Aggregator

CVE-2025-6839 | Conjure Position Department Service Quality Evaluation System head.php eval backdoor

VulDB Recent Entries
10 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. This vulnerability is handled as CVE-2025-6839. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to disable the affected component.
vuldb.com

CVE-2025-6837 | code-projects Library System 1.0 /profile.php image unrestricted upload

VulDB Recent Entries
10 months 2 weeks ago
A vulnerability classified as critical was found in code-projects Library System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument image leads to unrestricted upload. This vulnerability is known as CVE-2025-6837. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-6836 | code-projects Library System 1.0 /profile.php phone sql injection

VulDB Recent Entries
10 months 2 weeks ago
A vulnerability classified as critical has been found in code-projects Library System 1.0. Affected is an unknown function of the file /profile.php. The manipulation of the argument phone leads to sql injection. This vulnerability is traded as CVE-2025-6836. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

CVE-2025-6835 | code-projects Library System 1.0 /student-issue-book.php reg sql injection

VulDB Recent Entries
10 months 2 weeks ago
A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student-issue-book.php. The manipulation of the argument reg leads to sql injection. The identification of this vulnerability is CVE-2025-6835. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-6834 | code-projects Inventory Management System 1.0 editPayment.php orderId sql injection

VulDB Recent Entries
10 months 2 weeks ago
A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /php_action/editPayment.php. The manipulation of the argument orderId leads to sql injection. This vulnerability was named CVE-2025-6834. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5304 | PT Project Notebooks Plugin up to 1.1.3 on WordPress wpnb_pto_new_users_add authorization

VulDB Recent Entries
10 months 2 weeks ago
A vulnerability was found in PT Project Notebooks Plugin up to 1.1.3 on WordPress. It has been classified as critical. This affects the function wpnb_pto_new_users_add. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-5304. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-6755 | Game Users Share Buttons Plugin up to 1.3.0 on WordPress ajaxDeleteTheme themeNameId path traversal

VulDB Recent Entries
10 months 2 weeks ago
A vulnerability was found in Game Users Share Buttons Plugin up to 1.3.0 on WordPress and classified as critical. Affected by this issue is the function ajaxDeleteTheme. The manipulation of the argument themeNameId leads to path traversal. This vulnerability is handled as CVE-2025-6755. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-46708 | Imagination Graphics DDK prior 24.2 RTM1 GPU System Call insufficient permissions or privileges

VulDB Recent Entries
10 months 2 weeks ago
A vulnerability has been found in Imagination Graphics DDK up to 1.15 RTM/1.17 RTM/1.18 RTM/24.1 RTM/24.2 RTM0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component GPU System Call Handler. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is known as CVE-2025-46708. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-53093 | StarCitizenTools mediawiki-extensions-TabberNeue up to 3.1.0 cross site scripting (GHSA-jfj7-249r-7j2m / EUVD-2025-19418)

VulDB Recent Entries
10 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in StarCitizenTools mediawiki-extensions-TabberNeue up to 3.1.0. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-53093. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-52207 | MIKO MikoPBX up to 2024.1.114 PostController.php path traversal (EUVD-2025-19422)

VulDB Recent Entries
10 months 2 weeks ago
A vulnerability classified as critical was found in MIKO MikoPBX up to 2024.1.114. This vulnerability affects unknown code of the file PBXCoreREST/Controllers/Files/PostController.php. The manipulation leads to relative path traversal. This vulnerability was named CVE-2025-52207. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Managed ad