6.9
CVE-2025-4268 - TOTOLINK A720R cstecgi.cgi missing authentication
A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotβ¦
6.5
CVE-2025-39363 - WordPress Custom Login and Registration <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Stored XSS.This issue affects Custom Login and Registration: from n/a through 1.0.0.
5.1
CVE-2025-4267 - SourceCodester/oretnom23 Stock Management System Purchase Order Details Page view_po sql injection
A vulnerability, which was classified as critical, was found in SourceCodester/oretnom23 Stock Management System 1.0. This affects an unknown part of the file /admin/?page=purchase_order/view_po of the component Purchase Order Details Page. The manipulation of the argument ID leads to sql injectionβ¦
3.5
CVE-2025-3583 - Newsletter < 8.7.1 - Admin+ Stored XSS
The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
6.9
CVE-2025-4266 - PHPGurukul Notice Board System bwdates-reports-details.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. Affected by this issue is some unknown functionality of the file /bwdates-reports-details.php?vid=2. The manipulation of the argument fromdate/tomdate leads to sql injection. The attack may be lβ¦
6.9
CVE-2025-4265 - PHPGurukul Emergency Ambulance Hiring Portal contact-us.php sql injection
A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The attack can be launched remotely. Thβ¦
6.9
CVE-2025-4264 - PHPGurukul Emergency Ambulance Hiring Portal edit-ambulance.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/edit-ambulance.php. The manipulation of the argument dconnum leads to sql injection. It is possible to launch the attack remotely. The exploiβ¦
6.9
CVE-2025-4263 - PHPGurukul Online DJ Booking Management System booking-search.php sql injection
A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely.β¦
6.9
CVE-2025-4262 - PHPGurukul Online DJ Booking Management System user-search.php sql injection
A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. Thβ¦
4.8
CVE-2025-4261 - GAIR-NLP factool tool.py run_single code injection
A vulnerability was found in GAIR-NLP factool up to 3f3914bc090b644be044b7e0005113c135d8b20f. It has been classified as critical. This affects the function run_single of the file factool/factool/math/tool.py. The manipulation leads to code injection. The attack needs to be approached locally. The eβ¦