0.0
CVE-2025-48233 - WordPress Affiliates Manager Google reCAPTCHA Integration plugin <= 1.0.6 - Cross Site Request Forg…
Cross-Site Request Forgery (CSRF) vulnerability in affmngr Affiliates Manager Google reCAPTCHA Integration affiliates-manager-google-recaptcha-integration allows Stored XSS.This issue affects Affiliates Manager Google reCAPTCHA Integration: from n/a through <= 1.0.6.
0.0
CVE-2025-48232 - WordPress Xpro Addons For Beaver Builder – Lite plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulner…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Stored XSS.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through <= 1.5.5.
6.9
CVE-2025-4936 - projectworlds Online Food Ordering System admin-page.php sql injection
A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack remotely. The exploit has…
6.9
CVE-2025-4935 - SourceCodester Stock Management System changePassword.php sql injection
A vulnerability was found in SourceCodester Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/changePassword.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The explo…
6.9
CVE-2025-4934 - PHPGurukul User Registration & Login and User Management System edit-profile.php sql injection
A vulnerability has been found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. This vulnerability affects unknown code of the file /edit-profile.php. The manipulation of the argument Contact leads to sql injection. The attack can be initiated remot…
5.3
CVE-2025-4933 - ponaravindb Hospital-Management-System doctor-panel.php sql injection
A vulnerability, which was classified as critical, was found in ponaravindb Hospital-Management-System 1.0. This affects an unknown part of the file /doctor-panel.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been di…
6.9
CVE-2025-4932 - projectworlds Online Lawyer Management System lawyer_registation.php sql injection
A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0. Affected by this issue is some unknown functionality of the file /lawyer_registation.php. The manipulation of the argument email leads to sql injection. The attack may be launched…
6.9
CVE-2025-4931 - projectworlds Online Lawyer Management System user_registation.php sql injection
A vulnerability classified as critical was found in projectworlds Online Lawyer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /user_registation.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. Th…
6.9
CVE-2025-4930 - Campcodes Online Shopping Portal my-cart.php sql injection
A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /my-cart.php. The manipulation of the argument billingaddress leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos…
7.5
CVE-2025-2099 - Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers…