6.4
CVE-2025-5531 - Staff Directory β Employee Directory for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cβ¦
The Employee Directory β Staff Listing & Team Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping on user suppβ¦
5.3
CVE-2025-5557 - PHPGurukul Teacher Subject Allocation Management System edit-course.php sql injection
A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-course.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely.β¦
5.3
CVE-2025-5556 - PHPGurukul Teacher Subject Allocation Management System edit-teacher-info.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Teacher Subject Allocation Management System 1.0. This affects an unknown part of the file /admin/edit-teacher-info.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack rβ¦
5.3
CVE-2025-5554 - PHPGurukul Rail Pass Management System pass-bwdates-reports-details.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Rail Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attβ¦
6.9
CVE-2025-5553 - PHPGurukul Rail Pass Management System download-pass.php sql injection
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The expβ¦
5.3
CVE-2025-5552 - ChestnutCMS API Endpoint exec deserialization
A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been discloβ¦
9.8
CVE-2025-49223 -
billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
6.9
CVE-2025-5551 - FreeFloat FTP Server SYSTEM Command buffer overflow
A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. This affects an unknown part of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public anβ¦
6.9
CVE-2025-5550 - FreeFloat FTP Server PBSZ Command buffer overflow
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component PBSZ Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public β¦
6.9
CVE-2025-5549 - FreeFloat FTP Server PASV Command buffer overflow
A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component PASV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to β¦