8.8
CVE-2025-6423 - BeeTeam368 Extensions <= 2.3.5 - Authenticated (Subscriber+) Arbitrary File Upload
The BeeTeam368 Extensions plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_submit_upload_file() function in all versions up to, and including, 2.3.5. This makes it possible for authenticated attackers with Subscriber-level access or highβ¦
8.7
CVE-2025-7465 - Tenda FH1201 HTTP POST Request fromRouteStatic buffer overflow
A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnerability is the function fromRouteStatic of the file /goform/fromRouteStatic of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can beβ¦
6.3
CVE-2025-7464 - osrg GoBGP rtr.go SplitRTR out-of-bounds
A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploβ¦
8.7
CVE-2025-7463 - Tenda FH1201 HTTP POST Request AdvSetWrlsafeset formWrlsafeset buffer overflow
A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declared as critical. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP POST Request Handler. The manipulation of the argument mit_ssid leads to buffer overflow. The attacβ¦
5.3
CVE-2025-7462 - Artifex GhostPDL New Output File Open Error gdevpdf.c pdf_ferror null pointer dereference
A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer β¦
8.8
CVE-2025-1313 - Nokri - Job Board WordPress Theme <= 1.6.3 - Authenticated (Subscriber+) Privilege Escalation via Aβ¦
The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email address. This makes it posβ¦
6.9
CVE-2025-7461 - code-projects Modern Bag action.php sql injection
A vulnerability was found in code-projects Modern Bag 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. The manipulation of the argument proId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to tβ¦
8.8
CVE-2025-6057 - WPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_image_upload() function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbiβ¦
9.8
CVE-2025-6058 - WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_booking_type' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbβ¦
4.9
CVE-2023-39339 -
A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request.