5.3
CVE-2025-5729 - code-projects Health Center Patient Record Management System birthing_record.php sql injection
A vulnerability, which was classified as critical, was found in code-projects Health Center Patient Record Management System 1.0. Affected is an unknown function of the file /birthing_record.php. The manipulation of the argument itr_no leads to sql injection. It is possible to launch the attack remβ¦
5.3
CVE-2025-5728 - SourceCodester Open Source Clinic Management System manage_website.php unrestricted upload
A vulnerability classified as critical was found in SourceCodester Open Source Clinic Management System 1.0. This vulnerability affects unknown code of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. Thβ¦
6.7
CVE-2025-48908 -
Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability.
8.2
CVE-2025-48911 -
Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability.
5.5
CVE-2025-48910 -
Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.
7.1
CVE-2025-48909 -
Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality.
6.4
CVE-2025-5686 - Paged Gallery <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Paged Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackeβ¦
6.5
CVE-2025-5563 - WP-Addpub <= 1.2.8 - Authenticated (Contributor+) SQL Injection
The WP-Addpub plugin for WordPress is vulnerable to SQL Injection via the 'wp-addpub' shortcode in all versions up to, and including, 1.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticβ¦
9.8
CVE-2025-5486 - WP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Passβ¦
The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled β¦
6.4
CVE-2025-5541 - Runners Log <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Runners Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'runnerslog' shortcode in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attaβ¦