CVE-2025-69120

Unauthenticated Local File Inclusion in Dazzle = 1.0.0 versions...

CVE-2025-69131

Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

CodeAstro Leave Management System 注入漏洞

The CodeAstro Leave Management System is a vacation management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Leave Management System has a SQL injection vulnerability. This vulnerability stems from the handling of the leavetype parameter in the file /admin/deleteleavetype.php,...

SourceCodester Class and Exam Timetabling System 注入漏洞

SourceCodester Class and Exam Timetabling System is an open-source classroom and exam scheduling system developed by SourceCodester. Version 1.0 of the SourceCodester Class and Exam Timetabling System has a SQL injection vulnerability, which arises from incorrect handling of the parameter "sy" in...

itsourcecode Fees Management System 代码注入漏洞

itsourcecode Fees Management System is an open-source charging management system developed by itsourcecode. Versions of itsourcecode Fees Management System 1.0 and earlier had a code injection vulnerability. This vulnerability stemmed from the operation of unknown functions in the /navbar.php fil...

CVE-2026-45729

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

CVE-2026-10252

A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /managetenant.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

CodeAstro Online Job Portal SQL注入漏洞

CodeAstro Online Job Portal is an online job portal operated by CodeAstro Corporation. Version 1.0 of CodeAstro Online Job Portal has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file/users/applicationstatus.php, which may lead to SQL...

WordPress hk_shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin hkshortcode versions = 1.0...

CVE-2025-36221 Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

KLiK SocialMediaWebsite 安全漏洞

KLiK SocialMediaWebsite is a simple PHP-based social media website by the individual developer Muhammad Saad. A security vulnerability exists in KLiK SocialMediaWebsite version 1.0, which originates in the HTTP POST Request Parameter Handler component and could lead to injection...

SourceCodester Indian Invoicing System 访问控制错误漏洞

SourceCodester Indian Invoicing System is a SourceCodester open source Indian invoicing system. An Access Control Error vulnerability exists in SourceCodester Indian Invoicing System version 1.0, which stems from improper access control of the Backend Endpoint component...

CVE-2026-45036

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

NPM: parse-nested-form-data has Prototype Pollution via `__proto__` in FormData field names

NPM: parse-nested-form-data has Prototype Pollution via proto in FormData field names vulnerability discovered by ? in WordPress Npm parse-nested-form-data versions = 1.0.0...

[SECURITY] Fedora 42 Update: nginx-mod-brotli-1.0.0~rc-9.fc42

NGINX module for Brotli compression...

PT-2026-39962

The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is due to a missing capability check on a REST API endpoint registered with a permission callback of ' return true', which bypasses...

Astra Linux – Vulnerability in rabbitMQ-server

Versions of RabbitMQ prior to 3.8.16 are vulnerable to a denial-of-service vulnerability due to improper input validation in the AMQP 1.0 client connection endpoint. A malicious user can exploit this vulnerability by sending malicious AMQP messages to the target RabbitMQ instance where the AMQP 1...

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from improper handling of the parameter fname in the file /addnewfaculty, which may lead to SQL injection...

EUVD-2025-209444

A SQL injection vulnerability exists in the School Management System version 1.0 by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information...

PT-2026-32657

A SQL injection vulnerability exists in the School Management System version 1.0 by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information...