EUVD-2025-28389

Malicious code in bioql PyPI...

EUVD-2025-26428

Malicious code in bioql PyPI...

Sendit tricked kids, harvested their data, and faked messages, FTC claims

The Federal Trade Commission FTC has sued Sendit’s parent company, saying it signed up children under 13, collected their personal data, and misled them with fake messages and recurring bills. The lawsuit, filed against the app's owner Iconic Hearts Holdings Inc and CEO Hunter Rice, alleges the...

CVE-2025-11113

A vulnerability was detected in CodeAstro Online Leave Application 1.0. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. Other parameters...

CVE-2025-11113

A vulnerability was detected in CodeAstro Online Leave Application 1.0. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. Other parameters...

CVE-2025-11113

A vulnerability was detected in CodeAstro Online Leave Application 1.0. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. Other parameters...

CVE-2025-11113

CVE-2025-11113 affects CodeAstro Online Leave Application 1.0. The vulnerability is in /signup.php, where manipulating the city parameter results in SQL injection. The attack can be performed remotely and public exploits are known. Other parameters may also be affected. Several connected sources ...

CVE-2025-11113 CodeAstro Online Leave Application signup.php sql injection

A vulnerability was detected in CodeAstro Online Leave Application 1.0. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. Other parameters...

CVE-2025-11113 CodeAstro Online Leave Application signup.php sql injection

A vulnerability was detected in CodeAstro Online Leave Application 1.0. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. Other parameters...

CVE-2025-9887 Custom Login And Signup Widget <= 1.0 - Cross-Site Request Forgery

The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in the /frndzkadminclsw.php file. This makes it possible for unauthenticated attackers to change the...

CVE-2025-9887

CVE-2025-9887 concerns the WordPress plugin Custom Login And Signup Widget . The vulnerability is a Cross-Site Request Forgery in all versions up to 1.0 caused by missing or incorrect nonce validation in the file /frndzk_adminclsw.php. This allows unauthenticated attackers to change email and use...

WordPress Custom Login And Signup Widget plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by sk4r1 in WordPress Plugin Custom Login And Signup Widget versions = 1.0...

WordPress plugin Custom Login And Signup Widget 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an...

CVE-2025-9829

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /signup.php. The manipulation of the argument mobilenumber leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly...

Beauty Parlour Management System signup.php File SQL Injection Vulnerability

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally-entered SQL statements in t...

CVE-2025-9786

A vulnerability was found in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /teachersignup.php. Performing manipulation of the argument firstname results in sql injection. The attack can be initiated remotely. The exploit has been made public and coul...

CVE-2025-9763

A vulnerability was detected in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /studentsignup.php. The manipulation of the argument Username results in sql injection. The attack can be launched remotely. The exploit is now public and may be...

CVE-2025-9759

A security flaw has been discovered in Campcodes/SourceCodester Courier Management System 1.0. Affected by this issue is the function Signup of the file /ajax.php. Performing manipulation of the argument lastname results in sql injection. It is possible to initiate the attack remotely. The exploi...

CVE-2025-9829

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /signup.php. The manipulation of the argument mobilenumber leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly...

CVE-2025-9829

The CVE-2025-9829 entry affects PHPGurukul Beauty Parlour Management System 1.1. The vulnerability is in signup.php where the mobilenumber parameter can be manipulated to perform SQL injection, enabling remote exploitation. Public exploits exist. Other parameters may also be affected. According t...