Latest CVE Feed
-
6.5
MEDIUMCVE-2025-61758
Vulnerability in the PeopleSoft Enterprise FIN IT Asset Management product of Oracle PeopleSoft (component: IT Asset Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network... Read more
Affected Products : peoplesoft_enterprise_fin_it_asset_management- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
6.5
MEDIUMCVE-2025-57712
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability ... Read more
Affected Products : qsync_central- Published: Nov. 07, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-13234
A vulnerability was found in itsourcecode Inventory Management System 1.0. The impacted element is an unknown function of the file /index.php?q=product. Performing manipulation of the argument PROID results in sql injection. It is possible to initiate the... Read more
Affected Products :- Published: Nov. 16, 2025
- Modified: Nov. 16, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13238
A weakness has been identified in Bdtask Flight Booking Software 4. Affected by this vulnerability is an unknown functionality of the file /agent/profile/edit of the component Edit Profile Page. This manipulation causes unrestricted upload. The attack may... Read more
Affected Products :- Published: Nov. 16, 2025
- Modified: Nov. 16, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-13249
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unr... Read more
Affected Products : jiusi_oa- Published: Nov. 16, 2025
- Modified: Nov. 16, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-12222
A security vulnerability has been detected in Bdtask Flight Booking Software up to 3.1. Affected by this issue is some unknown functionality of the file /admin/transaction/deposit of the component Deposit Handler. The manipulation leads to unrestricted up... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-11758
The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated user... Read more
Affected Products : all_in_one_time_clock_lite- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-54335
An issue was discovered in the GPU driver in Samsung Mobile Processor Exynos 1480, 2400, 1580, 2500. There is a use-after-free in the Xclipse GPU Driver.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-54327
An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1380, W920, W930, W1000. Improper input validation in the VTS driver leads to an arbitrary write.... Read more
Affected Products : exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_2200 exynos_1280 exynos_1380- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-13265
A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traver... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-13256
A weakness has been identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrow.php. Executing manipulation of the argument roll_number can lead to sql injection. It is possible to launch the att... Read more
Affected Products : advanced_library_management_system- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-12922
A vulnerability was found in OpenClinica Community Edition up to 3.12.2/3.13. This affects an unknown part of the file /ImportCRFData?action=confirm of the component CRF Data Import. Performing manipulation of the argument xml_file results in path travers... Read more
Affected Products :- Published: Nov. 10, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-13264
A security flaw has been discovered in SourceCodester Online Magazine Management System 1.0. This affects an unknown part of the file /view_magazine.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13269
A vulnerability has been found in Campcodes School Fees Payment Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_payment. The manipulation of the argument ID leads to sql injection. The attack may be ini... Read more
Affected Products : school_fees_payment_management_system- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-62019
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.8.... Read more
Affected Products : recipe_card_blocks_for_gutenberg_\&_elementor- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-62984
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through <= 2.6.1.... Read more
Affected Products : wp_adcenter- Published: Oct. 27, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-13270
A vulnerability was found in Campcodes School Fees Payment Management System 1.0. This affects an unknown function of the file /ajax.php?action=save_course. The manipulation of the argument ID results in sql injection. The attack may be launched remotely.... Read more
Affected Products : school_fees_payment_management_system- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-43507
A privacy issue was addressed by moving sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to fingerprint the user.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-13273
A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_payment. Performing manipulation of the argument ID results in sql i... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13260
A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/edit_product.php. Such manipulation of the argument cmbProductUnit leads to sql injection. The attack may be launched re... Read more
Affected Products : supplier_management_system- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection