Security Vulnerabilities - CVEs Published In June 2025
A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sales-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-06-04
A vulnerability was found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this issue is some unknown functionality of the file /search-product.php. The manipulation of the argument productname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.9
EPSS Score
0.002
Published
2025-06-04
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-06-04
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-06-04
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-06-04
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-06-04
The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-06-04
A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file /bwdate-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-06-04
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected is an unknown function of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-06-04
A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin or editor privileges to inject arbitrary JavaScript code by crafting a malicious URL.
CVSS Score
4.8
EPSS Score
0.002
Published
2025-06-04