Latest CVE Feed
- 
                                
                                7.2HIGHCVE-2025-11071A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admin_cron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. T... Read more Affected Products : seacms- Published: Sep. 27, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-11503A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1.1. This issue affects some unknown processing of the file /admin/manage-services.php. Executing manipulation of the argument delid can lead to sql injection. The attack may be... Read more Affected Products : beauty_parlour_management_system- Published: Oct. 08, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-11505A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/new-appointment.php. The manipulation of the argument delid leads to sql injection. It is possible to initiate the attack... Read more Affected Products : beauty_parlour_management_system- Published: Oct. 08, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Injection
 
- 
                                
                                8.8HIGHCVE-2025-11515A security flaw has been discovered in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/users/register-complaint.php. Performing manipulation of the argument cid results in sql injection. It is possible ... Read more - Published: Oct. 09, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Injection
 
- 
                                
                                6.1MEDIUMCVE-2025-11512A vulnerability was found in code-projects Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/voters_add.php. The manipulation of the argument Firstname/Lastname/Platform results in cross site scripting. The attack ... Read more Affected Products : voting_system- Published: Oct. 09, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                9.8CRITICALCVE-2025-11513A vulnerability was determined in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/supplier_update.php. This manipulation of the argument supp_id causes sql injection. The attack is possible to be carried out remotely.... Read more - Published: Oct. 09, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Injection
 
- 
                                
                                8.8HIGHCVE-2025-11514A vulnerability was identified in code-projects Online Complaint Site 1.0. This vulnerability affects unknown code of the file /cms/users/index.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote... Read more - Published: Oct. 09, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Injection
 
- 
                                
                                7.5HIGHCVE-2025-61772Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parse... Read more Affected Products : rack- Published: Oct. 07, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                7.5HIGHCVE-2025-61771Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a mu... Read more Affected Products : rack- Published: Oct. 07, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                7.5HIGHCVE-2025-61770Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart preamble (bytes before the first boundary) in memory without any size limit. A client can send a large prea... Read more Affected Products : rack- Published: Oct. 07, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                8.2HIGHCVE-2025-60959OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.... Read more - Published: Oct. 06, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Injection
 
- 
                                
                                8.0HIGHCVE-2025-60956Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive inf... Read more - Published: Oct. 06, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Cross-Site Request Forgery
 
- 
                                
                                9.9CRITICALCVE-2025-60957OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.... Read more - Published: Oct. 06, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Injection
 
- 
                                
                                7.3HIGHCVE-2025-60958Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.... Read more - Published: Oct. 06, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                8.2HIGHCVE-2025-60960OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.... Read more - Published: Oct. 06, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Injection
 
- 
                                
                                6.1MEDIUMCVE-2025-60961Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.... Read more - Published: Oct. 06, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                8.2HIGHCVE-2025-60962OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.... Read more - Published: Oct. 06, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Injection
 
- 
                                
                                8.2HIGHCVE-2025-60963OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.... Read more - Published: Oct. 06, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-59943phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is oft... Read more Affected Products : phpmyfaq- Published: Oct. 03, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Authentication
 
- 
                                
                                7.1HIGHCVE-2025-46819Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exist... Read more Affected Products : redis- Published: Oct. 03, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Denial of Service
 
 
                         
                         
                         
                                             
                                            