5.3
CVE-2025-1501 - Incorrect authorization for traces request/download in CMC before 25.1.0
An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges.Β An authenticated user with limited privileges can request and download tracβ¦
6.5
CVE-2025-48108 - WordPress School Management Plugin <= 93.2.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0.
7.1
CVE-2025-29901 - File Station 5
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6β¦
4.7
CVE-2025-6247 - WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Reβ¦
The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update campaigns and iβ¦
4.3
CVE-2024-8860 - Tourfic <= 2.14.5 - Missing Authorization in Multiple Functions
The Tourfic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function, tf_order_bulk_action_edit_functiβ¦
7.8
CVE-2025-53419 - COMMGR Code Injection Vulnerability
Delta Electronics COMMGR has Code Injection vulnerability.
8.6
CVE-2025-53418 - COMMGR Stack-based Buffer Overflow Vulnerability
Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability.
5.5
CVE-2025-57704 - EIP Builder XML External Entity Processing Information Disclosure Vulnerability
Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability.
9.8
CVE-2025-41702 - egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.
6.9
CVE-2025-9476 - SourceCodester Human Resource Information System editemployee_process.php unrestricted upload
A vulnerability has been found in SourceCodester Human Resource Information System 1.0. Affected by this issue is some unknown functionality of the file /Superadmin_Dashboard/process/editemployee_process.php. Such manipulation of the argument employee_file201 leads to unrestricted upload. The attacβ¦