Latest CVE Feed
-
9.8
CRITICALCVE-2025-63747
QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an at... Read more
Affected Products : qatraq- Published: Nov. 17, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Authentication
-
6.1
MEDIUMCVE-2025-63708
Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism wh... Read more
Affected Products : ai_font_matcher- Published: Nov. 17, 2025
- Modified: Nov. 20, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-13289
A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Affected is an unknown function of the file /TeacherLogin/Academics/SubjectDetails.php. The manipulation of the argument SubCode results in sql in... Read more
Affected Products : design_\&_development_of_student_database_management_system- Published: Nov. 17, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
9.0
HIGHCVE-2025-13288
A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out ... Read more
- Published: Nov. 17, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Memory Corruption