🚨 CVE-2025-55321
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an authorized attacker to perform spoofing over a network.

🎖@cveNotify

🚨 CVE-2025-59247
Azure PlayFab Elevation of Privilege Vulnerability

🎖@cveNotify

🚨 CVE-2025-21057
Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes.

🎖@cveNotify

🚨 CVE-2025-11582
A vulnerability was detected in code-projects Online Job Search Engine 1.0. This issue affects some unknown processing of the file /registration.php. Performing manipulation of the argument txtusername results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.

🎖@cveNotify

🚨 CVE-2025-11583
A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.

🎖@cveNotify

🚨 CVE-2025-11584
A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation of the argument txtspecialization leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

🎖@cveNotify

🚨 CVE-2025-11585
A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

🎖@cveNotify

🚨 CVE-2025-54914
Azure Networking Elevation of Privilege Vulnerability

🎖@cveNotify

🚨 CVE-2025-9842
A vulnerability was detected in Das Parking Management System 停车场管理系统 6.2.0. This impacts an unknown function of the file /Operator/Search. The manipulation results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used.

🎖@cveNotify

🚨 CVE-2025-9843
A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. It is possible to initiate the attack remotely. The exploit has been published and may be used.

🎖@cveNotify

🚨 CVE-2025-57833
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().

🎖@cveNotify

🚨 CVE-2025-59257
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

🎖@cveNotify

🚨 CVE-2025-59258
Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.

🎖@cveNotify

🚨 CVE-2025-59259
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

🎖@cveNotify

🚨 CVE-2025-59260
Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.

🎖@cveNotify

🚨 CVE-2025-59280
Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.

🎖@cveNotify

🚨 CVE-2024-58135
Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default

When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

🎖@cveNotify

🚨 CVE-2024-58134
Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default.

These predictable default secrets can be exploited by an attacker to forge session cookies.  An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

🎖@cveNotify

🚨 CVE-2025-36087
IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

🎖@cveNotify

🚨 CVE-2025-11660
A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets/uploadSllyabus.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable.

🎖@cveNotify

🚨 CVE-2025-11550
A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used.

🎖@cveNotify