6.4
CVE-2025-8015 - Shortcodes Ultimate <= 7.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title β¦
The WP Shortcodes Plugin β Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping. This makes it possible forβ¦
5.3
CVE-2025-8018 - code-projects Food Ordering Review System reservation_page.php sql injection
A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/reservation_page.php. The manipulation of the argument reg_Id leads to sql injection. The attack can be launchedβ¦
4.6
CVE-2025-4295 - Host Header Injection in HotelRunner's B2B
Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting.This issue affects B2B: before 04.06.2025.
4.8
CVE-2025-4294 - XSS in HotelRunner's B2B
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HotelRunner B2B allows Cross-Site Scripting (XSS).This issue affects B2B: before 04.06.2025.
8.7
CVE-2025-8017 - Tenda AC7 httpd setMacFilterCfg formSetMacFilterCfg stack-based overflow
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launchβ¦
8.8
CVE-2015-10140 - Ajax Load More < 2.8.1.2 - Subscriber+ File Upload & Deletion
The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.
5.1
CVE-2025-34141 - ETQ Reliance CG < SE.2025.1 Reflected XSS in `SQLConverterServlet`
A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The β¦
8.7
CVE-2025-34140 - ETQ Reliance CG/NXG API Authorization Bypass via ;localized-text URI Suffix
An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resources. The root cause was a misconfiguration β¦
6.9
CVE-2025-34142 - ETQ Reliance CG < SE.2025.1 / < 2025.1.2 XXE Injection in SSO SAML Handler
An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy) platform within the `/resources/sessions/sso` endpoint. The SAML authentication handler processes XML input without disabling external entity resolution, allowing crafted SAML responses to invoke externalβ¦
9.3
CVE-2025-34143 - ETQ Reliance CG Authentication Bypass via Trailing Space RCE
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pagβ¦