CVE-2025-5962 - Lightspeed Chat History Service Unprivileged Access and Manipulation Vulnerability
CVE ID : CVE-2025-5962
Published : Sept. 22, 2025, 11:08 a.m. | 2 hours, 13 minutes ago
Description : A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5962
Published : Sept. 22, 2025, 11:08 a.m. | 2 hours, 13 minutes ago
Description : A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10791 - Code-projects Online Bidding System SQL Injection Vulnerability
CVE ID : CVE-2025-10791
Published : Sept. 22, 2025, 11:08 a.m. | 2 hours, 13 minutes ago
Description : A weakness has been identified in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/index.php. This manipulation of the argument aduser causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10791
Published : Sept. 22, 2025, 11:08 a.m. | 2 hours, 13 minutes ago
Description : A weakness has been identified in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/index.php. This manipulation of the argument aduser causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0875 - PROLIZ OBS Student Affairs Information System Authorization Bypass Through User-Controlled Key Parameter Injection
CVE ID : CVE-2025-0875
Published : Sept. 22, 2025, 11:08 a.m. | 2 hours, 13 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.This issue affects OBS (Student Affairs Information System): before v26.0328.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0875
Published : Sept. 22, 2025, 11:08 a.m. | 2 hours, 13 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.This issue affects OBS (Student Affairs Information System): before v26.0328.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9035 - Horato Virtual Library Platform Reflected XSS
CVE ID : CVE-2025-9035
Published : Sept. 22, 2025, 11:08 a.m. | 2 hours, 13 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Horato Internet Technologies Ind. And Trade Inc. Virtual Library Platform allows Reflected XSS.This issue affects Virtual Library Platform: before v202.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9035
Published : Sept. 22, 2025, 11:08 a.m. | 2 hours, 13 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Horato Internet Technologies Ind. And Trade Inc. Virtual Library Platform allows Reflected XSS.This issue affects Virtual Library Platform: before v202.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10790 - SourceCodester Simple Forum Discussion System SQL Injection Vulnerability
CVE ID : CVE-2025-10790
Published : Sept. 22, 2025, 11:08 a.m. | 2 hours, 13 minutes ago
Description : A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the file /ajax.php?action=save_category. The manipulation of the argument Description results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10790
Published : Sept. 22, 2025, 11:08 a.m. | 2 hours, 13 minutes ago
Description : A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the file /ajax.php?action=save_category. The manipulation of the argument Description results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10789 - SourceCodester Online Hotel Reservation System SQL Injection Vulnerability
CVE ID : CVE-2025-10789
Published : Sept. 22, 2025, 11:08 a.m. | 2 hours, 13 minutes ago
Description : A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. The impacted element is an unknown function of the file deleteslide.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10789
Published : Sept. 22, 2025, 11:08 a.m. | 2 hours, 13 minutes ago
Description : A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. The impacted element is an unknown function of the file deleteslide.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10792 - D-Link DIR-513 Buffer Overflow Vulnerability
CVE ID : CVE-2025-10792
Published : Sept. 22, 2025, 11:08 a.m. | 2 hours, 13 minutes ago
Description : A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10792
Published : Sept. 22, 2025, 11:08 a.m. | 2 hours, 13 minutes ago
Description : A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10796 - Code-projects Hostel Management System SQL Injection Vulnerability
CVE ID : CVE-2025-10796
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /justines/admin/login.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10796
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /justines/admin/login.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10793 - "Code-Projects E-Commerce Website SQL Injection Vulnerability"
CVE ID : CVE-2025-10793
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability was detected in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/admin_account_delete.php. Performing manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10793
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability was detected in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/admin_account_delete.php. Performing manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25177 - NVIDIA Graphics Driver Use-After-Free Vulnerability
CVE ID : CVE-2025-25177
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25177
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10794 - PHPGurukul Car Rental Project Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-10794
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected by this issue is some unknown functionality of the file /carrental/search.php. Executing manipulation of the argument autofocus can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10794
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected by this issue is some unknown functionality of the file /carrental/search.php. Executing manipulation of the argument autofocus can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10795 - Code-projects Online Bidding System SQL Injection Vulnerability
CVE ID : CVE-2025-10795
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability has been found in code-projects Online Bidding System 1.0. This affects an unknown part of the file /administrator/bidupdate.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10795
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability has been found in code-projects Online Bidding System 1.0. This affects an unknown part of the file /administrator/bidupdate.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46711 - Adobe Photoshop NULL Pointer Dereference Vulnerability
CVE ID : CVE-2025-46711
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46711
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9983 - GALAYOU G2 Cameras RTSP Stream Authentication Bypass
CVE ID : CVE-2025-9983
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only version 11.100001.01.28 was tested, other versions might also be vulnerable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9983
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only version 11.100001.01.28 was tested, other versions might also be vulnerable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59568 - WordPress Zoho Flow Plugin <= 2.14.1 - Cross Site Request Forgery (CSRF) Vulnerability
CVE ID : CVE-2025-59568
Published : Sept. 22, 2025, 6:25 p.m. | 56 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Zoho Flow Zoho Flow allows Cross Site Request Forgery. This issue affects Zoho Flow: from n/a through 2.14.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59568
Published : Sept. 22, 2025, 6:25 p.m. | 56 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Zoho Flow Zoho Flow allows Cross Site Request Forgery. This issue affects Zoho Flow: from n/a through 2.14.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59567 - WordPress Coupon Affiliates Plugin <= 6.8.0 - Broken Access Control Vulnerability
CVE ID : CVE-2025-59567
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.8.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59567
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.8.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59565 - WordPress Upsell Order Bump Offer for WooCommerce Plugin <= 3.0.7 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-59565
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Upsell Order Bump Offer for WooCommerce allows Stored XSS. This issue affects Upsell Order Bump Offer for WooCommerce: from n/a through 3.0.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59565
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Upsell Order Bump Offer for WooCommerce allows Stored XSS. This issue affects Upsell Order Bump Offer for WooCommerce: from n/a through 3.0.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59562 - WordPress Academy LMS Plugin <= 3.3.4 - Insecure Direct Object References (IDOR) Vulnerability
CVE ID : CVE-2025-59562
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS Academy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Academy LMS: from n/a through 3.3.4.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59562
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS Academy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Academy LMS: from n/a through 3.3.4.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59561 - WordPress Smart Blocks Plugin <= 2.4 - Broken Access Control Vulnerability
CVE ID : CVE-2025-59561
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in hashthemes Smart Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Blocks: from n/a through 2.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59561
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in hashthemes Smart Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Blocks: from n/a through 2.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59559 - WordPress Payrexx Payment Gateway for WooCommerce Plugin <= 3.1.5 - Broken Access Control Vulnerability
CVE ID : CVE-2025-59559
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in payrexx Payrexx Payment Gateway for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payrexx Payment Gateway for WooCommerce: from n/a through 3.1.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59559
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in payrexx Payrexx Payment Gateway for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payrexx Payment Gateway for WooCommerce: from n/a through 3.1.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59553 - WordPress Custom iFrame for Elementor Plugin <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-59553
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coderz Studio Custom iFrame for Elementor allows DOM-Based XSS. This issue affects Custom iFrame for Elementor: from n/a through 1.0.13.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59553
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coderz Studio Custom iFrame for Elementor allows DOM-Based XSS. This issue affects Custom iFrame for Elementor: from n/a through 1.0.13.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...