5.3
CVE-2025-8366 - Portabilis i-Educar educar_servidor_lst.php cross site scripting
A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_lst.php. The manipulation of the argument nome/matricula_servidor leads to cross site scripting. The attack may be launcβ¦
6.4
CVE-2025-5720 - Customer Reviews for WooCommerce <= 5.80.2 - Unauthenticated Stored Cross-Site Scripting via `authoβ¦
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βauthorβ parameter in all versions up to, and including, 5.80.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject aβ¦
8.8
CVE-2025-7847 - AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload
The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files oβ¦
5.1
CVE-2025-8365 - Portabilis i-Educar atendidos_cad.php cross site scripting
A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file atendidos_cad.php. The manipulation of the argument nome/nome_social/email leads to cross site scripting. The attack can be launched remβ¦
6.9
CVE-2025-8348 - Kehua Charging Pile Cloud Platform home improper authentication
A vulnerability has been found in Kehua Charging Pile Cloud Platform 1.0 and classified as critical. This vulnerability affects unknown code of the file /home. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and mβ¦
5.3
CVE-2025-8347 - Kehua Charging Pile Cloud Platform findAllTask sql injection
A vulnerability, which was classified as critical, was found in Kehua Charging Pile Cloud Platform 1.0. This affects an unknown part of the file /sys/task/findAllTask. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publβ¦
5.3
CVE-2025-8346 - Portabilis i-Educar educar_aluno_lst.php cross site scripting
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /educar_aluno_lst.php. The manipulation of the argument ref_cod_matricula with the input "><img%20src=x%20onerror=alert(%27CVE-Hunters%2β¦
5.3
CVE-2025-8345 - Shanghai Lingdang Information Technology Lingdang CRM yunzhijiaApi.php delete_user sql injection
A vulnerability classified as critical was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this vulnerability is the function delete_user of the file crm/WeiXinApp/yunzhijia/yunzhijiaApi.php. The manipulation of the argument function leads to sql injection.β¦
5.3
CVE-2025-8344 - openviglet shio ShStaticFileAPI.java shStaticFileUpload unrestricted upload
A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument filename leads to unrestricted upload. It is posβ¦
5.3
CVE-2025-8343 - openviglet shio ShStaticFileAPI.java shStaticFilePreUpload path traversal
A vulnerability was found in openviglet shio up to 0.3.8. It has been rated as critical. This issue affects the function shStaticFilePreUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument fileName leads to path traversal. Tβ¦