6.8
CVE-2025-3649 - LightPress Lightbox < 2.3.4 - Contributor+ Stored XSS
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks.
5.9
CVE-2025-3597 - Firelight Lightbox < 2.3.15 - Contributor+ Stored XSS
The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free versionβ¦
9.3
CVE-2025-4558 - WormHole Tech GPM - Unverified Password Change
The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.
8.8
CVE-2025-4557 - ZONG YU Parking Management System - Missing Authentication
The specific APIs of Parking Management System from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific APIs and operate system functions. These functions include opening gates and restarting the system.
9.3
CVE-2025-4556 - ZONG YU Okcat Parking Management Platform - Arbitrary File Upload
The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
9.3
CVE-2025-4555 - ZONG YU Okcat Parking Management Platform - Missing Authentication
The web management interface of Okcat Parking Management Platform from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access system functions. These functions include opening gates, viewing license plates and parking records, and restartingβ¦
6.9
CVE-2025-4554 - PHPGurukul Apartment Visitors Management System bwdates-passreports-details.php sql injection
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-passreports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate β¦
6.9
CVE-2025-4553 - PHPGurukul Apartment Visitors Management System bwdates-reports-details.php sql injection
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may bβ¦
0.0
CVE-2024-55466 -
An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a crafted file.
0.0
CVE-2025-44176 -
Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function.