CVE-2025-10870 - SQL injection in DIAL's CentrosNet
CVE ID : CVE-2025-10870
Published : Nov. 7, 2025, 10:15 a.m. | 1 hour, 38 minutes ago
Description : SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10870
Published : Nov. 7, 2025, 10:15 a.m. | 1 hour, 38 minutes ago
Description : SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10968 - SQLi in GG Soft's PaperWork
CVE ID : CVE-2025-10968
Published : Nov. 7, 2025, 1:15 p.m. | 39 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10968
Published : Nov. 7, 2025, 1:15 p.m. | 39 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12853 - SourceCodester Best House Rental Management System admin_class.php delete_house sql injection
CVE ID : CVE-2025-12853
Published : Nov. 7, 2025, 1:15 p.m. | 39 minutes ago
Description : A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. This affects the function delete_house of the file /admin_class.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12853
Published : Nov. 7, 2025, 1:15 p.m. | 39 minutes ago
Description : A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. This affects the function delete_house of the file /admin_class.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12854 - newbee-mall-plus seckillExecution executeSeckill authorization
CVE ID : CVE-2025-12854
Published : Nov. 7, 2025, 1:15 p.m. | 39 minutes ago
Description : A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12854
Published : Nov. 7, 2025, 1:15 p.m. | 39 minutes ago
Description : A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12855 - code-projects Responsive Hotel Site newsletterdel.php sql injection
CVE ID : CVE-2025-12855
Published : Nov. 7, 2025, 1:32 p.m. | 22 minutes ago
Description : A security flaw has been discovered in code-projects Responsive Hotel Site 1.0. This issue affects some unknown processing of the file /admin/newsletterdel.php. The manipulation of the argument eid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12855
Published : Nov. 7, 2025, 1:32 p.m. | 22 minutes ago
Description : A security flaw has been discovered in code-projects Responsive Hotel Site 1.0. This issue affects some unknown processing of the file /admin/newsletterdel.php. The manipulation of the argument eid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12856 - code-projects Responsive Hotel Site reservation.php sql injection
CVE ID : CVE-2025-12856
Published : Nov. 7, 2025, 1:32 p.m. | 22 minutes ago
Description : A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12856
Published : Nov. 7, 2025, 1:32 p.m. | 22 minutes ago
Description : A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12857 - code-projects Responsive Hotel Site roombook.php sql injection
CVE ID : CVE-2025-12857
Published : Nov. 7, 2025, 2:15 p.m. | 2 hours, 4 minutes ago
Description : A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.php. Such manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12857
Published : Nov. 7, 2025, 2:15 p.m. | 2 hours, 4 minutes ago
Description : A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.php. Such manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34299 - Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload
CVE ID : CVE-2025-34299
Published : Nov. 7, 2025, 2:15 p.m. | 2 hours, 4 minutes ago
Description : Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34299
Published : Nov. 7, 2025, 2:15 p.m. | 2 hours, 4 minutes ago
Description : Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58469 - QuLog Center
CVE ID : CVE-2025-58469
Published : Nov. 7, 2025, 3:08 p.m. | 1 hour, 11 minutes ago
Description : A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: QuLog Center 1.8.2.927 ( 2025/09/17 ) and later
Severity: 1.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58469
Published : Nov. 7, 2025, 3:08 p.m. | 1 hour, 11 minutes ago
Description : A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: QuLog Center 1.8.2.927 ( 2025/09/17 ) and later
Severity: 1.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58465 - Download Station
CVE ID : CVE-2025-58465
Published : Nov. 7, 2025, 3:09 p.m. | 1 hour, 10 minutes ago
Description : A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58465
Published : Nov. 7, 2025, 3:09 p.m. | 1 hour, 10 minutes ago
Description : A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58464 - QuMagie
CVE ID : CVE-2025-58464
Published : Nov. 7, 2025, 3:10 p.m. | 1 hour, 9 minutes ago
Description : A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QuMagie 2.7.3 and later
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58464
Published : Nov. 7, 2025, 3:10 p.m. | 1 hour, 9 minutes ago
Description : A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QuMagie 2.7.3 and later
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58463 - Download Station
CVE ID : CVE-2025-58463
Published : Nov. 7, 2025, 3:10 p.m. | 1 hour, 9 minutes ago
Description : A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58463
Published : Nov. 7, 2025, 3:10 p.m. | 1 hour, 9 minutes ago
Description : A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57712 - Qsync Central
CVE ID : CVE-2025-57712
Published : Nov. 7, 2025, 3:11 p.m. | 1 hour, 8 minutes ago
Description : A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.3 ( 2025/08/28 ) and later
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57712
Published : Nov. 7, 2025, 3:11 p.m. | 1 hour, 8 minutes ago
Description : A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.3 ( 2025/08/28 ) and later
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57706 - File Station 5
CVE ID : CVE-2025-57706
Published : Nov. 7, 2025, 3:11 p.m. | 1 hour, 8 minutes ago
Description : A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57706
Published : Nov. 7, 2025, 3:11 p.m. | 1 hour, 8 minutes ago
Description : A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54168 - QuLog Center
CVE ID : CVE-2025-54168
Published : Nov. 7, 2025, 3:12 p.m. | 1 hour, 7 minutes ago
Description : A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuLog Center 1.8.2.923 ( 2025/08/27 ) and later
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54168
Published : Nov. 7, 2025, 3:12 p.m. | 1 hour, 7 minutes ago
Description : A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuLog Center 1.8.2.923 ( 2025/08/27 ) and later
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54167 - Notification Center
CVE ID : CVE-2025-54167
Published : Nov. 7, 2025, 3:12 p.m. | 1 hour, 7 minutes ago
Description : A cross-site scripting (XSS) vulnerability has been reported to affect Notification Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: Notification Center 2.1.0.3443 and later Notification Center 1.9.2.3163 and later Notification Center 3.0.0.3466 and later
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54167
Published : Nov. 7, 2025, 3:12 p.m. | 1 hour, 7 minutes ago
Description : A cross-site scripting (XSS) vulnerability has been reported to affect Notification Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: Notification Center 2.1.0.3443 and later Notification Center 1.9.2.3163 and later Notification Center 3.0.0.3466 and later
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53413 - File Station 5
CVE ID : CVE-2025-53413
Published : Nov. 7, 2025, 3:13 p.m. | 1 hour, 6 minutes ago
Description : An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53413
Published : Nov. 7, 2025, 3:13 p.m. | 1 hour, 6 minutes ago
Description : An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53412 - File Station 5
CVE ID : CVE-2025-53412
Published : Nov. 7, 2025, 3:13 p.m. | 1 hour, 6 minutes ago
Description : A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Severity: 0.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53412
Published : Nov. 7, 2025, 3:13 p.m. | 1 hour, 6 minutes ago
Description : A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Severity: 0.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53411 - File Station 5
CVE ID : CVE-2025-53411
Published : Nov. 7, 2025, 3:13 p.m. | 1 hour, 6 minutes ago
Description : An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Severity: 1.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53411
Published : Nov. 7, 2025, 3:13 p.m. | 1 hour, 6 minutes ago
Description : An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Severity: 1.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53410 - File Station 5
CVE ID : CVE-2025-53410
Published : Nov. 7, 2025, 3:14 p.m. | 1 hour, 5 minutes ago
Description : An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53410
Published : Nov. 7, 2025, 3:14 p.m. | 1 hour, 5 minutes ago
Description : An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53409 - File Station 5
CVE ID : CVE-2025-53409
Published : Nov. 7, 2025, 3:14 p.m. | 1 hour, 5 minutes ago
Description : An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53409
Published : Nov. 7, 2025, 3:14 p.m. | 1 hour, 5 minutes ago
Description : An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...