10
CVE-2025-22133 - WeGIA Allows Arbitrary File Upload with Remote Code Execution (RCE)
WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar, whiβ¦
8.3
CVE-2025-22132 - WeGIA has a Cross-Site Scripting (XSS) in File Upload Field
WeGIA is a web manager for charitable institutions. A Cross-Site Scripting (XSS) vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute arbβ¦
0.0
CVE-2025-22756 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5
CVE-2025-0218 - pgAgent scheduled batch job scripts are created in a predictable temporary directory potentially alβ¦
When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create β¦
5.3
CVE-2025-0301 - code-projects Online Book Shop subcat.php cross site scripting
A vulnerability, which was classified as problematic, has been found in code-projects Online Book Shop 1.0. Affected by this issue is some unknown functionality of the file /subcat.php. The manipulation of the argument catnm leads to cross site scripting. The attack may be launched remotely. The exβ¦
7.2
CVE-2024-54007 - Authenticated Remote Command Injection Vulnerability in the Web Interface of a 501 Wireless Client β¦
Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged useβ¦
7.2
CVE-2024-54006 - Authenticated Remote Command Injection Vulnerability in the Web Interface of a 501 Wireless Client β¦
Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged useβ¦
5.3
CVE-2025-0300 - code-projects Online Book Shop subcat.php sql injection
A vulnerability classified as critical was found in code-projects Online Book Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /subcat.php. The manipulation of the argument cat leads to sql injection. The attack can be launched remotely. The exploit has been discloseβ¦
0.0
CVE-2025-22306 - WordPress Link Whisper Free plugin <= 0.7.7 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Spencer Haws Link Whisper Free link-whisper.This issue affects Link Whisper Free: from n/a through <= 0.7.7.
0.0
CVE-2025-22363 - WordPress Allada T-shirt Designer for Woocommerce plugin <= 1.1 - Broken Access Control vulnerabiliβ¦
Missing Authorization vulnerability in Hermann LAHAMI Allada T-shirt Designer for Woocommerce allada-tshirt-designer-for-woocommerce.This issue affects Allada T-shirt Designer for Woocommerce: from n/a through <= 1.1.