4.4

CVSS3.1

CVE-2025-7431 - Knowledge Base <= 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug

The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin slug setting in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acces…

πŸ“… Published: July 18, 2025, 1:44 a.m. πŸ”„ Last Modified: April 20, 2026, 8:30 p.m.

5.1

CVSS4.0

CVE-2025-7767 - PHPGurukul Art Gallery Management System edit-art-medium-detail.php cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPGurukul Art Gallery Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/edit-art-medium-detail.php. The manipulation of the argument artmed leads to cross site scripting. The attack…

πŸ“… Published: July 18, 2025, 12:02 a.m. πŸ”„ Last Modified: July 29, 2025, 8:20 p.m.

6.5

CVSS3.1

CVE-2025-52166 -

Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensitive components and information.

πŸ“… Published: July 18, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2025-52162 -

agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input.

πŸ“… Published: July 18, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.2

CVSS3.1

CVE-2025-52164 -

Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.

πŸ“… Published: July 18, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.8

CVSS3.1

CVE-2025-50584 -

StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Teacher module.

πŸ“… Published: July 18, 2025, midnight πŸ”„ Last Modified: Sept. 9, 2025, 7:22 p.m.

4.8

CVSS3.1

CVE-2025-50582 -

StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Course module.

πŸ“… Published: July 18, 2025, midnight πŸ”„ Last Modified: Sept. 9, 2025, 7:22 p.m.

6.5

CVSS3.1

CVE-2025-46002 -

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.

πŸ“… Published: July 18, 2025, midnight πŸ”„ Last Modified: Oct. 14, 2025, 2:22 p.m.

9

CVSS3.1

CVE-2025-54309 -

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

πŸ“… Published: July 18, 2025, midnight πŸ”„ Last Modified: Nov. 5, 2025, 7:25 p.m.

7.8

CVSS3.1

CVE-2025-38349 - eventpoll: don't decrement ep refcount while still holding the ep mutex

In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is decrementing the ep refcount and then doing a mutex_unlock(&ep->mtx); afterwards. That's very wrong, because it can …

πŸ“… Published: July 18, 2025, midnight πŸ”„ Last Modified: Nov. 18, 2025, 12:52 p.m.
Total resulsts: 346541
Page 4337 of 34,655
Β« previous page Β» next page
Filters