CVE-2026-7498 Stored XSS in Basamak Informatics' DernekWeb

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS. This issue affects DernekWeb: through 30122025...

CVE-2025-13004 IDOR in Farktor Software's E-Commerce Package

Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables.This issue affects E-Commerce Package: through 27112025...

CVE-2025-10913 XSS in saastech.io's TemizlikYolda

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting XSS.This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this...

CVE-2025-10913

CVE-2025-10913 describes an XSS in TemizlikYolda (Saastech Cleaning and Internet Services Inc.) caused by improper neutralization of input during web page generation. Affected through 11022026; CVSS 3.1 base score 8.3 (HIGH) with Network attack vector, low privileges required, user interaction no...

CVE-2025-11242

Server-Side Request Forgery SSRF vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: through 21102025...

CVE-2025-10463 Improper Authentication in Birtech Information Technologies' Sensaway

Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse.This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the...

CVE-2025-10463 Improper Authentication in Birtech Information Technologies' Sensaway

Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse.This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the...

CVE-2025-7799

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Zirve Information Technologies Inc. E-Taxpayer Accounting Website allows Reflected XSS.This issue affects e-Taxpayer Accounting Website: through 07082025...

PT-2026-7112

Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not...

PT-2026-7110

Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

CVE-2025-8589

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AKCE Software Technology R Industry and Trade Inc. SKSPro allows Reflected XSS.This issue affects SKSPro: through 07012026...

CVE-2025-5319

CVE-2025-5319 affects Emit Informatics’ DIGITA Efficiency Management System (DIGITA EMS). Multiple connected sources describe an improper neutralization of special elements in SQL commands (SQL injection) as the root cause, with the DIGITA EMS affected through 03022026. The NVD/Red Hat records co...

EUVD-2025-206743

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Reflected XSS.This issue affects SKSPro: through 07012026...

EUVD-2025-206600

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026...

CVE-2025-8587

The CVE-2025-8587 entry describes an SQL Injection vulnerability in SKSPro from AKCE Software Technology R&D Industry and Trade Inc. The issue arises from improper neutralization of special elements in SQL commands, affecting SKSPro versions up to 07012026. Multiple feeds (Red Hat, NVD, CVE list,...

CVE-2025-7014

Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

CVE-2025-7013

Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

CVE-2025-10856

Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection.This issue affects Teknoera: through 01102025...

CVE-2025-10856

Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection.This issue affects Teknoera: through 01102025...

CVE-2025-13296 CSRF in Tekrom Technology's T-Soft E-Commerce

Cross-Site Request Forgery CSRF vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery.This issue affects T-Soft E-Commerce: through 28112025...