5.3
CVE-2025-2115 - zzskzy Warehouse Refinement Management System AcceptZip.ashx ProcessRequest unrestricted upload
A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 3.1. Affected is the function ProcessRequest of the file /AcceptZip.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. Tβ¦
6.3
CVE-2025-2114 - Shenzhen Sixun Software Sixun Shanghui Group Business Management System Reset Password Interface Opβ¦
A vulnerability, which was classified as problematic, has been found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This issue affects some unknown processing of the file /WebPages/Adm/OperatorStop.asp of the component Reset Password Interface. The manipulation of theβ¦
6.9
CVE-2025-2113 - AT Software Solutions ATSVD Esqueceu a senha sql injection
A vulnerability was found in AT Software Solutions ATSVD up to 3.4.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Esqueceu a senha. The manipulation of the argument txtCPF leads to sql injection. The attack may be launched remotely. The exploβ¦
0.0
CVE-2025-26204 -
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
0.0
CVE-2025-26205 -
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
5.3
CVE-2025-2112 - user-xiangpeng yaoqishan MediaInfoService.java getMediaLisByFilter sql injection
A vulnerability was found in user-xiangpeng yaoqishan up to a47fec4a31cbd13698c592dfdc938c8824dd25e4. It has been declared as critical. Affected by this vulnerability is the function getMediaLisByFilter of the file cn/javaex/yaoqishan/service/media_info/MediaInfoService.java. The manipulation of thβ¦
5.3
CVE-2024-13924 - Starter Templates by FancyWP <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery
The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'http_request_host_is_external' filter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations origiβ¦
4.3
CVE-2024-10326 - RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets
The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with Subscriber-lβ¦
6.4
CVE-2024-13675 - SlingBlocks β Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.5.0 - Authenticated (Contribβ¦
The SlingBlocks β Gutenberg Blocks by FunnelKit (Formerly WooFunnels) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Icon List" Block in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenβ¦
6.4
CVE-2025-1664 - Essential Blocks β Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Coβ¦
The Essential Blocks β Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Parallax slider in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for autβ¦