Latest CVE Feed
-
8.8
HIGHCVE-2025-13570
A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=state. Performing manipulation of the argument ID results in sql injection. The attack may be initiate... Read more
Affected Products : covid_tracking_system- Published: Nov. 23, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-13571
A vulnerability was determined in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /listorder.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launch... Read more
- Published: Nov. 23, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13572
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /delete_admin.php. The manipulation of the argument admin_id leads to sql injection. Remote exploitation of the attack is poss... Read more
Affected Products : advanced_library_management_system- Published: Nov. 23, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-13573
A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add_book.php. The manipulation of the argument image results in unrestricted upload. The attack can be execute... Read more
Affected Products : advanced_library_management_system- Published: Nov. 24, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-13574
A weakness has been identified in code-projects Online Bidding System 1.0. This issue affects the function categoryadd of the file /administrator/addcategory.php. This manipulation of the argument catimage causes unrestricted upload. The attack is possibl... Read more
Affected Products : online_bidding_system- Published: Nov. 24, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-13575
A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function category_exists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field leads to sql inje... Read more
Affected Products : blog_site- Published: Nov. 24, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-13577
A flaw has been found in PHPGurukul Hostel Management System 2.1. The impacted element is an unknown function of the file /register-complaint.php. Executing manipulation of the argument cdetails can lead to cross site scripting. It is possible to launch t... Read more
Affected Products : hostel_management_system- Published: Nov. 24, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cross-Site Scripting
-
2.9
LOWCVE-2025-66382
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.... Read more
Affected Products : libexpat- Published: Nov. 28, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-20792
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-20791
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interac... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-20790
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-20789
In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Iss... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2025-20788
In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID:... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-20777
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-20776
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: A... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-20775
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS101829... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-20774
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-20773
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS101969... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-20772
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS101969... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-20771
In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Pat... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Authorization