5.3

CVSS4.0

CVE-2025-36563 -

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser.

πŸ“… Published: July 31, 2025, 7:25 a.m. πŸ”„ Last Modified: Aug. 6, 2025, 4:52 p.m.

5.1

CVSS4.0

CVE-2025-41391 -

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.

πŸ“… Published: July 31, 2025, 7:25 a.m. πŸ”„ Last Modified: Aug. 6, 2025, 4:52 p.m.

5.4

CVSS3.1

CVE-2025-7205 - GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored …

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta…

πŸ“… Published: July 31, 2025, 7:25 a.m. πŸ”„ Last Modified: July 31, 2025, 8:56 p.m.

5.3

CVSS4.0

CVE-2025-41396 -

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.

πŸ“… Published: July 31, 2025, 7:24 a.m. πŸ”„ Last Modified: Aug. 6, 2025, 4:51 p.m.

8.6

CVSS4.0

CVE-2025-46359 -

A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.

πŸ“… Published: July 31, 2025, 7:22 a.m. πŸ”„ Last Modified: Aug. 6, 2025, 4:42 p.m.

4.8

CVSS4.0

CVE-2025-54752 -

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed.

πŸ“… Published: July 31, 2025, 7:21 a.m. πŸ”„ Last Modified: Aug. 6, 2025, 4:41 p.m.

5.1

CVSS4.0

CVE-2025-54757 -

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser.

πŸ“… Published: July 31, 2025, 7:20 a.m. πŸ”„ Last Modified: Aug. 6, 2025, 4:41 p.m.

6.9

CVSS4.0

CVE-2025-8371 - code-projects Exam Form Submission update_s5.php sql injection

A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_s5.php. The manipulation of the argument credits leads to sql injection. The attack can be launched remotely. The…

πŸ“… Published: July 31, 2025, 7:02 a.m. πŸ”„ Last Modified: Aug. 5, 2025, 8:36 p.m.

5.3

CVSS4.0

CVE-2025-8370 - Portabilis i-Educar educar_escolaridade_lst.php cross site scripting

A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9. Affected is an unknown function of the file /intranet/educar_escolaridade_lst.php. The manipulation of the argument descricao leads to cross site scripting. It is possible to launch the attack remotely. The …

πŸ“… Published: July 31, 2025, 6:32 a.m. πŸ”„ Last Modified: Aug. 5, 2025, 5:08 p.m.

5.3

CVSS4.0

CVE-2025-8369 - Portabilis i-Educar educar_avaliacao_desempenho_lst.php cross site scripting

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9. This issue affects some unknown processing of the file /intranet/educar_avaliacao_desempenho_lst.php. The manipulation of the argument titulo_avaliacao leads to cross site scripting. The attack may be i…

πŸ“… Published: July 31, 2025, 6:02 a.m. πŸ”„ Last Modified: Aug. 5, 2025, 4:46 p.m.
Total resulsts: 304749
Page 94 of 30,475
Β« previous page Β» next page
Filters