Common Vulnerabilities and Exposures (CVE)
CVE-2025-7634
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated at...
CVE-2025-7526
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion (via renaming) due to insufficient file path validation in the set_user_profile_image function in all versions...
CVE-2021-43798
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is:...
CVE-2025-11530
A weakness has been identified in code-projects Online Complaint Site 1.0. Affected is an unknown function of the file /cms/admin/state.php. This manipulation of the argument state causes sql injection. The attack is possible to be carried ...
CVE-2025-6038
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1.4.0. This is due to the plugin not p...
CVE-2025-47355
Memory corruption while invoking remote procedure IOCTL calls.
CVE-2025-47347
Memory corruption while processing control commands in the virtual memory management interface.
CVE-2025-47342
Transient DOS may occur when multi-profile concurrency arises with QHS enabled.
CVE-2025-47341
memory corruption while processing an image encoding completion event.
CVE-2025-47340
Memory corruption while processing IOCTL call to get the mapping.
CVE-2025-47338
Memory corruption while processing escape commands from userspace.
CVE-2025-27060
Memory corruption while performing SCM call with malformed inputs.