8.8
CVE-2025-55061 - Priority - CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-434 Unrestricted Upload of File with Dangerous Type
6.1
CVE-2025-55060 - Priority - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
5.1
CVE-2025-15197 - code-projects/anirbandutta9 Content Management System/News-Buzz editposts.php unrestricted upload
A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotelβ¦
6.9
CVE-2025-15196 - code-projects Assessment Management login.php sql injection
A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
5.3
CVE-2025-53627 - Meshtastic firmware allows forged DMs with no PKC to show up as encrypted
Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces asymmetric encryption (PKI) for direct messages, but when the `pki_encrypted` flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was anβ¦
0.0
CVE-2025-68868 - WordPress Wp Text Slider Widget plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codeaffairs Wp Text Slider Widget wp-text-slider-widget allows Stored XSS.This issue affects Wp Text Slider Widget: from n/a through <= 1.0.
0.0
CVE-2025-68870 - WordPress CookieHint WP plugin <= 1.0.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP cookiehint-wp allows PHP Local File Inclusion.This issue affects CookieHint WP: from n/a through <= 1.0.0.
0.0
CVE-2025-68876 - WordPress Invelity SPS connect plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect invelity-sps-connect allows Reflected XSS.This issue affects Invelity SPS connect: from n/a through <= 1.0.8.
0.0
CVE-2025-68877 - WordPress CedCommerce Integration for Good Market plugin <= 1.0.6 - Local File Inclusion vulnerabilβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cedcommerce CedCommerce Integration for Good Market ced-good-market-integration allows PHP Local File Inclusion.This issue affects CedCommerce Integration for Good Market: from nβ¦
6.9
CVE-2025-15195 - code-projects Assessment Management add-module.php sql injection
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes sql injection. The attack can be initiated remotely. The exploit has been publicly disβ¦