router, potentially leading to remote code execution.
This is a critical issue because it can be exploited remotely, allowing an attacker to gain control of the router and potentially access the network it's connected to, leading to unauthorized data access, malware distribution, or other malicious activities.
The CVE-2025-3160 vulnerability allows an out-of-bounds read in the Open Asset Import Library Assimp, specifically in the SceneCombiner function, when a local attacker manipulates the system.
This vulnerability is a problem because it can be exploited by a local attacker to potentially access sensitive information or disrupt the system, and since the exploit has been publicly disclosed, it may be used by malicious actors.
This vulnerability allows an attacker to embed arbitrary HTML tags in the Web UI of HCL DevOps Deploy / HCL Launch, potentially leading to the disclosure of sensitive information.
This vulnerability is a problem because it can be used by attackers to trick users into revealing sensitive information, such as login credentials or other confidential data, by manipulating the Web UI to display fake or malicious content.
This vulnerability causes a heap-based buffer overflow in the Open Asset Import Library Assimp when parsing ASE files, specifically in the function that handles mesh bones and vertices.
This vulnerability is a problem because it can be exploited by an attacker to potentially execute arbitrary code, leading to a range of malicious activities, including data theft, system compromise, and disruption of service, by manipulating the ASE file handler locally.
This vulnerability causes a heap-based buffer overflow in the Open Asset Import Library Assimp, specifically in the LWO File Handler component, when the Assimp::LWO::AnimResolver::UpdateAnimRangeSetup function is manipulated.
This issue is a problem because it allows an attacker to launch an attack on the local host, potentially leading to arbitrary code execution, data corruption, or crashes, which can compromise the security and stability of the system.
This vulnerability allows an attacker to perform a cross-site scripting (XSS) attack by manipulating the SSID argument in the Wireless Menu component of the Intelbras WRN 150 device, potentially leading to the execution of malicious code.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to inject malicious code into the device, potentially leading to unauthorized access, data theft, or other malicious activities, which can compromise the security and integrity of the device and the network it is connected to.
This vulnerability in the Gnome user help application allows malicious users to create help documents that can execute arbitrary scripts, potentially leading to the exfiltration of user files to an external environment.
This vulnerability is a problem because it enables malicious users to access and steal sensitive user data by disguising their scripts as legitimate help documents, which can then be executed by the application without the user's knowledge or consent.
The CVE-2025-32053 vulnerability is a flaw in the libsoup library that can cause a heap buffer over-read due to issues in the sniff_feed_or_html() and skip_insignificant_space() functions.
This vulnerability is a problem because it can potentially allow attackers to access sensitive information or cause the program to crash, leading to a denial of service. The heap buffer over-read can also potentially be used to exploit other vulnerabilities, making it a significant security concern.
The CVE-2025-32052 vulnerability is a flaw in the libsoup library that can cause a heap buffer over-read when the sniff_unknown() function is used, potentially allowing an attacker to access sensitive data.
This vulnerability is a problem because it can lead to unauthorized access to sensitive information, potentially compromising the security and integrity of the system, and allowing attackers to exploit this weakness for malicious purposes.
The CVE-2025-32051 vulnerability is a flaw in the libsoup library that causes the soup_uri_decode_data_uri() function to crash when processing a malformed data URI, allowing an attacker to initiate a denial of service (DoS) attack.
This vulnerability is a problem because it enables an attacker to intentionally crash the system or application using the libsoup library, resulting in a denial of service that disrupts the normal functioning of the system and potentially leads to data loss or other security issues.
The CVE-2025-32050 vulnerability is a flaw in the libsoup library, specifically in the append_param_quoted() function, which can cause a buffer under-read due to an overflow bug.
This vulnerability is a problem because it can potentially allow attackers to access or manipulate sensitive data, leading to information disclosure or other security breaches, which can compromise the confidentiality and integrity of the affected system.
This vulnerability allows an attacker to send a large WebSocket message to a system using libsoup, causing the system to allocate excessive memory, which can lead to a denial of service (DoS) where the system becomes unresponsive or crashes.
This vulnerability is a problem because it can be exploited by an attacker to intentionally disrupt or shut down a system, making it unavailable for legitimate use and potentially causing significant disruption or financial loss.
The CVE-2025-31911 vulnerability allows an attacker to inject malicious SQL code into a database using the NotFound Social Share And Social Locker plugin, versions 1.4.2 and below, enabling them to extract or modify sensitive data without being detected.
This vulnerability is a problem because it enables attackers to access and manipulate sensitive data, potentially leading to data breaches, unauthorized access, and other malicious activities, posing a significant threat to the security and integrity of the affected system.
The CVE-2025-31909 vulnerability allows unauthorized access to Apptivo Business Site CRM due to missing authorization and incorrectly configured access control security levels, potentially exposing sensitive data.
This vulnerability is a problem because it enables attackers to exploit weaknesses in the access control system, potentially leading to unauthorized data access, modification, or theft, which can compromise business operations and customer trust.
The CVE-2025-31907 vulnerability allows an attacker to inject malicious code into a web page, known as Reflected Cross-site Scripting (XSS), when using the Labib Ahmed Team Builder application. This occurs because the application does not properly neutralize user input during web page generation.
This vulnerability is a problem because it enables attackers to trick users into executing malicious scripts, potentially leading to unauthorized access, data theft, or other harmful activities. The severity score of 7.1 indicates a significant level of risk.
The CVE-2025-31905 vulnerability allows an attacker to inject malicious code into a web page, known as Reflected Cross-site Scripting (XSS), when using the NotFound Team Rosters application.
This vulnerability is a problem because it enables attackers to steal user data, take control of user sessions, or perform unauthorized actions on the affected website, potentially leading to sensitive information disclosure or other malicious activities.
This vulnerability allows an attacker to inject malicious code into a web page, using a technique called Reflected Cross-site Scripting (XSS), when a user interacts with the XV Random Quotes plugin, specifically versions up to 1.37.
This vulnerability is a problem because it enables attackers to steal user data, take control of user sessions, or perform other malicious actions on behalf of the user, potentially leading to sensitive information disclosure, identity theft, or further attacks on the affected system.
The CVE-2025-31902 vulnerability allows an attacker to inject malicious code into a web page through a process known as Reflected Cross-site Scripting (XSS), which occurs when user input is not properly neutralized during web page generation in the NotFound Social Share And Social Locker plugin.
This vulnerability is a problem because it enables attackers to trick users into executing malicious scripts, potentially leading to unauthorized access, data theft, or other malicious activities on the affected website.
The CVE-2025-31901 vulnerability allows an attacker to inject malicious code into a webpage through a reflected Cross-site Scripting (XSS) attack, exploiting the Digihood HTML Sitemap's improper neutralization of user input.
This vulnerability is a problem because it enables attackers to trick users into executing malicious scripts, potentially leading to unauthorized access, data theft, or other malicious activities, compromising the security and integrity of the affected system.
The CVE-2025-31900 vulnerability allows an attacker to inject malicious code into a web page generated by Lexicata, enabling Reflected Cross-site Scripting (XSS) attacks. This occurs due to the improper neutralization of user input during web page generation.
This vulnerability is a problem because it can be exploited by attackers to steal user data, take control of user sessions, or perform other malicious actions on the affected Lexicata system, potentially compromising sensitive information and system security.
The CVE-2025-31899 vulnerability allows an attacker to inject malicious code into a website using the wpshopee Awesome Logos plugin, which can lead to Reflected Cross-Site Scripting (XSS) attacks. This means an attacker can trick a user into clicking a link that executes malicious code on the website.
This vulnerability is a problem because it can allow attackers to steal user data, take control of user sessions, or perform other malicious actions on the affected website. The severity score of 7.1 indicates that this is a significant threat that should be addressed promptly.
This vulnerability allows an attacker to inject malicious code into a website using the MediaView component, which can lead to Reflected Cross-Site Scripting (XSS) attacks. This means an attacker can trick a user into clicking a link or visiting a website that executes the malicious code, potentially stealing sensitive information or taking control of the user's session.
This vulnerability is a problem because it can be used to steal user data, hijack user sessions, or spread malware, which can lead to financial loss, identity theft, or other serious consequences. The severity score of 7.1 indicates that this is a significant vulnerability that should be addressed promptly.
The CVE-2025-31896 vulnerability allows unauthorized access to the GetBookingsWP plugin due to missing authorization, enabling exploitation of incorrectly configured access control security levels.
This vulnerability is a problem because it can be used by attackers to gain unauthorized access to sensitive information or perform malicious actions, potentially compromising the security and integrity of the affected system.
The CVE-2025-31893 vulnerability allows an attacker to inject malicious code into web pages generated by the Botnet Attack Blocker, specifically through a type of attack known as Stored Cross-site Scripting (XSS). This means that an attacker can store malicious scripts on the targeted web application, which are then executed by the application, potentially leading to unauthorized actions.
This vulnerability is a problem because it enables attackers to execute malicious scripts on the web application, potentially allowing them to steal sensitive information, take control of user sessions, or perform other malicious activities. The fact that it is a Stored XSS vulnerability makes it particularly concerning, as the malicious scripts can be stored on the application and executed repeatedly, affecting multiple users.
The CVE-2025-31876 vulnerability allows unauthorized access to the gunnarpayday Payday system due to incorrectly configured access control security levels, affecting versions from unknown to 3.3.12.
This vulnerability is a problem because it enables attackers to exploit the system without proper authorization, potentially leading to unauthorized data access, modification, or other malicious activities, which can compromise the security and integrity of the system.
The CVE-2025-31858 vulnerability allows unauthorized access to Local Magic due to missing authorization, exploiting incorrectly configured access control security levels in versions up to 2.6.0.
This vulnerability is a problem because it enables unauthorized users to access sensitive information or perform actions they shouldn't be able to, potentially leading to data breaches, tampering, or other malicious activities.
The CVE-2025-31841 vulnerability allows unauthorized access to certain features in the FPW Category Thumbnails plugin due to missing authorization checks, potentially enabling exploitation of incorrectly configured access control security levels.
This vulnerability is a problem because it can allow unauthorized users to access or modify sensitive information or settings, potentially leading to data breaches, tampering, or other malicious activities, especially in instances where access control security levels are not properly configured.
The CVE-2025-31827 vulnerability allows an attacker to access files and directories outside of the intended restricted directory in the Fonto application, due to improper limitation of pathname restrictions.
This vulnerability is a problem because it enables an attacker to potentially read, write, or execute sensitive files and data, leading to unauthorized access, data breaches, or even taking control of the system, which can have serious security and data integrity consequences.
The CVE-2025-31825 vulnerability allows an attacker to access files outside of a restricted directory by exploiting a path traversal weakness in the pixelgrade Category Icon plugin, version 1.0.0 and earlier.
This vulnerability is a problem because it enables attackers to potentially read, write, or execute sensitive files on the system, leading to unauthorized access, data breaches, or even complete system compromise.
The CVE-2025-31800 vulnerability allows an attacker to access files outside of a restricted directory by manipulating the pathname, enabling them to potentially read or modify sensitive files.
This vulnerability is a problem because it can give unauthorized access to sensitive information, allowing attackers to exploit this access for malicious purposes, such as stealing data, disrupting operations, or gaining further access to the system.
The CVE-2025-31795 vulnerability allows unauthorized access to the Shopify to WooCommerce Migration plugin due to missing authorization, enabling exploitation of incorrectly configured access control security levels.
This vulnerability is a problem because it can be used by attackers to gain unauthorized access to sensitive data and systems, potentially leading to data breaches, modification, or theft, especially in e-commerce environments where security is crucial.
The CVE-2025-31794 vulnerability allows unauthorized access to the WR Price List Manager For Woocommerce plugin due to missing authorization, enabling exploitation of incorrectly configured access control security levels.
This vulnerability is a problem because it can be used by attackers to gain unauthorized access to sensitive pricing information, potentially leading to data breaches, financial losses, or other malicious activities, especially in e-commerce environments where price lists are critical.
The CVE-2025-31789 vulnerability allows unauthorized access to Matat Technologies TextMe SMS due to missing authorization, enabling exploitation of incorrectly configured access control security levels in versions up to 1.9.1.
This vulnerability is a problem because it permits unauthorized users to access sensitive information or perform actions they shouldn't be able to, potentially leading to data breaches, misuse of services, or other security issues.
The CVE-2025-31768 vulnerability allows unauthorized access to certain functionalities in the OTWthemes Widget Manager Light due to missing authorization constraints, affecting versions from unknown to 1.18.
This vulnerability is a problem because it enables unauthorized users to access and potentially exploit sensitive features that should be restricted, leading to potential security breaches and data compromise.
The CVE-2025-31758 vulnerability allows unauthorized access to certain features in the BinaryCarpenter Free Woocommerce Product Table View plugin due to missing authorization checks, potentially enabling exploitation of incorrectly configured access control security levels.
This vulnerability is a problem because it can allow unauthorized users to access or modify sensitive data, potentially leading to data breaches, unauthorized changes to product information, or other malicious activities, which can compromise the security and integrity of the affected e-commerce website.
The CVE-2025-31746 vulnerability allows unauthorized access to Think201 Clients due to missing authorization, exploiting incorrectly configured access control security levels in versions 1.1.4 and below.
This vulnerability is a problem because it enables attackers to bypass security controls and potentially access sensitive information or systems without proper authorization, which can lead to data breaches, unauthorized modifications, or other malicious activities.
The Manuel Schmalstieg Minimalistic Event Manager has a missing authorization vulnerability, allowing attackers to exploit incorrectly configured access control security levels, potentially gaining unauthorized access to the system.
This vulnerability is a problem because it can allow unauthorized users to access sensitive areas of the system, potentially leading to data breaches, modifications, or other malicious activities, which can compromise the security and integrity of the system.
The CVE-2025-31736 vulnerability allows unauthorized access to the Rich Text Editor due to missing authorization, enabling exploitation of incorrectly configured access control security levels in versions 1.0.1 and below.
This vulnerability is a problem because it permits unauthorized users to access and potentially modify sensitive data or perform actions they should not be allowed to, compromising the security and integrity of the system.
The CVE-2025-31729 vulnerability allows unauthorized access to WooTumblog due to missing authorization, enabling exploitation of incorrectly configured access control security levels in versions 2.1.4 and below.
This vulnerability is a problem because it enables unauthorized users to access sensitive information or perform actions they should not be allowed to, potentially leading to data breaches, modifications, or other malicious activities.
The CVE-2025-31626 vulnerability allows an attacker to inject malicious code into a web page, using a technique known as Reflected Cross-site Scripting (XSS), in the M. Ali Saleem Support Helpdesk Ticket System Lite.
This vulnerability is a problem because it enables attackers to steal user data, take control of user sessions, or perform unauthorized actions on the affected system, potentially leading to sensitive information disclosure, financial loss, or disruption of services.
The CVE-2025-31622 vulnerability allows an attacker to inject malicious code into web pages generated by Utkarsh Kukreti Advanced Typekit, enabling Stored Cross-site Scripting (XSS) attacks.
This vulnerability is a problem because it enables attackers to execute malicious scripts on users' browsers, potentially leading to unauthorized access, data theft, or other malicious activities, affecting all versions of Advanced Typekit up to 1.0.1.
The CVE-2025-31582 vulnerability allows an attacker to inject malicious code into the Ashish Ajani Contact Form vCard Generator, enabling Stored Cross-site Scripting (XSS) attacks. This means that an attacker can store malicious scripts on the website, which will be executed when other users visit the page.
This vulnerability is a problem because it enables attackers to steal user data, take control of user sessions, or perform other malicious actions on behalf of the user. The severity score of 7.1 indicates that this is a relatively high-risk vulnerability that should be addressed promptly.
The CVE-2025-31581 vulnerability allows unauthorized access to the WP Video Playlist due to missing authorization, exploiting incorrectly configured access control security levels in versions 1.1.2 and below.
This vulnerability is a problem because it enables attackers to bypass security controls and potentially access sensitive data or perform unauthorized actions, compromising the security and integrity of the WP Video Playlist.
The CVE-2025-31573 vulnerability allows an attacker to inject malicious code into web pages generated by PeproDev CF7 Database, due to improper handling of user input, leading to Stored Cross-site Scripting (XSS) attacks.
This vulnerability is a problem because it enables attackers to execute malicious scripts on the websites of other users, potentially stealing sensitive information, taking control of user sessions, or performing other malicious actions, which can compromise the security and integrity of the affected system.
The CVE-2025-31558 vulnerability allows sensitive information to be inserted into externally-accessible files or directories in Greg TailPress, enabling the retrieval of embedded sensitive data.
This vulnerability is a problem because it exposes sensitive information, potentially giving unauthorized access to confidential data, which could lead to security breaches, data theft, or other malicious activities.
The CVE-2025-31554 vulnerability allows an attacker to access and manipulate files outside of the intended directory by exploiting a path traversal weakness in the Docxpresso application, specifically affecting versions up to 2.6.
This vulnerability is a problem because it enables attackers to potentially read, modify, or delete sensitive files on the system, leading to data breaches, disruptions, or even taking control of the system, which can have serious security and integrity implications.
The CVE-2025-31541 vulnerability allows unauthorized access to the TuriTop Booking System due to missing authorization, enabling exploitation of incorrectly configured access control security levels in versions 1.0.10 and below.
This vulnerability is a problem because it can allow unauthorized users to access sensitive information or perform actions that they should not be able to, potentially leading to data breaches, tampering, or other malicious activities.