Total
5224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9718 | 1 Zoneland | 1 O2oa | 2025-09-09 | 4.0 MEDIUM | 3.5 LOW |
| A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the file /x_processplatform_assemble_designer/jaxrs/process of the component Personal Profile Page. Performing manipulation of the argument name/alias results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version." | |||||
| CVE-2025-9719 | 1 Zoneland | 1 O2oa | 2025-09-09 | 4.0 MEDIUM | 3.5 LOW |
| A weakness has been identified in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_processplatform_assemble_designer/jaxrs/script of the component Personal Profile Page. Executing manipulation of the argument name/alias/description/applicationName can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-52218 | 1 Selectzero | 1 Selectzero | 2025-09-09 | N/A | 7.5 HIGH |
| SelectZero Data Observability Platform before 2025.5.2 is vulnerable to Content Spoofing / Text Injection. Improper sanitization of unspecified parameters allows attackers to inject arbitrary text or limited HTML into the login page. | |||||
| CVE-2025-52122 | 1 Solspace | 1 Freeform | 2025-09-09 | N/A | 9.8 CRITICAL |
| Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title). | |||||
| CVE-2025-10065 | 1 Facebook-kimmymatillano | 1 Point Of Sale System | 2025-09-09 | 5.0 MEDIUM | 4.3 MEDIUM |
| A weakness has been identified in itsourcecode POS Point of Sale System 1.0. Impacted is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_th.php. This manipulation of the argument scripts causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-10066 | 1 Facebook-kimmymatillano | 1 Point Of Sale System | 2025-09-09 | 5.0 MEDIUM | 4.3 MEDIUM |
| A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php. Such manipulation of the argument scripts leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-10067 | 1 Facebook-kimmymatillano | 1 Point Of Sale System | 2025-09-09 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was detected in itsourcecode POS Point of Sale System 1.0. The impacted element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/empty_table.php. Performing manipulation of the argument scripts results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2025-9539 | 2025-09-09 | N/A | 8.0 HIGH | ||
| The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the automatorwp_ajax_import_automation_from_url function in all versions up to, and including, 5.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary automations, which can lead to Remote Code Execution or Privilege escalation once such automation is activated by the administrator | |||||
| CVE-2025-9489 | 2025-09-09 | N/A | 5.0 MEDIUM | ||
| The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | |||||
| CVE-2025-42922 | 2025-09-09 | N/A | 9.9 CRITICAL | ||
| SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system. | |||||
| CVE-2025-10075 | 1 Razormist | 1 Online Polling System | 2025-09-09 | 4.0 MEDIUM | 3.5 LOW |
| A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-10074 | 1 Portabilis | 1 I-educar | 2025-09-09 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuário/Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-9922 | 1 Campcodes | 1 Sales And Inventory System | 2025-09-09 | 5.0 MEDIUM | 4.3 MEDIUM |
| A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Such manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-9921 | 1 Code-projects | 1 Pos Pharmacy System | 2025-09-09 | 3.3 LOW | 2.4 LOW |
| A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown function of the file /main/products.php. This manipulation of the argument product_code/gen_name/product_name/supplier causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2024-37777 | 1 Zoneland | 1 O2oa | 2025-09-09 | N/A | 8.8 HIGH |
| O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function. | |||||
| CVE-2025-10088 | 1 Rems | 1 Personal Time Tracker | 2025-09-08 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-9929 | 1 Fabian | 1 Responsive Blog Site | 2025-09-08 | 3.3 LOW | 2.4 LOW |
| A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogs_view.php. Executing manipulation of the argument product_code/gen_name/product_name/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-9923 | 1 Campcodes | 1 Sales And Inventory System | 2025-09-08 | 5.0 MEDIUM | 4.3 MEDIUM |
| A flaw has been found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /index.php. Executing manipulation of the argument page can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-7366 | 2025-09-08 | N/A | 7.3 HIGH | ||
| The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2025-9845 | 1 Carmelo | 1 Fruit Shop Management System | 2025-09-08 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in code-projects Fruit Shop Management System 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. Such manipulation of the argument product_code/gen_name/product_name/supplier leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||