CVE-2025-13109

CVE-2025-13109 concerns the WordPress plugin HUSKY – Products Filter Professional for WooCommerce (versions

CVE-2025-13109 HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query'

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woofaddquery" and "woofremovequery" functions due to missing validation on a user controlled key. This makes it...

WordPress HUSKY plugin <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query' vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference via 'woofaddquery/woofremovequery' vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin HUSKY versions = 1.3.7.2...

CVE-2025-64070

Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting XSS in the Add New Subject Description field...

CVE-2025-65215

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting XSS in /productexpiry/add-supplier.php via the Supplier Name field...

Masa CMS 代码注入漏洞

Masa CMS is a digital experience platform. A code injection vulnerability exists in Masa CMS versions prior to 7.2.8, prior to 7.3.13, and prior to 7.4.6, which stems from the addParam function accepting user input and evaluating it via setDynamicContent, which could lead to remote code execution...

PT-2025-48805

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woof add query" and "woof remove query" functions due to missing validation on a user controlled key. This makes i...

Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.1 (SVD-2025-1207)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1207 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4,...

EUVD-2025-200293

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting XSS in /productexpiry/add-supplier.php via the Supplier Name field...

CVE-2025-65215

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting XSS in /productexpiry/add-supplier.php via the Supplier Name field...

CVE-2025-65215

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting XSS in /productexpiry/add-supplier.php via the Supplier Name field...

CVE-2025-64070

Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting XSS in the Add New Subject Description field...

CVE-2025-64070

Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting XSS in the Add New Subject Description field...

CVE-2025-11783

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...

CVE-2025-20373

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

Command Injection

Overview agentc is a The front-facing package for the Couchbase Agent Catalog project. Affected versions of this package are vulnerable to Command Injection due to unsafe use of subprocess.run when invoking the default system editor during the agentc add operation. The application directly execut...

SourceCodester Student Grades Management System 安全漏洞

SourceCodester Student Grades Management System is a SourceCodester open source student grades management system. A security vulnerability exists in Sourcecodester Student Grades Management System v1.0, which originates from a cross-site scripting attack on the Add New Subject Description field...

CVE-2025-64070

Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting XSS in the Add New Subject Description field...

CVE-2025-65215

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting XSS in /productexpiry/add-supplier.php via the Supplier Name field...

PT-2025-48673

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the AddEvent function when handling user-supplied usernames. The issue occurs because the function copies the username input to a fixed-size buffe...