6.9
CVE-2025-4108 -
A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /add-subject.php. The manipulation of the argument sub1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been discl…
6.5
CVE-2025-2890 - tagDiv Opt-In Builder <= 1.7 - Authenticated (Subscriber+) SQL Injection via subscriptionCouponId P…
The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘subscriptionCouponId’ parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…
7.8
CVE-2025-4125 - ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.
7.8
CVE-2025-4124 - ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.
7.8
CVE-2025-22884 - ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.
7.8
CVE-2025-22883 - ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.
7.8
CVE-2025-22882 - ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file.
0.0
CVE-2025-3471 - SureForms < 1.4.4 - Contributor+ Settings Update
The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action
6.5
CVE-2025-3953 - WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorizati…
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated at…
10
CVE-2025-32444 - vLLM Vulnerable to Remote Code Execution via Mooncake Integration
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable…