9.9
CVE-2025-2605 - Authenticated command injection
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most β¦
7.5
CVE-2025-4204 - Ultimate Auction Pro <= 1.5.2 - Unauthenticated SQL Injection via 'auction_id'
The Ultimate Auction Pro plugin for WordPress is vulnerable to SQL Injection via the βauction_idβ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fβ¦
4
CVE-2025-2488 - XSS in Profelis Informatics' SambaBox
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting (XSS).This issue affects SambaBox: before 5.1.
8.2
CVE-2025-2421 - Remote Code Execution in Profelis Informatics' SambaBox
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection.This issue affects SambaBox: before 5.1.
7.4
CVE-2025-1301 - Reflected XSS in Yordam Informatics' Library Automation System
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yordam Informatics Library Automation System allows Reflected XSS.This issue affects Library Automation System: before 21.6.
0.0
CVE-2025-0427 - Mali GPU Kernel Driver allows access to already freed memory
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU processing operations to gain access to already freed memory.This issue affects Biβ¦
0.0
CVE-2025-0072 - Mali GPU Kernel Driver allows improper GPU memory processing operations
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driverβ¦
9.8
CVE-2025-2812 - SQLi in Mydata Informatics' Ticket Sales Automation
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.This issue affects Ticket Sales Automation: before 03.04.2025 (DD.MM.YYYY).
5.4
CVE-2024-11142 - CSRF in Gosoft Software's Proticaret E-Commerce
Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the vendor, fixing process is still ongoing for v4.05.
6.4
CVE-2024-13859 - BuddyBoss Platform <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bp_nouvβ¦
The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βbp_nouveau_ajax_media_saveβ function in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Suβ¦