5.3
CVE-2025-8188 - Campcodes Courier Management System edit_staff.php sql injection
A vulnerability classified as critical has been found in Campcodes Courier Management System 1.0. This affects an unknown part of the file /edit_staff.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to tβ¦
5.3
CVE-2025-8187 - Campcodes Courier Management System edit_parcel.php sql injection
A vulnerability was found in Campcodes Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /edit_parcel.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has beβ¦
5.3
CVE-2025-8186 - Campcodes Courier Management System edit_branch.php sql injection
A vulnerability was found in Campcodes Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit_branch.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploβ¦
6.9
CVE-2025-8185 - 1000 Projects ABC Courier Management System getbyid.php sql injection
A vulnerability was found in 1000 Projects ABC Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /getbyid.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been β¦
8.7
CVE-2025-8184 - D-Link DIR-513 HTTP POST Request formSetWanL2TPtriggers formSetWanL2TPcallback stack-based overflow
A vulnerability was found in D-Link DIR-513 up to 1.10 and classified as critical. This issue affects the function formSetWanL2TPcallback of the file /goform/formSetWanL2TPtriggers of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be iβ¦
6.3
CVE-2025-8182 - Tenda AC18 Samba smb.conf weak password
A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attacβ¦
7.5
CVE-2025-6991 - Kallyas <= 4.21.0 - Authenticated (Contributor+) Local File Inclusion
The kallyas theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.21.0 via the 'TH_LatestPosts4` widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serverβ¦
8.1
CVE-2025-6989 - Kallyas <= 4.21.0 - Authenticated (Contributor+) Arbitrary Folder Deletion
The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the delete_font() function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbiβ¦
6.4
CVE-2025-5529 - Educenter <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Educenter theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Circle Counter Block in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and aβ¦
8.6
CVE-2025-8181 - TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation
A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.