7.2
CVE-2025-7725 - Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery β Upload, Vote, Sell β¦
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery β Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to insβ¦
6.9
CVE-2025-8434 - code-projects Online Movie Streaming admin.php authorization
A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been dβ¦
9.8
CVE-2025-5947 - Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() functβ¦
5.3
CVE-2025-8433 - code-projects Document Management System dell.php unlink path traversal
A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to thβ¦
9.8
CVE-2025-5954 - Service Finder SMS System <= 2.0.0 - Unauthenticated Privilege Escalation
The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() functioβ¦
6.9
CVE-2025-8431 - PHPGurukul Boat Booking System add-boat.php sql injection
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the argument boatname leads to sql injection. The attack can be initiated remotely. The exploit has been discβ¦
7.8
CVE-2025-52327 -
SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file
9.8
CVE-2025-45150 -
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request.
7.2
CVE-2025-44139 -
Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip
6.9
CVE-2025-53399 -
In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets (except when the relay is configured for strict source and learning disabled). Version 13.4.1β¦