6.3
CVE-2025-3555 - ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication
A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The comβ¦
4.7
CVE-2025-32093 - Syatem admin profile modification by delegated granular administration role
Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system admiβ¦
2
CVE-2025-30516 - Unauthorized Notification Exposure in Mobile App Under Specific Conditions
Mattermost Mobile Apps versions <=2.25.0Β fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications
5.3
CVE-2025-3554 - phpshe api.php cross site scripting
A vulnerability was found in phpshe 1.8. It has been rated as problematic. This issue affects some unknown processing of the file api.php?mod=cron&act=buyer. The manipulation of the argument act leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to tβ¦
5.3
CVE-2025-3553 - phpshe admin.php pe_delete sql injection
A vulnerability was found in phpshe 1.8. It has been declared as critical. This vulnerability affects the function pe_delete of the file /admin.php?mod=brand&act=del. The manipulation of the argument brand_id[] leads to sql injection. The attack can be initiated remotely. The exploit has been disclβ¦
8.1
CVE-2025-2563 - User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation
The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges
5.9
CVE-2024-9230 - PowerPress Podcasting < 11.9.18 - Author+ XSS via Podcast URL
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks
0.0
CVE-2025-3552 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not ablβ¦
0.0
CVE-2025-3551 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not ablβ¦
5.3
CVE-2025-3550 - wowjoy ζ΅ζ±ζΉε·εεδΏ‘ζ―η§ζζιε ¬εΈ Internet Doctor Workstation System detail improper authorization
A vulnerability has been found in wowjoy ζ΅ζ±ζΉε·εεδΏ‘ζ―η§ζζιε ¬εΈ Internet Doctor Workstation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /v1/pushConfig/detail/. The manipulation leads to improper authorization. The attack can be launched rβ¦