Magewell Ultra Encode 安全漏洞

Magewell Ultra Encode is a video encoder from the Chinese company Magewell. A security vulnerability exists in Magewell Ultra Encode version 1.2.213, which originates from a cross-site request forgery in the /mwapi?method=add-user component...

PT-2025-47867

A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add book.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released ...

CVE-2025-62293

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...

Fake calendar invites are spreading. Here’s how to remove them and prevent more

We’re seeing a surge in phishing calendar invites that users can’t delete, or that keep coming back because they sync across devices. The good news is you can remove them and block future spam by changing a few settings. Most of these unwanted calendar entries are there for phishing purposes. Mos...

CVE-2025-13424

A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addproduct.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the btrfsaddqgrouprelation function failing to free a pre-allocated qgrouplist structure when invalidating a...

CVE-2025-13396

A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public a...

CVE-2025-62293

SOPlanning is affected by Broken Access Control in the /status endpoint due to missing permission checks in Project Status functionality. An authenticated attacker can add, edit, or delete statuses. A fix is available in version 1.55. The CVE-entry is supported by Red Hat and EU vulnerability ref...

CVE-2025-62293 Broken Access Control in SOPlanning

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...

CVE-2025-13424

A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addproduct.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to...

CVE-2025-13424

A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addproduct.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to...

CVE-2025-13424 Campcodes Supplier Management System add_product.php sql injection

A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addproduct.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to...

CVE-2025-13424 Campcodes Supplier Management System add_product.php sql injection

A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addproduct.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to...

CVE-2025-13424

CVE-2025-13424 affects CampCodes Supplier Management System 1.0. The vulnerability is an SQL injection in the /admin/add_product.php endpoint, caused by unsafely handling the txtProductName parameter. Remote exploitation is possible and exploits have been disclosed publicly. The available documen...

Courier Management System add-new-officer.php File SQL Injection Vulnerability

Courier Management System is a courier management system. Courier Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ManagerName in the file /add-new-officer.php. An attacker can exploit this...

CampCodes Supplier Management System SQL注入漏洞

CampCodes Supplier Management System is a supplier management system from CampCodes, Inc. A SQL injection vulnerability exists in CampCodes Supplier Management System version 1.0, which stems from an incorrect manipulation of the parameter txtProductName in the file /admin/addproduct.php, which...

PT-2025-47542

A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add product.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to...

Mattermost Server 10.5.x < 10.5.12 / 10.11.x 10.11.4 / 11.0.0 Missing Authorization (MMSA-2025-00518)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00518 advisory. - Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows...

CVE-2025-13396

A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public a...

CVE-2025-13396

The CVE-2025-13396 entry concerns Code-Projects Courier Management System 1.0. A vulnerability exists in the /add-office.php code, where manipulating the OfficeName parameter enables SQL injection. The attack can be initiated remotely, and the exploit has been publicly released. Documents consist...