6.4
CVE-2025-8451 - Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.2.2 - Authenticated (…
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-gallery-items’ parameter in all versions up to, and including, 6.2.2 due to insufficient input sanitization and output escaping. This …
3.8
CVE-2025-8013 - Quttera Web Malware Scanner <= 3.5.1.41 - Authenticated (Administrator+) Server-Side Request Forgery
The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to…
7.3
CVE-2025-9016 - Mechrevo Control Center GX V2 Powershell Script Command uncontrolled search path
A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to uncontrolled search path. Local access is r…
6.9
CVE-2025-9013 - PHPGurukul Online Shopping Portal Project password-recovery.php sql injection
A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed…
6.9
CVE-2025-9012 - PHPGurukul Online Shopping Portal Project bill-ship-addresses.php sql injection
A vulnerability was identified in PHPGurukul Online Shopping Portal Project 2.0. This affects an unknown part of the file shopping/bill-ship-addresses.php. The manipulation of the argument billingpincode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been di…
6.9
CVE-2025-9011 - PHPGurukul Online Shopping Portal Project signup.php sql injection
A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclose…
6.9
CVE-2025-9010 - itsourcecode Online Tour and Travel Management System booking_report.php sql injection
A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking_report.php. The manipulation of the argument from_date leads to sql injection. The attack can be launched remotely. The explo…
6.9
CVE-2025-9009 - itsourcecode Online Tour and Travel Management System email_setup.php sql injection
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/email_setup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed…
3.7
CVE-2025-31961 - HCL Connections is vulnerable to broken access control
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
6.9
CVE-2025-9008 - itsourcecode Online Tour and Travel Management System sms_setting.php sql injection
A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/sms_setting.php. The manipulation of the argument uname leads to sql injection. The attack may be initiated remotely. The exploit has been discl…