6.9
CVE-2025-3220 - PHPGurukul e-Diary Management System dashboard.php sql injection
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The β¦
5.1
CVE-2025-3219 - CodeCanyon Perfex CRM Project Discussions Module 2 cross site scripting
A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /perfex/clients/project/2 of the component Project Discussions Module. The manipulation of the argument description leads to cross site scripting. It is possiβ¦
8.8
CVE-2025-3105 - Vehica Core <= 1.0.97 - Authenticated (Subscriber+) Privilege Escalation
The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes β¦
6.9
CVE-2025-3217 - PHPGurukul e-Diary Management System registration.php sql injection
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /registration.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has beenβ¦
9.8
CVE-2025-2780 - Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload
The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level aβ¦
5.4
CVE-2025-2797 - Woffice Core <= 5.4.21 - Cross-Site Request Forgery to User Registration Approval
The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incorrect nonce validation on the 'woffice_handle_user_approval_actions' function. This makes it possible for unauthenticated attackers to approvβ¦
5.1
CVE-2025-3087 - Stored XSS Vulnerability in M-Files Web
Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts
6.3
CVE-2025-3086 - User in anonymous role could create and delete views
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service
6.9
CVE-2025-3216 - PHPGurukul e-Diary Management System password-recovery.php sql injection
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been classified as critical. This affects an unknown part of the file /password-recovery.php. The manipulation of the argument username/contactno leads to sql injection. It is possible to initiate the attack remotely. Theβ¦
5.3
CVE-2025-3215 - PHPGurukul Restaurant Table Booking System add-subadmin.php sql injection
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. Thβ¦