Latest CVE Feed
-
9.8
CRITICALCVE-2025-56447
TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-12488
oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authenti... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-60225
Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a through <= 1.5.0.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-63451
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.... Read more
- Published: Nov. 03, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-12307
A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument ID leads to sql injection. The attack may be performe... Read more
Affected Products : nero_social_networking_site- Published: Oct. 27, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-12930
A vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploi... Read more
Affected Products : food_ordering_system- Published: Nov. 10, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-60803
Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api/aaa;/../register.... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-53072
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access ... Read more
Affected Products : marketing- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
9.8
CRITICALCVE-2025-12315
A vulnerability was determined in code-projects Food Ordering System 1.0. This affects an unknown function of the file /admin/menu.php. Executing manipulation of the argument itemPrice can lead to sql injection. The attack can be executed remotely. The ex... Read more
Affected Products : food_ordering_system- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-12211
A security flaw has been discovered in Tenda O3 1.0.0.10(2478). Affected by this issue is the function SetValue/GetValue of the file /goform/setDmzInfo. The manipulation of the argument dmzIP results in stack-based buffer overflow. It is possible to launc... Read more
- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-12487
oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authenti... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-60548
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-58967
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects Businext: from n/a through < 2.4.4.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-12265
A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The e... Read more
- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-13257
A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can... Read more
Affected Products : inventory_management_system- Published: Nov. 17, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-12271
A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly ... Read more
- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-12215
A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /login_submit.php. Executing manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit h... Read more
Affected Products : online_shopping_system- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-60232
Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through <= 8.0.5.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-12226
A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performing manipulation of the argument house_no results in sql injection. Remote exploitation of the at... Read more
Affected Products : best_house_rental_management_system- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-34277
Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can caus... Read more
Affected Products : log_server- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Injection