6.9
CVE-2025-3217 - PHPGurukul e-Diary Management System registration.php sql injection
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /registration.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has beenβ¦
8.8
CVE-2025-2780 - Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload
The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level aβ¦
5.4
CVE-2025-2797 - Woffice Core <= 5.4.21 - Cross-Site Request Forgery to User Registration Approval
The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incorrect nonce validation on the 'woffice_handle_user_approval_actions' function. This makes it possible for unauthenticated attackers to approvβ¦
5.1
CVE-2025-3087 - Stored XSS Vulnerability in M-Files Web
Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts
6.3
CVE-2025-3086 - User in anonymous role could create and delete views
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service
6.9
CVE-2025-3216 - PHPGurukul e-Diary Management System password-recovery.php sql injection
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been classified as critical. This affects an unknown part of the file /password-recovery.php. The manipulation of the argument username/contactno leads to sql injection. It is possible to initiate the attack remotely. Theβ¦
5.3
CVE-2025-3215 - PHPGurukul Restaurant Table Booking System add-subadmin.php sql injection
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. Thβ¦
5.1
CVE-2025-2159 - Stored XSS in M-Files Admin user interface
Stored XSS in Desktop UI in M-Files Server Admin tool before version 25.3.14681.7 on Windows allows authenticated local user to run scripts via UI
5.3
CVE-2025-3214 - JFinal CMS readTemplate engine.getTemplate path traversal
A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched remotely. The exploit haβ¦
5.9
CVE-2025-2279 - Maps - Google Maps <= 1.0.6 - Contributor+ Stored XSS
The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.