0.0
CVE-2025-49282 - WordPress Magze theme <= 1.0.9 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magze magze allows PHP Local File Inclusion.This issue affects Magze: from n/a through <= 1.0.9.
9.8
CVE-2025-49295 - WordPress MediClinic theme <= 2.1 - Local File Inclusion Vulnerability
Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1.
9.8
CVE-2025-49296 - WordPress GrandPrix theme <= 1.6 - Local File Inclusion Vulnerability
Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6.
9.8
CVE-2025-49297 - WordPress Grill and Chow theme <= 1.6 - Local File Inclusion Vulnerability
Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6.
5.3
CVE-2025-5885 - Konica Minolta bizhub cross-site request forgery
A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
5.1
CVE-2025-5884 - Konica Minolta bizhub Display MFP Information List cross site scripting
A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation of the argument Model Name leads to cross site scripting. It is possible to initiate the attack remotβ¦
5.3
CVE-2025-5881 - code-projects Chat System confirm_password.php sql injection
A vulnerability was found in code-projects Chat System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /user/confirm_password.php. The manipulation of the argument cid leads to sql injection. The attack may be initiated remotely. The exploit has been disβ¦
5.3
CVE-2025-5880 - Whistle get-temp-file path traversal
A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The vβ¦
5.1
CVE-2025-5879 - WuKongOpenSource WukongCRM File Upload AdminSysConfigController.java cross site scripting
A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate theβ¦
6
CVE-2025-49130 - Laravel Translation Manager Vulnerable to Stored Cross-site Scripting
Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including Javaβ¦