4.3
CVE-2025-8151 - HT Mega β Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limiteβ¦
The HT Mega β Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'save_block_css' function. This makes it possible for authenticated attackers, with Author-level access and above, to create CSS files in any directorβ¦
5.1
CVE-2025-8380 - Campcodes Online Hotel Reservation System add_query_account.php cross site scripting
A vulnerability classified as problematic was found in Campcodes Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/add_query_account.php. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The explβ¦
5.1
CVE-2025-8379 - Campcodes Online Hotel Reservation System edit_room.php unrestricted upload
A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit hasβ¦
7.5
CVE-2025-2813 - HTTP Service DoS Vulnerability
An unauthenticated remote attacker can cause a Denial of Service by sending a large number of requests to the http service on port 80.
7.2
CVE-2025-41688 - High Privilege RCE via LUA Sandbox Escape
A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.
6.9
CVE-2025-8378 - Campcodes Online Hotel Reservation System Login index.php sql injection
A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack β¦
5.1
CVE-2025-40980 - ddd
A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via β/products/<PRODUCT_ID>/editβ, affecting to βnameβ parameter via POST. The vulnerability could allow a remote attacker to send β¦
6.9
CVE-2025-8376 - code-projects Vehicle Management updatebal.php sql injection
A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed toβ¦
6.9
CVE-2025-8375 - code-projects Vehicle Management addvehicle.php sql injection
A vulnerability was found in code-projects Vehicle Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addvehicle.php. The manipulation of the argument vehicle leads to sql injection. The attack may be initiated remotely. The exploit has been disclβ¦
6.1
CVE-2025-24854 - Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin
A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later.