5.3
CVE-2026-0586 - code-projects Online Product Reservation System prod.php cross site scripting
A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulation of the argument cat results in cross site scripting. The attack is possible to be carried out remβ¦
9.9
CVE-2025-31048 - WordPress Shopo <= 1.1.4 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4.
8.8
CVE-2025-31047 - WordPress Themify Edmin theme <= 2.0.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Themify Themify Edmin allows Object Injection.This issue affects Themify Edmin: from n/a through 2.0.0.
4.3
CVE-2025-31046 - WordPress AnyWhere Elementor Pro plugin <= 2.29 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through 2.29.
8.5
CVE-2025-31044 - WordPress Premium SEO Pack <= 3.3.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 3.3.2.
9.3
CVE-2025-30633 - WordPress Amazon Native Shopping Recommendations Plugin <= 1.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through 1.3.
8.1
CVE-2025-69087 - WordPress FreeAgent theme <= 2.1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes FreeAgent freeagent allows PHP Local File Inclusion.This issue affects FreeAgent: from n/a through <= 2.1.2.
5.3
CVE-2025-12519 - Information disclosure on Administration parameters API endpoint
Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations.Β This issue affects Infra Monitoringβ¦
6.8
CVE-2025-13056 - A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2β¦
7.2
CVE-2025-5965 - RCE via the backup feature available only to user with high privilege
In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setuβ¦