4.3
CVE-2024-13737 - Motors โ Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subsโฆ
The Motors โ Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57. This makes it possible for autheโฆ
9
CVE-2025-30472 - corosync: Stack buffer overflow from 'orf_token_endian_convert'
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
8.2
CVE-2025-2609 - MagnusBilling Stored Cross-Site Scripting in Login Logs
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is associโฆ
7.6
CVE-2025-2610 - MagnusBilling Stored Cross-Site Scripting in Alarm Module
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBillinโฆ
4.6
CVE-2025-26500 - VxWorks 7 USB Failure
: Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.ย ย Specifically crafted USB packets may lead to the system becoming unavailable This issue affects VxWorks 7: from 22.06 through 24.03.
7.5
CVE-2025-30204 - jwt-go allows excessive memory allocation during header parsing
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Autโฆ
5.3
CVE-2025-2608 - PHPGurukul Banquet Booking System view-user-queries.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. This affects an unknown part of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has beenโฆ
5.3
CVE-2025-2607 - phplaozhang LzCMS-LaoZhangBoKeXiTong HTTP POST Request upimage.html unrestricted upload
A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestโฆ
5.3
CVE-2025-2606 - SourceCodester Best Church Management Software soulwinning_crud.php unrestricted upload
A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/soulwinning_crud.php. The manipulation of the argument photo/photo1 leads to unrestricted upload. The โฆ
5.3
CVE-2025-2604 - SourceCodester Kortex Lite Advocate Office Management System edit_act.php sql injection
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_act.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The โฆ