NA - CVE-2025-27145 - copyparty, a portable file server, has a...
copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named...
NA - CVE-2025-1646 - A vulnerability, which was classified as...
A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component...
NA - CVE-2024-10545 - The Photo Gallery, Sliders, Proofing and...
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform...
NA - CVE-2025-22210 - A SQL injection vulnerability in the Hikashop...
A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management...
Medium - CVE-2025-1063 - The Classified Listing – Classified ads &...
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.4 via the...
Critical - CVE-2025-1128 - The Everest Forms – Contact Forms, Quiz,...
The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file...
High - CVE-2025-1648 - The Yawave plugin for WordPress is vulnerable...
The Yawave plugin for WordPress is vulnerable to SQL Injection via the 'lbid' parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied...
NA - CVE-2025-1673 - A malicious or malformed DNS packet without a...
A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.
Medium - CVE-2024-13494 - The WordPress File Upload plugin for WordPress...
The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the...