5.3
CVE-2025-3554 - phpshe api.php cross site scripting
A vulnerability was found in phpshe 1.8. It has been rated as problematic. This issue affects some unknown processing of the file api.php?mod=cron&act=buyer. The manipulation of the argument act leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to tβ¦
5.3
CVE-2025-3553 - phpshe admin.php pe_delete sql injection
A vulnerability was found in phpshe 1.8. It has been declared as critical. This vulnerability affects the function pe_delete of the file /admin.php?mod=brand&act=del. The manipulation of the argument brand_id[] leads to sql injection. The attack can be initiated remotely. The exploit has been disclβ¦
8.1
CVE-2025-2563 - User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation
The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges
5.9
CVE-2024-9230 - PowerPress Podcasting < 11.9.18 - Author+ XSS via Podcast URL
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks
0.0
CVE-2025-3552 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not ablβ¦
0.0
CVE-2025-3551 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not ablβ¦
5.3
CVE-2025-3550 - wowjoy ζ΅ζ±ζΉε·εεδΏ‘ζ―η§ζζιε ¬εΈ Internet Doctor Workstation System detail improper authorization
A vulnerability has been found in wowjoy ζ΅ζ±ζΉε·εεδΏ‘ζ―η§ζζιε ¬εΈ Internet Doctor Workstation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /v1/pushConfig/detail/. The manipulation leads to improper authorization. The attack can be launched rβ¦
4.8
CVE-2025-3549 - Open Asset Import Library Assimp File MD3Loader.cpp ValidateSurfaceHeaderOffsets heap-based overflow
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. The manipulation leads to heap-based buffer oβ¦
4.8
CVE-2025-3548 - Open Asset Import Library Assimp File types.h Set heap-based overflow
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possible β¦
5.3
CVE-2025-3547 - frdel Agent-Zero get_work_dir_files path traversal
A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2. This vulnerability affects unknown code of the file /get_work_dir_files. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public anβ¦