🚨 CVE-2025-10968
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.

This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398.

🎖@cveNotify

🚨 CVE-2025-10876
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software e-BAP Automation allows Cross-Site Scripting (XSS).

This issue affects e-BAP Automation: from 1.8.96 before v.41815.

🎖@cveNotify

🚨 CVE-2025-10856
Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection.

This issue affects Teknoera: through 01102025.

🎖@cveNotify

🚨 CVE-2025-10912
Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Manipulating User-Controlled Variables.

This issue affects TemizlikYolda: through 11022026.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

🎖@cveNotify

🚨 CVE-2025-10439
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yordam Informatics Yordam Library Automation System allows SQL Injection.

This issue affects Yordam Library Automation System: from 21.5 & 21.6 before 21.7.

🎖@cveNotify

🚨 CVE-2025-10468
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beyaz Computer CityPlus allows Path Traversal.

This issue affects CityPlus: before 24.29375.

🎖@cveNotify

🚨 CVE-2025-10449
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal.

This issue affects Saysis Web Portal: from 3.1.9 & 3.2.0 before 3.2.1.

🎖@cveNotify

🚨 CVE-2025-10467
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Stored XSS.

This issue affects OBS (Student Affairs Information System): before v25.0401.

🎖@cveNotify

🚨 CVE-2025-10609
Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable.

This issue affects TigerWings ERP: from 01.01.00 before 3.03.00.

🎖@cveNotify

🚨 CVE-2025-10610
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.

This issue affects Winsure: through Version dated 21.08.2025.

🎖@cveNotify

🚨 CVE-2025-10438
Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal.

This issue affects Yordam Katalog: before 21.7.

🎖@cveNotify

🚨 CVE-2025-10228
Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking.

This issue affects Agentis: before 4.44.

🎖@cveNotify

🚨 CVE-2025-10437
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. Webpack Management System allows SQL Injection.

This issue affects Webpack Management System: through 20251119.

🎖@cveNotify

🚨 CVE-2025-8695
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad NetGIS Server allows Reflected XSS.

This issue affects NetGIS Server: from 5.2.4 through 22.08.2025.

🎖@cveNotify

🚨 CVE-2025-8411
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers.

This issue affects E-Commerce Web Design Product: before 11.08.2025.

🎖@cveNotify

🚨 CVE-2025-8463
Authorization Bypass Through User-Controlled Key vulnerability in SecHard Information Technologies SecHard allows Forceful Browsing.

This issue affects SecHard: before 3.6.2-20250805.

🎖@cveNotify

🚨 CVE-2025-9969
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vizly Web Design Real Estate Packages allows Content Spoofing, CAPEC - 593 - Session Hijacking, CAPEC - 591 - Reflected XSS.

This issue affects Real Estate Packages: before 5.1.

🎖@cveNotify

🚨 CVE-2025-8532
Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing.

This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166.

🎖@cveNotify

🚨 CVE-2025-8664
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saysis Computer Systems Trade Ltd. Co. StarCities E-Municipality Management allows Cross-Site Scripting (XSS).

This issue affects StarCities E-Municipality Management: before 20250825.

🎖@cveNotify

🚨 CVE-2026-20016
A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device.
This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

🎖@cveNotify

🚨 CVE-2026-20025
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF secret key.
This vulnerability is due to insufficient input validation when processing OSPF link-state update (LSU) packets. An attacker could exploit this vulnerability by sending crafted OSPF LSU packets. A successful exploit could allow the attacker to corrupt the heap, causing the device to reload, resulting in a DoS condition.

🎖@cveNotify