9.8
CVE-2025-48289 - WordPress Kids Planet theme <= 2.2.14 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet kidsplanet allows Object Injection.This issue affects Kids Planet: from n/a through <= 2.2.14.
8.1
CVE-2025-48292 - WordPress Tourmaster plugin <= 5.3.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster tourmaster allows PHP Local File Inclusion.This issue affects Tourmaster: from n/a through <= 5.3.8.
6.1
CVE-2025-41380 - Injection vulnerability in Iridium Certus 700
Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This vulnerability allows a local user to retrieve the SSH hash string.
6.3
CVE-2025-41379 - Injection vulnerability in Iridium Certus 700
The Intellian C700 web panel allows you to add firewall rules. Each of these rules has an associated ID, but there is a problem when adding a new rule, the ID used to create the database entry may be different from the JSON ID. If the rule needs to be deleted later, the system will use the JSON ID β¦
6.9
CVE-2025-41378 - Injection vulnerability in Iridium Certus 700
The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function of the web panel.
8.7
CVE-2025-41377 - SQL injection vulnerability in Gandia Integra Total
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/β¦
6.5
CVE-2024-7803 - Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.
3.5
CVE-2024-9163 - User Interface (UI) Misrepresentation of Critical Information in GitLab
A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.
5.3
CVE-2025-5108 - zongzhige ShopXO ZIP File Payment.php Upload unrestricted upload
A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be initiateβ¦
5.3
CVE-2025-5107 - Fujian Kelixun xml_cdr_details.php sql injection
A vulnerability was found in Fujian Kelixun 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /app/xml_cdr/xml_cdr_details.php. The manipulation of the argument uuid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosedβ¦