CVE Brief Security Intelligence

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Widget for Google Reviews allows PHP Local File Inclusion

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3

An out-of-bounds write issue was addressed with improved bounds checking

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associated_files function in all versions up to, and including, 3

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Caliris allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme eventlist allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel WP Travel Gutenberg Blocks allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Ghost Kit allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board allows PHP Local File Inclusion

Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme allows Privilege Escalation

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Benjamin Denis SEOPress for MainWP allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roxnor FundEngine allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bdthemes ZoloBlocks allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Subscriptions allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team Tobias CF7 WOW Styler allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Tribulant Software Newsletters allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FunnelKit Funnel Builder by FunnelKit allows PHP Local File Inclusion

Out of bounds write in V8 in Google Chrome prior to 139

Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Shop (aka old-peanut/wechat_applet__open_source) thru 1

The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2

Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally

Cross-Site Request Forgery (CSRF) vulnerability in Realtyna Realtyna Organic IDX plugin allows PHP Local File Inclusion

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network

A vulnerability was identified in PHPGurukul User Management System 1

A flaw has been found in PHPGurukul Online Course Registration 3

Dell iDRAC Service Module (iSM), versions prior to 6

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system

Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify allows Privilege Escalation

Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash allows Privilege Escalation

Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO allows Privilege Escalation

Deserialization of Untrusted Data vulnerability in rascals Noisa allows Object Injection

Deserialization of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Object Injection

Incorrect Privilege Assignment vulnerability in Emraan Cheema CubeWP Framework allows Privilege Escalation

Authentication Bypass vulnerability in jobx up to v1

An authentication bypass vulnerability in PandoraNext-TokensTool v0

A buffer overflow vulnerability exists in libsndfile version 1

An issue was discovered in Commvault before 11

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms allows Cross Site Request Forgery

A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2

XWiki through version 17

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges

A vulnerability was detected in Tenda i22 1

A flaw has been found in Tenda M3 1

A vulnerability has been found in Tenda M3 1

Incorrect access control in the component \controller\RoleController

Incorrect access control in the component \controller\ResourceController

A security flaw has been discovered in TOTOLINK A720R 4

A Reflected Cross Site Scripting (XSS) vulnerability was found in /index

Aikaan IoT management platform v3

AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability

In JetBrains YouTrack before 2025

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field allows Path Traversal

Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A

A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5

Incorrect access control in the doFilter function of itranswarp up to 2

Moss before v0

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Crocoblock JetEngine allows Code Injection

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5

There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework

Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes allows Code Injection

Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business allows Accessing Functionality Not Properly Constrained by ACLs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List allows Path Traversal

Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block allows Retrieve Embedded Sensitive Data

Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A

In JetBrains TeamCity before 2025

An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url

Tenda AC6 V15

Tenda AC6 V15

Tenda AC6 V15

Incorrect access control in the preHandle function of my-site v1

Incorrect access control in the preHandle function of my-site v1

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1

Tenda AC15 v15

vLLM is an inference and serving engine for large language models (LLMs)

Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources

Tenda AC6 V15

A vulnerability was determined in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f

A weakness has been identified in SourceCodester Online Bank Management System 1

A security vulnerability has been detected in SourceCodester Online Bank Management System 1

A vulnerability was identified in itsourcecode Apartment Management System 1

Insecure permissions in Agent-Zero v0