4.8
CVE-2025-4472 - code-projects Departmental Store Management System bill stack-based overflow
A vulnerability was found in code-projects Departmental Store Management System 1.0. It has been classified as critical. Affected is the function bill. The manipulation of the argument Item Code leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploitβ¦
4.8
CVE-2025-4471 - code-projects Jewelery Store Management system Search Item View stack-based overflow
A vulnerability, which was classified as critical, has been found in code-projects Jewelery Store Management system 1.0. Affected by this issue is some unknown functionality of the component Search Item View. The manipulation of the argument str2 leads to stack-based buffer overflow. The attack neeβ¦
4.8
CVE-2025-4470 - SourceCodester Online Student Clearance System add-student.php cross site scripting
A vulnerability classified as problematic was found in SourceCodester Online Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-student.php. The manipulation of the argument Fullname leads to cross site scripting. The attack can be launchβ¦
4.8
CVE-2025-4469 - SourceCodester Online Student Clearance System add-admin.php cross site scripting
A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassword2 leads to cross site scripting. It is poβ¦
5.5
CVE-2025-37889 - ASoC: ops: Consistently treat platform_max as control value
In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Consistently treat platform_max as control value This reverts commit 9bdd10d57a88 ("ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min"), and makes some additional related updates. There are two ways the plβ¦
8.8
CVE-2025-3455 - 1 Click WordPress Migration Plugin β 100% FREE for a limited time <= 2.2 - Missing Authorization toβ¦
The 1 Click WordPress Migration Plugin β 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2. This makes it possible for authenticated attackeβ¦
9.8
CVE-2024-11617 - Envolve Plugin <= 1.0 - Unauthenticated Arbitrary File Upload via language_file and fonts_file
The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetra_languageUpload' and 'zetra_fontsUpload' functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary filβ¦
9.8
CVE-2025-2253 - IMITHEMES Listing <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password Reset
The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imic_reset_password_init() function. This makesβ¦
9.8
CVE-2025-3605 - Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account β¦
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_uβ¦
6.9
CVE-2025-4468 - SourceCodester Online Student Clearance System edit-photo.php unrestricted upload
A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument userImage leads to unrestricted upload. The attack may be initiated remotely. The β¦