5.3
CVE-2025-2752 - Open Asset Import Library Assimp CSM File fast_atof.h fast_atoreal_move out-of-bounds
A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function fast_atoreal_move in the library include/assimp/fast_atof.h of the component CSM File Handler. The manipulation leads to out-of-bounds read. The attack may be initiated…
5.3
CVE-2025-2751 - Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile out-of-bounds
A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation of the argument na lead…
5.3
CVE-2025-2750 - Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile out-of-bounds write
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to out-of-bounds write. It is p…
6.4
CVE-2024-12623 - DICOM Support <= 0.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The DICOM Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dcm' shortcode in all versions up to, and including, 0.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker…
4.3
CVE-2025-1320 - teachPress <= 9.0.9 - Cross-Site Request Forgery to Import Delete
The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request grant…
5.3
CVE-2025-2252 - Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticate…
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extr…
5.3
CVE-2025-2744 - zhijiantianya ruoyi-vue-pro Material Upload Interface upload-news-image path traversal
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. It is po…
5.3
CVE-2025-2743 - zhijiantianya ruoyi-vue-pro Material Upload Interface upload-temporary path traversal
A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manipulation of the argument File leads to path t…
5.3
CVE-2025-2742 - zhijiantianya ruoyi-vue-pro Material Upload Interface upload-permanent path traversal
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. This vulnerability affects unknown code of the file /admin-api/mp/material/upload-permanent of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. The attack ca…
6.9
CVE-2025-2740 - PHPGurukul Old Age Home Management System eligibility.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/eligibility.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit ha…