4.8
CVE-2025-3894 - Stored XSS in MegaBIP
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required.Β Β Version 5.20 of MegaBIP fixes this issue.
8.6
CVE-2025-3893 - SQL Injection in MegaBIP
While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability.Β Version 5.20 of MegaBIP fixes this issue.
5.1
CVE-2025-4379 - Reflected XSS in DobryCMS
DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. Itβ¦
8.4
CVE-2024-13945 - Stored Absolute Path Traversal
Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
6.9
CVE-2025-47149 -
The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is ruβ¦
6.4
CVE-2025-5096 - TablePress <= 3.1.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multipβ¦
The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. Thisβ¦
0.0
CVE-2025-5104 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.4
CVE-2025-4594 - Tournamatch <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible foβ¦
8
CVE-2025-5100 - KL-001-2025-005: Mobile Dynamix PrinterShare Mobile Print Double-Free Memory Write
A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution.
9.1
CVE-2025-5098 - KL-001-2025-003: Mobile Dynamix PrinterShare Mobile Print Gmail Oauth Token Disclosure
PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization.