CVE-2025-10813 - code-projects Hostel Management System index.php sql injection
CVE ID : CVE-2025-10813
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : A vulnerability was found in code-projects Hostel Management System 1.0. Affected is an unknown function of the file /justines/admin/mod_reports/index.php. The manipulation of the argument Home results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10813
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : A vulnerability was found in code-projects Hostel Management System 1.0. Affected is an unknown function of the file /justines/admin/mod_reports/index.php. The manipulation of the argument Home results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57203 - MagicProject AI Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-57203
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS) vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a multipart/form-data POST request. Due to insufficient input sanitization, attackers can inject HTML-based JavaScript payloads. This payload is stored and rendered unsanitized in subsequent views, leading to execution in other users' browsers when they access affected content. This issue allows an authenticated attacker to execute arbitrary JavaScript in the context of another user, potentially leading to session hijacking, privilege escalation, data exfiltration, or administrative account takeover. The application does not implement a Content Security Policy (CSP) or adequate input filtering to prevent such attacks. A fix should include proper sanitization, output encoding, and strong CSP enforcement to mitigate exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57203
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS) vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a multipart/form-data POST request. Due to insufficient input sanitization, attackers can inject HTML-based JavaScript payloads. This payload is stored and rendered unsanitized in subsequent views, leading to execution in other users' browsers when they access affected content. This issue allows an authenticated attacker to execute arbitrary JavaScript in the context of another user, potentially leading to session hijacking, privilege escalation, data exfiltration, or administrative account takeover. The application does not implement a Content Security Policy (CSP) or adequate input filtering to prevent such attacks. A fix should include proper sanitization, output encoding, and strong CSP enforcement to mitigate exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59432 - Timing Attack Vulnerability in SCRAM Authentication
CVE ID : CVE-2025-59432
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how many leading bytes match. This behavior could allow an attacker to perform a timing side-channel attack and potentially infer sensitive authentication material. All users relying on SCRAM authentication are impacted. This vulnerability has been patched in version 3.1 by replacing Arrays.equals with MessageDigest.isEqual, which ensures constant-time comparison.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59432
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how many leading bytes match. This behavior could allow an attacker to perform a timing side-channel attack and potentially infer sensitive authentication material. All users relying on SCRAM authentication are impacted. This vulnerability has been patched in version 3.1 by replacing Arrays.equals with MessageDigest.isEqual, which ensures constant-time comparison.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59433 - @conventional-changelog/git-client has an Argument Injection vulnerability
CVE ID : CVE-2025-59433
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags() API, which allows extra parameters to be passed to the git log command. In another API by this library, getRawCommits(), there are secure practices taken to ensure that the extra parameter path is unable to inject an argument by ending the git log command with the special shell syntax --. However, the library does not follow the same practice for getTags() as it does not attempt to sanitize for user input, validate the given params, or restrict them to an allow list. Nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options. Thus, allowing users to exploit an argument injection vulnerability in Git due to the --output= command-line option that results with overwriting arbitrary files. This issue has been patched in version 2.0.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59433
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags() API, which allows extra parameters to be passed to the git log command. In another API by this library, getRawCommits(), there are secure practices taken to ensure that the extra parameter path is unable to inject an argument by ending the git log command with the special shell syntax --. However, the library does not follow the same practice for getTags() as it does not attempt to sanitize for user input, validate the given params, or restrict them to an allow list. Nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options. Thus, allowing users to exploit an argument injection vulnerability in Git due to the --output= command-line option that results with overwriting arbitrary files. This issue has been patched in version 2.0.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59434 - Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function
CVE ID : CVE-2025-59434
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScript Function node. This includes secrets such as OpenAI API keys, AWS credentials, Supabase tokens, and Google Cloud secrets — resulting in a full cross-tenant data exposure. This issue has been patched in the August 2025 Cloud-Hosted Flowise.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59434
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScript Function node. This includes secrets such as OpenAI API keys, AWS credentials, Supabase tokens, and Google Cloud secrets — resulting in a full cross-tenant data exposure. This issue has been patched in the August 2025 Cloud-Hosted Flowise.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59526 - Mailgen: HTML injection vulnerability in plaintext e-mails
CVE ID : CVE-2025-59526
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintext(email) method is used and given user-generated content. This vulnerability has been patched in version 2.0.30. A workaround involves stripping all HTML tags before passing any content into Mailgen.generatePlaintext(email).
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59526
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintext(email) method is used and given user-generated content. This vulnerability has been patched in version 2.0.30. A workaround involves stripping all HTML tags before passing any content into Mailgen.generatePlaintext(email).
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59527 - FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
CVE ID : CVE-2025-59527
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. This issue has been patched in version 3.0.6.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59527
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. This issue has been patched in version 3.0.6.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59528 - Flowise has Remote Code Execution vulnerability
CVE ID : CVE-2025-59528
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation. Specifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which evaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous modules such as child_process and fs. This issue has been patched in version 3.0.6.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59528
Published : Sept. 22, 2025, 8:15 p.m. | 3 hours, 6 minutes ago
Description : Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation. Specifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which evaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous modules such as child_process and fs. This issue has been patched in version 3.0.6.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10814 - D-Link DIR-823X goahead command injection
CVE ID : CVE-2025-10814
Published : Sept. 22, 2025, 9:15 p.m. | 2 hours, 6 minutes ago
Description : A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10814
Published : Sept. 22, 2025, 9:15 p.m. | 2 hours, 6 minutes ago
Description : A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10815 - Tenda AC20 HTTP POST Request SetPptpServerCfg strcpy buffer overflow
CVE ID : CVE-2025-10815
Published : Sept. 22, 2025, 9:15 p.m. | 2 hours, 6 minutes ago
Description : A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10815
Published : Sept. 22, 2025, 9:15 p.m. | 2 hours, 6 minutes ago
Description : A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47910 - CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http
CVE ID : CVE-2025-47910
Published : Sept. 22, 2025, 9:15 p.m. | 2 hours, 6 minutes ago
Description : When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47910
Published : Sept. 22, 2025, 9:15 p.m. | 2 hours, 6 minutes ago
Description : When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57204 - Stocky POS XSS - Stored Cross-Site Scripting in Products Module
CVE ID : CVE-2025-57204
Published : Sept. 22, 2025, 9:15 p.m. | 2 hours, 6 minutes ago
Description : Stocky POS with Inventory Management & HRM (ui-lib) version 5.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability within the Products module available to authenticated users. The vulnerability resides in the product name parameter submitted to the product-creation endpoint via a standard POST form. Due to insufficient input sanitization and output encoding, attackers can inject HTML/JS payloads. The payload is stored and subsequently rendered unsanitized in downstream views, leading to JavaScript execution in other users' browsers when they access the affected product pages. This issue allows an authenticated attacker to execute arbitrary JavaScript in the context of another user, potentially enabling session hijacking, privilege escalation within the application, data exfiltration, or administrative account takeover. The application also lacks a restrictive Content Security Policy (CSP), increasing exploitability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57204
Published : Sept. 22, 2025, 9:15 p.m. | 2 hours, 6 minutes ago
Description : Stocky POS with Inventory Management & HRM (ui-lib) version 5.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability within the Products module available to authenticated users. The vulnerability resides in the product name parameter submitted to the product-creation endpoint via a standard POST form. Due to insufficient input sanitization and output encoding, attackers can inject HTML/JS payloads. The payload is stored and subsequently rendered unsanitized in downstream views, leading to JavaScript execution in other users' browsers when they access the affected product pages. This issue allows an authenticated attacker to execute arbitrary JavaScript in the context of another user, potentially enabling session hijacking, privilege escalation within the application, data exfiltration, or administrative account takeover. The application also lacks a restrictive Content Security Policy (CSP), increasing exploitability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57205 - iNiLabs School Express SMS Express Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2025-57205
Published : Sept. 22, 2025, 9:15 p.m. | 2 hours, 6 minutes ago
Description : iNiLabs School Express (SMS Express) 6.2 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the content-management features available to authenticated admin users. The vulnerability resides in POSTed editor parameters submitted to the /posts/edit/{id} endpoint (and similarly in Notice and Pages editors). Due to insufficient input sanitization and output encoding, attackers can inject HTML/JS payloads. The payload is saved and later rendered unsanitized, resulting in JavaScript execution in other users' browsers when they access the affected content. This issue allows an authenticated attacker to execute arbitrary JavaScript in the context of another user, potentially leading to session hijacking, privilege escalation, data exfiltration, or administrative account takeover. The application does not enforce a restrictive Content Security Policy (CSP) or adequate filtering to prevent such attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57205
Published : Sept. 22, 2025, 9:15 p.m. | 2 hours, 6 minutes ago
Description : iNiLabs School Express (SMS Express) 6.2 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the content-management features available to authenticated admin users. The vulnerability resides in POSTed editor parameters submitted to the /posts/edit/{id} endpoint (and similarly in Notice and Pages editors). Due to insufficient input sanitization and output encoding, attackers can inject HTML/JS payloads. The payload is saved and later rendered unsanitized, resulting in JavaScript execution in other users' browsers when they access the affected content. This issue allows an authenticated attacker to execute arbitrary JavaScript in the context of another user, potentially leading to session hijacking, privilege escalation, data exfiltration, or administrative account takeover. The application does not enforce a restrictive Content Security Policy (CSP) or adequate filtering to prevent such attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59532 - Codex has sandbox bypass due to bug in path configuration logic
CVE ID : CVE-2025-59532
Published : Sept. 22, 2025, 9:16 p.m. | 2 hours, 6 minutes ago
Description : Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and command execution where the Codex process has permissions - this did not impact the network-disabled sandbox restriction. This issue has been patched in Codex CLI 0.39.0 that canonicalizes and validates that the boundary used for sandbox policy is based on where the user started the session, and not the one generated by the model. Users running 0.38.0 or earlier should update immediately via their package manager or by reinstalling the latest Codex CLI to ensure sandbox boundaries are enforced. If using the Codex IDE extension, users should immediately update to 0.4.12 for a fix of the sandbox issue.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59532
Published : Sept. 22, 2025, 9:16 p.m. | 2 hours, 6 minutes ago
Description : Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and command execution where the Codex process has permissions - this did not impact the network-disabled sandbox restriction. This issue has been patched in Codex CLI 0.39.0 that canonicalizes and validates that the boundary used for sandbox policy is based on where the user started the session, and not the one generated by the model. Users running 0.38.0 or earlier should update immediately via their package manager or by reinstalling the latest Codex CLI to ensure sandbox boundaries are enforced. If using the Codex IDE extension, users should immediately update to 0.4.12 for a fix of the sandbox issue.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59535 - DotNetNuke.Core allows loading of unused themes on anonymous clients through query parameters
CVE ID : CVE-2025-59535
Published : Sept. 22, 2025, 9:16 p.m. | 2 hours, 6 minutes ago
Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. This issue has been patched in version 10.1.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59535
Published : Sept. 22, 2025, 9:16 p.m. | 2 hours, 6 minutes ago
Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. This issue has been patched in version 10.1.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10816 - Jinher OA XML text xml external entity reference
CVE ID : CVE-2025-10816
Published : Sept. 22, 2025, 10:15 p.m. | 1 hour, 6 minutes ago
Description : A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add of the component XML Handler. Performing manipulation results in xml external entity reference. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10816
Published : Sept. 22, 2025, 10:15 p.m. | 1 hour, 6 minutes ago
Description : A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add of the component XML Handler. Performing manipulation results in xml external entity reference. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10817 - Campcodes Online Learning Management System admin_user.php sql injection
CVE ID : CVE-2025-10817
Published : Sept. 22, 2025, 10:15 p.m. | 1 hour, 6 minutes ago
Description : A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10817
Published : Sept. 22, 2025, 10:15 p.m. | 1 hour, 6 minutes ago
Description : A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43806 - Liferay Portal Unauthenticated Remote Data Access Vulnerability
CVE ID : CVE-2025-43806
Published : Sept. 22, 2025, 10:15 p.m. | 1 hour, 6 minutes ago
Description : Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via the REST APIs.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43806
Published : Sept. 22, 2025, 10:15 p.m. | 1 hour, 6 minutes ago
Description : Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via the REST APIs.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43810 - Liferay Portal Liferay Commerce Order IDOR
CVE ID : CVE-2025-43810
Published : Sept. 22, 2025, 10:29 p.m. | 52 minutes ago
Description : Insecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a note to an order in a different virtual instance via the _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId parameter.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43810
Published : Sept. 22, 2025, 10:29 p.m. | 52 minutes ago
Description : Insecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a note to an order in a different virtual instance via the _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId parameter.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10819 - fuyang_lipengjun platform queryAll UserCouponController improper authorization
CVE ID : CVE-2025-10819
Published : Sept. 22, 2025, 10:32 p.m. | 50 minutes ago
Description : A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10819
Published : Sept. 22, 2025, 10:32 p.m. | 50 minutes ago
Description : A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10820 - fuyang_lipengjun platform queryAll TopicController improper authorization
CVE ID : CVE-2025-10820
Published : Sept. 22, 2025, 10:32 p.m. | 50 minutes ago
Description : A vulnerability was detected in fuyang_lipengjun platform 1.0. Impacted is the function TopicController of the file /topic/queryAll. The manipulation results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10820
Published : Sept. 22, 2025, 10:32 p.m. | 50 minutes ago
Description : A vulnerability was detected in fuyang_lipengjun platform 1.0. Impacted is the function TopicController of the file /topic/queryAll. The manipulation results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...