CVE-2025-33205

NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution...

CVE-2025-13546

A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument userquery results in sql injection. The attack can be...

CVE-2025-13545

A security vulnerability has been detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an unknown functionality of the file /adminarea/index.php. The manipulation of the argument editpack leads to sql injection. The attack can be...

Travel Agency 代码问题漏洞

Travel Agency is a travel management website by Ashraf Kabir, an individual developer. Travel Agency has a code issue vulnerability that stems from the presence of unknown functionality in the file /customerregister.php, which could lead to unlimited uploads...

Inclusion of Web Functionality from an Untrusted Source

Overview github.com/mindersec/minder/internal/datasources/rest is an implementation of a REST data source Affected versions of this package are vulnerable to Inclusion of Web Functionality from an Untrusted Source via the http.send function in Rego programs. A user can access internal network...

CVE-2025-65032 Rallly Has an IDOR Vulnerability in Participant Rename Function Allows Unauthorized Modification of Other Users’ Names

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability allows any authenticated user to change the display names of other participants in polls without being an admin or the poll owner. By manipulating the...

CVE-2025-64408 Apache Causeway: Java deserialization vulnerability to authenticated attackers

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...

CVE-2025-13303

A vulnerability was determined in code-projects Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /search-edit.php. This manipulation of the argument Consignment causes sql injection. The attack can be initiated remotely. The exploit has been publicly...

CVE-2025-13238

CVE-2025-13238 affects Bdtask Flight Booking Software 4. The Edit Profile Page component (/agent/profile/edit) is susceptible to manipulation that enables unrestricted file uploads. The flaw can be exploited remotely and has publicly available exploit materials. Multiple sources corroborate the i...

EUVD-2025-197702

A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes exposure of information through directory listing. The attack is possible to be carried out remotely. The exploit has been publicly...

CVE-2025-13201

A vulnerability was identified in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /login.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit is publicly availab...

PT-2025-46814

Name of the Vulnerable Software and Affected Versions Booking Calendar versions through 10.14.7 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting issue. This allows for Stored XSS attacks. The affected...

EUVD-2025-84341

Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse.This issue affects Excavation...

EUVD-2025-84351

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This iss...

MAL-2025-114361 Malicious code in good_hoverfly_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8034761b048d9586dae76032a9fd506872ea13b72fd7289b831b1a021fb746e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-11959

Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse. This issue affects Excavation...

CVE-2025-11959 Improper Access Control in Premierturk's Excavation Management Information System

Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse. This issue affects Excavation...

CVE-2025-11959 Improper Access Control in Premierturk's Excavation Management Information System

Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse. This issue affects Excavation...

CVE-2025-11959

The CVE-2025-11959 entry concerns Premierturk Information Technologies Inc. Excavation Management Information System prior to version 10.2025.01, with a vulnerability described as improper access control that allows files or directories to be accessible to external parties and could lead to expos...

CVE-2025-10161

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass. This...