6.9
CVE-2025-9504 - Campcodes Online Loan Management System ajax.php sql injection
A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now publiโฆ
5.9
CVE-2025-49035 - WordPress Admin Menu Groups plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chaimchaikin Admin Menu Groups admin-menu-groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through <= 0.1.2.
5.9
CVE-2025-49039 - WordPress Link View plugin <= 0.8.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mibuthu Link View link-view allows Stored XSS.This issue affects Link View: from n/a through <= 0.8.0.
4.3
CVE-2025-49040 - WordPress Backup Bolt plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt Backup Bolt backup-bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through <= 1.5.0.
6.9
CVE-2025-9503 - Campcodes Online Loan Management System ajax.php sql injection
A security vulnerability has been detected in Campcodes Online Loan Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_borrower. The manipulation of the argument lastname leads to sql injection. Remote exploitation of the attack is possible. The exploit has beeโฆ
6.9
CVE-2025-9502 - Campcodes Online Loan Management System ajax.php sql injection
A weakness has been identified in Campcodes Online Loan Management System 1.0. This impacts an unknown function of the file /ajax.php?action=save_payment. Executing manipulation of the argument loan_id can lead to sql injection. The attack may be launched remotely. The exploit has been made availabโฆ
6.4
CVE-2025-7732 - Lazy Load for Videos <= 2.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-โฆ
The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazyโloading handlers in all versions up to, and including, 2.18.7 due to insufficient input sanitization and output escaping. The pluginโs JavaScript registration handlers read the clientโsupplied 'dโฆ
8.8
CVE-2024-37777 -
O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function.
5.8
CVE-2025-56694 -
Client-side password validation (CWE-602) in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums.
6.6
CVE-2025-55582 -
D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware moโฆ