8.5
CVE-2025-31044 - WordPress Premium SEO Pack <= 3.3.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 3.3.2.
9.3
CVE-2025-30633 - WordPress Amazon Native Shopping Recommendations Plugin <= 1.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through 1.3.
0.0
CVE-2025-69087 - WordPress FreeAgent theme <= 2.1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes FreeAgent freeagent allows PHP Local File Inclusion.This issue affects FreeAgent: from n/a through <= 2.1.2.
5.3
CVE-2025-12519 - Information disclosure on Administration parameters API endpoint
Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations.Β This issue affects Infra Monitoringβ¦
6.8
CVE-2025-13056 - A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2β¦
7.2
CVE-2025-5965 - RCE via the backup feature available only to user with high privilege
In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setuβ¦
6.9
CVE-2026-0585 - code-projects Online Product Reservation System GET Parameter order_view.php sql injection
A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /order_view.php of the component GET Parameter Handler. Such manipulation of the argument transaction_id leads to sql injection. The attack can be executed β¦
5.3
CVE-2026-0584 - code-projects Online Product Reservation System left_cart.php sql injection
A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/left_cart.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been maβ¦
6.9
CVE-2026-0583 - code-projects Online Product Reservation System User Login login.php sql injection
A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd results in sql injection. The attack may be launched remotely. Thβ¦
8.8
CVE-2025-66518 - Apache Kyuubi: Unauthorized directory access due to missing path normalization
Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade tβ¦