9.3
CVE-2025-48283 - WordPress Majestic Support plugin <= 1.1.0 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic Support majestic-support allows SQL Injection.This issue affects Majestic Support: from n/a through <= 1.1.0.
7.1
CVE-2025-48286 - WordPress ReDi Restaurant Reservation plugin <= 24.1209 - Reflected Cross Site Scripting (XSS) vulnโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation redi-restaurant-reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through <= 24.1209.
9.8
CVE-2025-48287 - WordPress Pix 4x sem juros - Pagaleve plugin <= 1.6.9 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve wc-pagaleve allows Object Injection.This issue affects Pix 4x sem juros - Pagaleve: from n/a through <= 1.6.9.
9.8
CVE-2025-48289 - WordPress Kids Planet theme <= 2.2.14 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet kidsplanet allows Object Injection.This issue affects Kids Planet: from n/a through <= 2.2.14.
8.1
CVE-2025-48292 - WordPress Tourmaster plugin <= 5.3.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster tourmaster allows PHP Local File Inclusion.This issue affects Tourmaster: from n/a through <= 5.3.8.
6.1
CVE-2025-41380 - Injection vulnerability in Iridium Certus 700
Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This vulnerability allows a local user to retrieve the SSH hash string.
6.3
CVE-2025-41379 - Injection vulnerability in Iridium Certus 700
The Intellian C700 web panel allows you to add firewall rules. Each of these rules has an associated ID, but there is a problem when adding a new rule, the ID used to create the database entry may be different from the JSON ID. If the rule needs to be deleted later, the system will use the JSON ID โฆ
6.9
CVE-2025-41378 - Injection vulnerability in Iridium Certus 700
The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function of the web panel.
8.7
CVE-2025-41377 - SQL injection vulnerability in Gandia Integra Total
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/โฆ
6.5
CVE-2024-7803 - Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.