5.3
CVE-2025-1576 - code-projects Real Estate Property Management System ajax_state.php sql injection
A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax_state.php. The manipulation of the argument StateName as part of String leads to sql injection. The attack can bβ¦
5.3
CVE-2025-1575 - Harpia DiagSystem atualatendimento_jpeg.php resource injection
A vulnerability classified as problematic has been found in Harpia DiagSystem 12. Affected is an unknown function of the file /diagsystem/PACS/atualatendimento_jpeg.php. The manipulation of the argument cod/codexame leads to improper control of resource identifiers. It is possible to launch the attβ¦
7.3
CVE-2022-28339 -
Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges.
10
CVE-2025-26776 - WordPress Chaty Pro Plugin <= 3.3.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3.
7.1
CVE-2025-26774 - WordPress Responsive Modal Builder for High Conversion β Easy Popups plugin <= 1.5.0 - Cross Site Sβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Solid Responsive Modal Builder for High Conversion β Easy Popups easy-popups allows Reflected XSS.This issue affects Responsive Modal Builder for High Conversion β Easy Popups: from n/a througβ¦
6.5
CVE-2025-26764 - WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Settings Change vulnerability
Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Distance Based Shipping Calculator: from n/a through <= 2.0.22.
9.8
CVE-2025-26763 - WordPress Slider, Gallery, and Carousel by MetaSlider β Image Slider, Video Slider Plugin <= 3.94.0β¦
Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider ml-slider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through <= 3.94.0.
0.0
CVE-2025-26760 - WordPress Calculator Builder plugin <= 1.6.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Calculator Builder calculator-builder allows PHP Local File Inclusion.This issue affects Calculator Builder: from n/a through <= 1.6.2.
0.0
CVE-2025-26757 - WordPress FULL β Cliente plugin <= 3.1.26 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FULL SERVICES FULL Customer full-customer allows PHP Local File Inclusion.This issue affects FULL Customer: from n/a through <= 3.1.26.
8.8
CVE-2025-27012 - WordPress A1POST.BG Shipping for Woo plugin <= 1.5 - CSRF to Privilege Escalation vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo a1post-bg-shipping-for-woocommerce allows Privilege Escalation.This issue affects A1POST.BG Shipping for Woo: from n/a through <= 1.5.