Skip to main content
CVE-2025-15002 MEDIUM POC This Month

A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Seacms
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14990 MEDIUM POC This Month

A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

PHP SQLi Complete Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14989 MEDIUM POC This Month

A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

PHP SQLi Complete Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2023-25446 HIGH This Week

Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.8.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-62901 MEDIUM This Month

Stored cross-site scripting (XSS) in WP Microdata WordPress plugin version 1.0 and earlier allows authenticated users or lower-privileged administrators to inject malicious scripts that execute in the browsers of site visitors, potentially leading to credential theft, session hijacking, or malware distribution. The vulnerability stems from improper input sanitization during web page generation. EPSS score of 0.04% indicates low exploitation probability in real-world conditions.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-62926 MEDIUM This Month

Stored cross-site scripting (XSS) in HappyDevs TempTool WordPress plugin version 1.3.1 and earlier allows authenticated attackers to inject malicious scripts that persist in the database and execute in the browsers of other users who view affected pages. The vulnerability exists in the [Show Current Template Info] functionality and affects the current-template-name component; exploitation requires an authenticated user with appropriate plugin permissions but can compromise all site visitors who interact with the injected content.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14991 LOW POC Monitor

Stored or reflected cross-site scripting (XSS) in Campcodes Complete Online Beauty Parlor Management System 1.0 allows high-privileged authenticated users to inject malicious scripts via the fromdate parameter in /admin/bwdates-reports-details.php, potentially compromising admin sessions or stealing sensitive data. Public exploit code exists, but exploitation requires admin-level privileges and user interaction (likely clicking a malicious link), limiting real-world attack surface despite CVSS 1.9 indicating minimal risk.

PHP XSS Complete Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2023-25445 MEDIUM This Month

Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.8.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-62955 MEDIUM This Month

HappyDevs TempTool plugin for WordPress exposes sensitive system information through an information disclosure vulnerability affecting versions up to 1.3.1. The vulnerability allows unauthorized parties to retrieve embedded sensitive data by exploiting improper access controls, specifically in the [Show Current Template Info] functionality. With an EPSS score of 0.04% and no CVSS vector assigned, exploitation likelihood is low, though the information disclosed could inform secondary attacks.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2023-25068 MEDIUM This Month

Missing Authorization vulnerability in Mapro Collins Magazine Edge magazine-edge allows Exploiting Incorrectly Configured Access Control Security Levels.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy