PT-2025-35825

Name of the Vulnerable Software and Affected Versions: projectworlds Travel Management System version 1.0 Description: A vulnerability exists in projectworlds Travel Management System 1.0, affecting unknown code within the /enquiry.php file. The manipulation of the t2 argument can lead to a SQL...

MAL-2025-17248 Malicious code in code-file-decompress-decompress-byte (npm)

The package code-file-decompress-decompress-byte was found to contain malicious code...

Malicious code in code-file-decompress-decompress-byte (npm)

The package code-file-decompress-decompress-byte was found to contain malicious code...

CVE-2025-8734

A flaw was found in bison. The codefree function in src/scan-code.c is susceptible to a double-free condition due to improper memory management, allowing a local attacker to trigger a memory corruption issue. This manipulation occurs when processing specially crafted input, resulting in a potenti...

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion via the handleactiondollar function in scan-code.l. An attacker can cause a reachable assertion failure by providing crafted input to this function, potentially leading to a denial of service on the local system...

UBUNTU-CVE-2025-8734

A vulnerability has been found in GNU Bison up to 3.8.2. This impacts the function codefree of the file src/scan-code.c. The manipulation leads to double free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The actual existence of this...

CVE-2025-8734

GNU Bison up to 3.8.2 contains a vulnerability in function code_free (src/scan-code.c) that can cause a double free. Exploitation appears to be locally actionable; the exploit has been disclosed, but the actual existence of this issue is disputed as reproductions from a GNU Bison 3.8.2 tarball in...

CVE-2025-8734

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison...

CVE-2025-8734

Removed by vendor...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the SplitRTR function in the rtr.go file, which allows access to data without checking the input length. An attacker can cause a denial of service by sending specially crafted input. Remediation Upgrade...

CVE-2025-7128

A vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=calculatepayroll. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploi...

CVE-2025-49490

Resource leak vulnerability in ASR180x in router allows Resource Leak Exposure. This vulnerability is associated with program files router/sms/sms.c. This issue affects FalconLinux、Kestrel、LapwingLinux: before v1536...

CVE-2025-6312

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/cashtransaction.php. The manipulation of the argument cid leads to sql injection. The attack can be initiated remotely. The exploit has...

PT-2025-20135 · Unknown · Fullworks Display Eventbrite Events

Name of the Vulnerable Software and Affected Versions: fullworks Display Eventbrite Events affected versions not specified Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. Th...

CVE-2025-3171

A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. This vulnerability affects unknown code of the file /approvelawyer.php. The manipulation of the argument unblockid leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2025-2385

A vulnerability has been found in code-projects Modern Bag 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument userEmail/userPassword leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-1957

A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /BBfile/Blood/o+.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack can be initiated remotely. The exploit has bee...

CVE-2025-1226

A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

PT-2025-32389 · Gnu +1 · Gnu Bison +1

Name of the Vulnerable Software and Affected Versions: GNU Bison versions through 3.8.2 Description: A problematic vulnerability has been found in GNU Bison. The issue affects the code free function within the src/scan-code.c file, leading to a double free condition. The attack requires local...

CVE-2024-12935

A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...