CVE-2025-14090

A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmakedown.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch. The vulnerability in question is CVE-2025-9491 CVSS score: 7.8/7.0, which has been describ...

CVE-2025-60736

code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter...

PT-2025-48679

Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi' and then uses it as an index in the 'FilesDownload' array with '&FilesDownloadiVar2'. If the parameter is too large, it will access memory beyond...

EUVD-2025-200021

A use-after-free in the ADTSAudioFileSource::samplingFrequency function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted ADTS/AAC file...

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiali...

CVE-2025-65202

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "nextfile," which allows an attacker to execute arbitrary commands with root privileges...

CVE-2025-13575 code-projects Blog Site Category blog.php category_exists sql injection

A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function categoryexists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field leads to sql injection. The attack may be performed from...

GHSA-G6XH-WRPF-V6J6 phppgadmin contains a SQL injection vulnerability

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

CVE-2025-13450

A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown function of the file /shop/register.php. This manipulation of the argument fname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed an...

CVE-2025-10703

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

CVE-2025-11446

Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.2.0 before 5.2.12...

CVE-2025-11446

CVE-2025-11446 affects upKeeper Manager 5.2.0–5.2.11 (pre-5.2.12). The issue is Insertion of Sensitive Information into Log File, enabling use of Known Domain Credentials. Impact is Confidentiality HIGH; Exploit details are not provided in the documents. Remediation: upgrade to 5.2.12 or later (p...

PT-2025-47499

Name of the Vulnerable Software and Affected Versions ELCA Star Transmitter Remote Control firmware version 1.25 Description The ELCA Star Transmitter Remote Control firmware version 1.25 has an issue that allows unauthenticated attackers to retrieve admin credentials and system settings. This is...

CVE-2025-13276

A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The...

EUVD-2025-197780

A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The...

PT-2025-47138

Name of the Vulnerable Software and Affected Versions g33kyrash Online-Banking-System affected versions not specified Description A SQL injection issue exists due to the manipulation of the Username argument. The issue affects unknown code within the /index.php file and is remotely exploitable. T...

PT-2025-47137

Name of the Vulnerable Software and Affected Versions Iqbolshoh php-business-website affected versions not specified Description A security issue exists that allows for unrestricted file upload. The issue affects an unknown part of the /admin/about.php file and can be initiated remotely. The...

CVE-2025-13201

A vulnerability was identified in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /login.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit is publicly availab...

CVE-2025-13203 code-projects Simple Cafe Ordering System addmem.php sql injection

A weakness has been identified in code-projects Simple Cafe Ordering System 1.0. This vulnerability affects unknown code of the file /addmem.php. Executing manipulation of the argument studentnum can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...