8.7
CVE-2025-10034 - D-Link DIR-825 httpd ping6_response.cg get_ping6_app_stat buffer overflow
A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack remotely. The exploit has beβ¦
6.9
CVE-2025-10033 - itsourcecode Online Discussion Forum admin sql injection
A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
5.3
CVE-2025-10032 - Campcodes Grocery Sales and Inventory System index.php cross site scripting
A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /index.php. The manipulation of the argument page results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.
6.9
CVE-2025-10031 - Campcodes Grocery Sales and Inventory System ajax.php sql injection
A security vulnerability has been detected in Campcodes Grocery Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been β¦
6.9
CVE-2025-10030 - Campcodes Grocery Sales and Inventory System ajax.php sql injection
A weakness has been identified in Campcodes Grocery Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_receiving. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been β¦
5.1
CVE-2025-10029 - itsourcecode POS Point of Sale System complex_header_2.php cross site scripting
A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This vulnerability affects unknown code of the file /inventory/main/vendors/datatables/unit_testing/templates/complex_header_2.php. Performing manipulation of the argument scripts results in cross site scripting. The β¦
8.6
CVE-2025-9961 - Authenticated RCE by CWMP binary
An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.Β The exploit can only be conducted via a Man-In-The-Middle (MITM) attack.Β This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6:β¦
4.9
CVE-2025-10046 - ELEX WooCommerce Google Shopping (Google Product Feed) <= 1.4.3 - Authenticated (Admin+) SQL Inejctβ¦
The ELEX WooCommerce Google Shopping (Google Product Feed) plugin for WordPress is vulnerable to SQL Injection via the 'file_to_delete' parameter in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existinβ¦
5.1
CVE-2025-10028 - itsourcecode POS Point of Sale System 6776.php cross site scripting
A vulnerability was identified in itsourcecode POS Point of Sale System 1.0. This affects an unknown part of the file /inventory/main/vendors/datatables/unit_testing/templates/6776.php. Such manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. Theβ¦
6.4
CVE-2025-6757 - Recent Posts Widget Extended <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting viβ¦
The Recent Posts Widget Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rpwe' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentβ¦