6.5
CVE-2025-53199 - WordPress HT Slider For Elementor plugin <= 1.6.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Slider For Elementor ht-slider-for-elementor allows DOM-Based XSS.This issue affects HT Slider For Elementor: from n/a through <= 1.6.5.
4.3
CVE-2025-53197 - WordPress Cookiebot plugin <= 4.5.8 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in cookiebot Cookiebot cookiebot allows Cross Site Request Forgery.This issue affects Cookiebot: from n/a through <= 4.5.8.
4.3
CVE-2025-53193 - WordPress Burst Statistics plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Burst Statistics B.V. Burst Statistics burst-statistics allows Cross Site Request Forgery.This issue affects Burst Statistics: from n/a through <= 2.0.6.
5.3
CVE-2025-6767 - sfturing hosp_order DoctorServiceImpl.java findDoctorByCondition sql injection
A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been rated as critical. This issue affects the function findDoctorByCondition of the file DoctorServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. The attack β¦
3
CVE-2025-53018 - Lychee has Server-Side Request Forgery (SSRF) in Photo::fromUrl API via unvalidated remote image URβ¦
Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery (SSRF) vulnerability exists in the `/api/v2/Photo::fromUrl` endpoint. This flaw lets an attacker instruct the applicationβs backend to make HTTP requests to any URL they choose. Consβ¦
5.3
CVE-2025-6766 - sfturing hosp_order OfficeServiceImpl.java getOfficeName sql injection
A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been declared as critical. This vulnerability affects the function getOfficeName of the file OfficeServiceImpl.java. The manipulation of the argument officesName leads to sql injection. The attacβ¦
6.5
CVE-2025-40910 - Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR adβ¦
Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally usinβ¦
5.3
CVE-2025-6765 - Intelbras InControl HTTP PUT Request operador permission
A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The β¦
7.7
CVE-2025-24765 - WordPress Image Shadow plugin <= 1.1.0 - Arbitrary File Deletion Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RobMarsh Image Shadow image-shadow allows Path Traversal.This issue affects Image Shadow: from n/a through <= 1.1.0.
8.1
CVE-2025-24769 - WordPress Zenny theme <= 1.7.5 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Zenny bw-zenny allows PHP Local File Inclusion.This issue affects Zenny: from n/a through <= 1.7.5.