684 matches found
CVE-2025-14885
creationtimestamp| type| source ---|---|--- 2025-12-18 20:33:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mabzjy6dzz2c...
CVE-2025-14832 itsourcecode Online Cake Ordering System updateproduct.php sql injection
A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicl...
CVE-2025-67950
CVE-2025-67950 affects the WordPress All In One SEO Pack plugin (versions up to 4.9.1). The Red Hat/NVD/Patchstack entries describe an SQL injection vulnerability due to improper input handling that enables blind SQL injection with authenticated access (Contributor+) and high impact (C/H/I/H/A). ...
WordPress Events Manager – Calendar, Bookings, Tickets, and more! plugin <= 7.2.2.2 - Cross-Site Request Forgery to Location Deletion vulnerability
Cross-Site Request Forgery to Location Deletion vulnerability discovered by thinnawarth mathuros in WordPress Plugin Events Manager versions = 7.2.2.2...
Vulnerabilities fixed in Adobe Experience Manager
Adobe has fixed vulnerabilities in Adobe Experience Manager. Most of the fixed vulnerabilities involve Cross-Site Scripting XSS, which can lead to execution of arbitrary code or increase user privileges. This does require user interaction. The vulnerability with reference CVE-2025-64540 concerns ...
CVE-2025-40334
Summary: CVE-2025-40334 concerns the Linux kernel subsystem for AMD GPUs (drm/amdgpu). The issue is that the code path validating the userq object’s virtual address and size could permit operating on a user/qr virtual address that is not guaranteed to be resident in a valid VM mapping. The connec...
CVE-2025-13748 Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...
CVE-2025-65944 vulnerabilities
Vulnerabilities for packages: langfuse...
CVE-2025-59491
Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields...
Siemens SIMATIC Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2024-42292)
In the Linux kernel, the following vulnerability has been resolved: kobjectuevent: Fix OOB access within zapmodaliasenv zapmodaliasenv wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed b...
EUVD-2000-0739
Malware in sbrugna...
EUVD-1999-0335
Malware in sbrugna...
EUVD-2001-1102
Malware in sbrugna...
DEBIAN-CVE-2025-11277
A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit...
CVE-2025-39934
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpcclient device,...
EUVD-2025-6857
Malicious code in bioql PyPI...
EUVD-2025-5870
Malicious code in bioql PyPI...
EUVD-2025-4808
Malicious code in bioql PyPI...
EUVD-2024-53482
Malicious code in bioql PyPI...
EUVD-2023-43262
Malicious code in bioql PyPI...