Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-05-10 CVE-2025-4501 Out-of-bounds Write vulnerability in Fabianros Album Management System 1.0
A vulnerability, which was classified as critical, was found in code-projects Album Management System 1.0.
local
low complexity
fabianros CWE-787
7.8
2025-05-10 CVE-2025-3876 Missing Authorization vulnerability in Cozyvision SMS Alert Order Notifications
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1.
network
low complexity
cozyvision CWE-862
8.8
2025-05-10 CVE-2025-3878 Cross-site Scripting vulnerability in Cozyvision SMS Alert Order Notifications
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_verify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
cozyvision CWE-79
5.4
2025-05-10 CVE-2025-4499 Out-of-bounds Write vulnerability in Fabianros Simple Hospital Management System 1.0
A vulnerability classified as critical was found in code-projects Simple Hospital Management System 1.0.
local
low complexity
fabianros CWE-787
7.8
2025-05-10 CVE-2025-2158 The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post custom fields.
network
low complexity
CWE-22
8.8
2025-05-10 CVE-2025-4498 Out-of-bounds Write vulnerability in Fabianros Simple BUS Reservation System 1.0
A vulnerability classified as critical has been found in code-projects Simple Bus Reservation System 1.0.
local
low complexity
fabianros CWE-787
7.8
2025-05-10 CVE-2025-4497 Classic Buffer Overflow vulnerability in Code-Projects Simple Banking System
A vulnerability was found in code-projects Simple Banking System up to 1.0.
local
low complexity
code-projects CWE-120
7.8
2025-05-10 CVE-2025-2944 The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Button and Countdown Widgets in all versions up to, and including, 2.6.12 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2025-05-10 CVE-2025-1137 IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.
network
high complexity
CWE-77
7.5
2025-05-10 CVE-2025-4495 A vulnerability has been found in JAdmin-JAVA JAdmin 1.0 and classified as problematic.
network
low complexity
CWE-94
3.5