PT-2025-26560 · Unknown · Simple Pizza Ordering System

Name of the Vulnerable Software and Affected Versions: Simple Pizza Ordering System version 1.0 Description: A critical issue was found in the Simple Pizza Ordering System, affecting an unknown function of the file /edituser-exec.php. The manipulation of the userid argument leads to SQL injection...

CVE-2025-3629 IBM InfoSphere Information Server file manipulation

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management...

CVE-2025-3629 IBM InfoSphere Information Server file manipulation

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management...

CVE-2025-3629

CVE-2025-3629 affects IBM InfoSphere Information Server versions 11.7.0.0–11.7.1.6. The root cause is improper ownership management, enabling an authenticated user to delete another user’s comments (impacting integrity). CVSS v3.1 base score 4.3 (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A...

PT-2025-26499 · Code Projects · School Fees Payment System

Name of the Vulnerable Software and Affected Versions: code-projects School Fees Payment System version 1.0 Description: A critical issue affects the processing of the file /student.php in the School Fees Payment System. The manipulation of the ID argument leads to SQL injection. This issue can b...

PT-2025-26526 · Unknown · Campcodes Online Recruitment Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Recruitment Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown functionality of the file /admin/ajax.php?action=save settings, specifically the About Content Page...

CVE-2025-6307

A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /function/editcustomer.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit...

CVE-2025-6285

A vulnerability was found in PHPGurukul COVID19 Testing Management System 2021. It has been rated as problematic. This issue affects some unknown processing of the file /search-report-result.php. The manipulation of the argument q leads to cross site scripting. The attack may be initiated remotel...

CVE-2025-6281

A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used...

Upsonic is vulnerable to Path Traversal attack through its os.path.join function

A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used...

CVE-2025-6278

A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used...

[ASA-202506-8] erlang: arbitrary file overwrite

Arch Linux Security Advisory ASA-202506-8 ========================================= Severity: Medium Date : 2025-06-19 CVE-ID : CVE-2025-4748 Package : erlang Type : arbitrary file overwrite Remote : No Link : https://security.archlinux.org/AVG-2900 Summary ======= The package erlang before versi...

CVE-2025-6134

A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /insertClient.php. The manipulation of the argument clientid leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2025-3594

Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to 1 add files to arbitrary locations on the server and 2 download and...

CVE-2025-4748

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...

Erlang/OTP 17.0 < 26.2.5.13 / 27.0 < 27.3.4.1 / 28.0 < 28.0.1 Path Traversal (CVE-2025-4748)

The version of Erlang/OTP installed on the remote host is 17.0 prior to 26.2.5.13, 27.0 prior to 27.3.4.1, or 28.0 prior to 28.0.1. It is, therefore, affected by an path traversal vulnerability: - Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang...

CVE-2025-6157

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registered-user-testing.php. The manipulation of the argument testtype leads to sql injection. The attack may be...

GHSA-P73J-GPCQ-49H8 Liferay Portal path traversal vulnerability with the downloading and installation of Xuggler

Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to 1 add files to arbitrary locations on the server and 2 download and...

CVE-2025-3594

Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to 1 add files to arbitrary locations on the server and 2 download and...

CVE-2025-3594

Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to 1 add files to arbitrary locations on the server and 2 download and...