9.8
CVE-2025-12682 - Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitr…
5.9
CVE-2025-12695 - Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the s…
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.
8.7
CVE-2025-41345 - Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDenunciasById.php'.
8.7
CVE-2025-41344 - Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_archivo' in '/backend/api/verArchivo.php'.
8.7
CVE-2025-41343 - Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'.
8.7
CVE-2025-41342 - Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_user' in '/backend/api/buscarUsuarioId.php'.
8.7
CVE-2025-41341 - Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'seguro' in '/backend/api/buscarUsuarioByDenuncia.php'.
8.7
CVE-2025-41340 - Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_tp_denuncia' and 'id_sociedad' in '/backend/api/buscarTipoDenunciabyId.php'.
8.7
CVE-2025-41339 - Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_sociedad' in '/backend/api/buscarTipoDenuncia.php'.
8.7
CVE-2025-41338 - Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarTestigoByIdDenunciaUsuario.php'.