π¨ CVE-2025-10398
A security flaw has been discovered in fcba_zzm ics-park Smart Park Management System 2.0. This vulnerability affects unknown code of the file FileUploadUtils.java. The manipulation of the argument File results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
A security flaw has been discovered in fcba_zzm ics-park Smart Park Management System 2.0. This vulnerability affects unknown code of the file FileUploadUtils.java. The manipulation of the argument File results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
GitHub
ICS-Park Improper File Upload Extension Validation Leading to Stored Cross-Site Scripting (XSS) Β· Issue #2 Β· Yyjccc/CVE
ICS-Park Improper File Upload Extension Validation Leading to Stored Cross-Site Scripting (XSS) NAME OF AFFECTED PRODUCT(S) ics-park Vendor Homepage https://gitee.com/fcba_zzm/ AFFECTED AND/OR FIXE...
π¨ CVE-2025-0164
IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment.
π@cveNotify
IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment.
π@cveNotify
Ibm
Security Bulletin: IBM QRadar SIEM is affected by by improper permission assignment (CVE-2025-0164)
IBM QRadar SIEM is affected by improper permission assignment. Local privileged users may perform unauthorized actions on configuration files. IBM QRadar SIEM has addressed the applicable CVE.
π¨ CVE-2025-10204
A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to change the administrator password without verifying login status or user permissions.
π@cveNotify
A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to change the administrator password without verifying login status or user permissions.
π@cveNotify
Lge
LG Product Security
Web site created using create-react-app
π¨ CVE-2025-10399
A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
π¨ CVE-2025-36035
IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.
π@cveNotify
IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.
π@cveNotify
Ibm
Security Bulletin: This Power System update is being released to address CVE-2025-36035
The PowerVM hypervisor is vulnerable to a carefully crafted IBMi hypervisor call that can crash system or make a limited amount of system memory available
π¨ CVE-2025-10400
A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Impacted is an unknown function of the file /routers/ticket-message.php. Such manipulation of the argument ticket_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Impacted is an unknown function of the file /routers/ticket-message.php. Such manipulation of the argument ticket_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
GitHub
SourceCodester Food Ordering Management System /ticket-message.php SQL injection Β· Issue #12 Β· lrjbsyh/CVE_Hunter
SourceCodester Food Ordering Management System /ticket-message.php SQL injection NAME OF AFFECTED PRODUCT(S) Food Ordering Management System in PHP and MySQL Free Source Code Vendor Homepage [Food ...
π¨ CVE-2025-10401
A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument target_addr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
π@cveNotify
A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument target_addr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
π@cveNotify
GitHub
D-Link/D-Link DIR-823X AX3000.md at main Β· Cpppq43/D-Link
Contribute to Cpppq43/D-Link development by creating an account on GitHub.
π₯1
π¨ CVE-2025-10402
A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/readenq.php. Executing manipulation of the argument delid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/readenq.php. Executing manipulation of the argument delid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
π@cveNotify
GitHub
phpgurukul Beauty Parlour Management System Project V1.1 /admin/readenq.php SQL injection Β· Issue #6 Β· LitBot123/mycve
phpgurukul Beauty Parlour Management System Project V1.1 /admin/readenq.php SQL injection NAME OF AFFECTED PRODUCT(S) Beauty Parlour Management System Vendor Homepage https://phpgurukul.com/beauty-...
π¨ CVE-2025-6051
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer` class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises from the method's handling of numeric strings, which can be exploited using crafted input strings containing long sequences of digits, leading to excessive CPU consumption. This vulnerability impacts text-to-speech and number normalization tasks, potentially causing service disruption, resource exhaustion, and API vulnerabilities.
π@cveNotify
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer` class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises from the method's handling of numeric strings, which can be exploited using crafted input strings containing long sequences of digits, leading to excessive CPU consumption. This vulnerability impacts text-to-speech and number normalization tasks, potentially causing service disruption, resource exhaustion, and API vulnerabilities.
π@cveNotify
GitHub
Import regex/re correctly Β· huggingface/transformers@ba8eaba
π€ Transformers: the model-definition framework for state-of-the-art machine learning models in text, vision, audio, and multimodal models, for both inference and training. - Import regex/re correctly Β· huggingface/transformers@ba8eaba
π¨ CVE-2025-10403
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/view-enquiry.php. The manipulation of the argument viewid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/view-enquiry.php. The manipulation of the argument viewid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
phpgurukul Beauty Parlour Management System Project V1.1 /admin/view-enquiry.php SQL injection Β· Issue #7 Β· LitBot123/mycve
phpgurukul Beauty Parlour Management System Project V1.1 /admin/view-enquiry.php SQL injection NAME OF AFFECTED PRODUCT(S) Beauty Parlour Management System Vendor Homepage https://phpgurukul.com/be...
π¨ CVE-2025-10404
A vulnerability was found in itsourcecode Baptism Information Management System 1.0. This impacts an unknown function of the file /rptbaptismal.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
π@cveNotify
A vulnerability was found in itsourcecode Baptism Information Management System 1.0. This impacts an unknown function of the file /rptbaptismal.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
π@cveNotify
GitHub
itsourcecode.com Baptism Information Management System Project V1.0/rptbaptismal.php SQL injection Β· Issue #5 Β· peri0d/my_cve
itsourcecode.com Baptism Information Management System Project V1.0/rptbaptismal.php SQL injection NAME OF AFFECTED PRODUCT(S) Baptism Information Management System Vendor Homepage itsourcecode.com...
π¨ CVE-2025-10405
A vulnerability was determined in itsourcecode Baptism Information Management System 1.0. Affected is an unknown function of the file /listbaptism.php. This manipulation of the argument bapt_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in itsourcecode Baptism Information Management System 1.0. Affected is an unknown function of the file /listbaptism.php. This manipulation of the argument bapt_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
itsourcecode.com Baptism Information Management System Project V1.0 /listbaptism.php SQL injection Β· Issue #4 Β· peri0d/my_cve
itsourcecode.com Baptism Information Management System Project V1.0 /listbaptism.php SQL injection NAME OF AFFECTED PRODUCT(S) Baptism Information Management System Vendor Homepage itsourcecode.com...
π¨ CVE-2025-10407
A vulnerability was identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_user.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
π@cveNotify
A vulnerability was identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_user.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
π@cveNotify
GitHub
# sourcecodester Student Grading System using PHP/MySQL Project V1.0 /view_user.php SQL injection Β· Issue #3 Β· qcycop0101-hash/CVE
sourcecodester Student Grading System using PHP/MySQL Project V1.0 /view_user.php SQL injection NAME OF AFFECTED PRODUCT(S) Student Grading System using PHP/MySQL Vendor Homepage https://www.source...
π¨ CVE-2025-10408
A security flaw has been discovered in SourceCodester Student Grading System 1.0. Affected by this issue is some unknown functionality of the file /edit_user.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
A security flaw has been discovered in SourceCodester Student Grading System 1.0. Affected by this issue is some unknown functionality of the file /edit_user.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
GitHub
qcycop0101-hash/CVE
Contribute to qcycop0101-hash/CVE development by creating an account on GitHub.
π¨ CVE-2025-10409
A weakness has been identified in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /rms.php?page=users. Executing manipulation of the argument fname can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /rms.php?page=users. Executing manipulation of the argument fname can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
GitHub
sourcecodester Student Grading System using PHP/MySQL Project V1.0 /rms.php SQL injection Β· Issue #5 Β· qcycop0101-hash/CVE
sourcecodester Student Grading System using PHP/MySQL Project V1.0 /rms.php SQL injection NAME OF AFFECTED PRODUCT(S) Student Grading System using PHP/MySQL Vendor Homepage https://www.sourcecodest...
π¨ CVE-2025-10410
A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
GitHub
GitHub - drew-byte/Link_Status_Checker_PoC: SSRF Vulnerability on Website Link Extractor
SSRF Vulnerability on Website Link Extractor. Contribute to drew-byte/Link_Status_Checker_PoC development by creating an account on GitHub.
π¨ CVE-2025-10411
A vulnerability was detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /stc-log-keeper/check_profile.php of the component POST Request Handler. The manipulation of the argument profile_id results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
π@cveNotify
A vulnerability was detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /stc-log-keeper/check_profile.php of the component POST Request Handler. The manipulation of the argument profile_id results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
π@cveNotify
GitHub
E-Logbook with Health Monitoring System for COVID-19 V1.0 /stc-log-keeper/check_profile.php Reflected Cross-Site Scripting (Reflectedβ¦
E-Logbook with Health Monitoring System for COVID-19 V1.0 /stc-log-keeper/check_profile.php Reflected Cross-Site Scripting (Reflected XSS) NAME OF AFFECTED PRODUCT(S) E-Logbook with Health Monitori...
π¨ CVE-2025-10413
A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_customer. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_customer. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=delete_customer SQL injection Β· Issue #82 Β· zzb1388/cve
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=delete_customer SQL injection NAME OF AFFECTED PRODUCT(S) Grocery Sales and Inventory System Vendor Homepage https://www.c...
π₯1
π¨ CVE-2025-10414
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_customer. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
π@cveNotify
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_customer. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
π@cveNotify
GitHub
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=save_customer SQL injection Β· Issue #81 Β· zzb1388/cve
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=save_customer SQL injection NAME OF AFFECTED PRODUCT(S) Grocery Sales and Inventory System Vendor Homepage https://www.cam...
π¨ CVE-2025-10415
A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=save_supplier. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=save_supplier. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=save_supplier SQL injection Β· Issue #80 Β· zzb1388/cve
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=save_supplier SQL injection NAME OF AFFECTED PRODUCT(S) Grocery Sales and Inventory System Vendor Homepage https://www.cam...
π¨ CVE-2025-59364
The express-xss-sanitizer (aka Express XSS Sanitizer) package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body.
π@cveNotify
The express-xss-sanitizer (aka Express XSS Sanitizer) package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body.
π@cveNotify
Gist
CVE-2025-59364
CVE-2025-59364. GitHub Gist: instantly share code, notes, and snippets.