CVE-2025-5717

An authenticated remote code execution RCE vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploying a Siddhi execution plan containing...

CVE-2025-8282

The SureForms WordPress plugin before 1.9.1 does not sanitise and escape some parameters when outputing them in the page, which could allow admin and above users to perform Cross-Site Scripting attacks...

CVE-2025-10817

A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/adminuser.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be launched remotely. The exploit has been made...

CVE-2025-10817 Campcodes Online Learning Management System admin_user.php sql injection

A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/adminuser.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be launched remotely. The exploit has been made...

CVE-2025-10817 Campcodes Online Learning Management System admin_user.php sql injection

A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/adminuser.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be launched remotely. The exploit has been made...

CVE-2025-10817

CVE-2025-10817 affects Campcodes Online Learning Management System 1.0. The vulnerability is a SQL injection in the /admin/admin_user.php file caused by manipulating the firstname parameter. The issue can be exploited remotely and the exploit is publicly available. Multiple connected sources conf...

PT-2025-39084

Name of the Vulnerable Software and Affected Versions Campcodes Online Learning Management System version 1.0 Description A weakness exists in Campcodes Online Learning Management System. Manipulation of the firstname argument in the /admin/admin user.php file can lead to SQL injection. The attac...

PT-2025-37450

Name of the Vulnerable Software and Affected Versions: SourceCodester Pet Grooming Management Software version 1.0 Description: A weakness exists in SourceCodester Pet Grooming Management Software that allows for unrestricted file upload. The issue impacts an unknown function within the...

Exploit for Unprotected Alternate Channel in Crushftp

CVE-2025-54309 - CrushFTP Affected Versions - 10.8.5 -...

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-31161 - CrushFTP Authentication Bypass Exploit PoC...

Linux Distros Unpatched Vulnerability : CVE-2016-4807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user admin...

Linux Distros Unpatched Vulnerability : CVE-2022-26310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module coul...

CVE-2025-52915

K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

CVE-2025-42922 Insecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service)

SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system...

CVE-2025-42922 Insecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service)

SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system...

CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...

Fides' Admin UI User Password Change Does Not Invalidate Current Session

Summary Admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS can maintain access even after password reset. This issue is not directly...

Exploit for Unprotected Alternate Channel in Crushftp

CVE-2025-54309Enhancedexploit This is a enhanced version o...

CVE-2025-6519

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

CVE-2025-57151

phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting XSS in admin/userprofile.php via the fullname parameter...