9.8
CVE-2025-4389 - Crawlomatic Multipage Scraper Post Generator <= 2.6.8.1 - Unauthenticated Arbitrary File Upload
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackersβ¦
6.9
CVE-2025-4818 - SourceCodester Doctor's Appointment System GET Parameter delete-doctor.php sql injection
A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/delete-doctor.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack β¦
6.9
CVE-2025-4817 - Sourcecodester Doctor's Appointment System GET Parameter delete-appointment.php sql injection
A vulnerability was found in Sourcecodester Doctor's Appointment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete-appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The atβ¦
6.1
CVE-2025-4194 - AlT Monitoring <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'ALT_Monitoring_edit' page. This makes it possible for unauthenticated attackers to update settings and injectβ¦
6.1
CVE-2025-4189 - Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'audio-comments/audior-settings.php' page. This makes it possible for unauthenticated attackers to updaβ¦
6.9
CVE-2025-4816 - SourceCodester Doctor's Appointment System GET Parameter appointment.php sql injection
A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initβ¦
6.9
CVE-2025-4815 - Campcodes Sales and Inventory System supplier_update.php sql injection
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/supplier_update.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploβ¦
6.9
CVE-2025-4814 - Campcodes Sales and Inventory System supplier_add.php sql injection
A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_add.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. Tβ¦
6.5
CVE-2024-47893 - GPU DDK - OOB read and write of the shared KMD/FW memory heap (VZ/TEE setups)
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest's virtualised GPU memory.
7.5
CVE-2025-1706 - GPU DDK - Improper locking when accessing the pvr_exp_fence object
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.