8.7
CVE-2025-41033 - SQL injection vulnerability in appRain CMF
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through theΒ 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create.
8.7
CVE-2025-41032 - SQL injection vulnerability in appRain CMF
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through theΒ 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/.
7.7
CVE-2024-34598 -
Improper export of component in GoodLock prior to version 2.2.04.95 allows local attackers to install arbitrary applications from Galaxy Store.
4.3
CVE-2022-39888 -
Improper access control vulnerability in retrieveExternalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to access to Proxy information.
7.2
CVE-2025-6085 - Make Connector <= 1.5.10 - Authenticated (Administrator+) Arbitrary File Upload
The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upβ¦
5.3
CVE-2025-9616 - PopAd <= 1.0.4 - Cross-Site Request Forgery to Settings Update
The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAd_reset_cookie_time function. This makes it possible for unauthenticated attackers to reset cookie time settings viβ¦
8.6
CVE-2025-2411 - OTP Bypass in Akinsoft's TaskPano
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.This issue affects TaskPano: from s1.06.04 before v1.06.06.
4.7
CVE-2024-13073 - XSS in Akinsoft's TaskPano
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft TaskPano allows Cross-Site Scripting (XSS).This issue affects TaskPano: s1.06.04.
7.5
CVE-2025-6984 - Sensitive Information Disclosure Due to Insecure XML Parsing in langchain-ai/langchain
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.iterparse() without disabling external entity references, whiβ¦
8.6
CVE-2025-2417 - OTP Bypass in Akinsoft's e-Mutabakat
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass.This issue affects e-Mutabakat: from 2.02.06 before v2.02.06.