6.9
CVE-2025-3151 - SourceCodester Gym Management System signup.php sql injection
A vulnerability was found in SourceCodester Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /signup.php. The manipulation of the argument user_name leads to sql injection. The attack may be launched remotely. The exploit hasโฆ
5.3
CVE-2025-3150 - itning Student Homework Management System cross-site request forgery
A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been discloโฆ
4.8
CVE-2025-3149 - itning Student Homework Management System Edit Job Page fileupload cross site scripting
A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shw_war/fileupload of the component Edit Job Page. The manipulation of the argument Course leads to cross site scripting. It is posโฆ
6.4
CVE-2025-1663 - Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scriptโฆ
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lโฆ
4.4
CVE-2025-2874 - User Submitted Posts <= 20241026 - Authenticated (Admin+) Stored Cross-Site Scripting
The User Submitted Posts โ Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20240319 due to insufficient input sanitization and output escaping. This makes it possible for autheโฆ
6.4
CVE-2024-13673 - Big Boom Directory <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Big Boom Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bbd-search' shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticatโฆ
4.8
CVE-2025-3148 - codeprojects Product Management System Login buffer overflow
A vulnerability was found in codeprojects Product Management System 1.0 and classified as problematic. This issue affects some unknown processing of the component Login. The manipulation of the argument Str1 leads to buffer overflow. Attacking locally is a requirement. The exploit has been discloseโฆ
6.9
CVE-2025-3147 - PHPGurukul Boat Booking System add-subadmin.php sql injection
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. The attack can be initiated remotely. The exploit has been โฆ
6.9
CVE-2025-3146 - PHPGurukul Bus Pass Management System view-pass-detail.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has โฆ
4.8
CVE-2025-3145 - MindSpore mindspore.numpy.fft.rfft2 memory corruption
A vulnerability, which was classified as problematic, has been found in MindSpore 2.5.0. Affected by this issue is the function mindspore.numpy.fft.rfft2. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be โฆ