Medium - CVE-2025-6167 - A vulnerability classified as critical has been...
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The...
Medium - CVE-2025-6173 - A vulnerability classified as critical was...
A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_products_list.php. The manipulation of...
NA - CVE-2025-40674 - Reflected Cross-Site Scripting (XSS) in...
Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the...
High - CVE-2025-3515 - The Drag and Drop Multiple File Upload for...
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including,...
NA - CVE-2025-6050 - Mezzanine CMS, in versions prior to 6.1.1,...
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which...
Medium - CVE-2025-3880 - The Poll, Survey & Quiz Maker Plugin by Opinion...
The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all...
Medium - CVE-2025-5291 - The Master Slider – Responsive Touch Slider...
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's masterslider_pb and ms_slide shortcodes in all versions up to,...
Medium - CVE-2025-5700 - The Simple Logo Carousel plugin for WordPress...
The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9.3 due to insufficient input sanitization...