CVE-2025-59832

Horilla HRMS prior to version 1.4.0 contains a stored XSS in the ticket comment editor. A low-privilege authenticated user can inject arbitrary JavaScript that runs in an admin’s browser, potentially exfiltrating cookies/CSRF tokens and hijacking the admin session. The issue has been fixed in ver...

Hostel Management System mod_comments/index.php File SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /justines/admin/modcomments/index.php. An attacker can use this...

PT-2025-39398

Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.4.0 Description Horilla is a Human Resource Management System HRMS. A stored cross-site scripting XSS issue exists in the ticket comment editor for versions prior to 1.4.0. An authenticated user with limited...

CVE-2025-60249

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...

CVE-2025-60249

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...

CVE-2025-60249

CVE-2025-60249 affects vulnerability-lookup 2.16.0 and enables XSS via Bundles, Comments, and Sightings components (bundle.py, comment.py, user.py). The root cause is unsafe handling of user-supplied input, with untrusted data rendered in templates/tables due to innerHTML usage and insufficient v...

CVE-2025-10811

A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/modcomments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2025-10811

A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/modcomments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2025-10811

A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/modcomments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2025-10811 code-projects Hostel Management System index.php sql injection

A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/modcomments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2025-10811

CVE-2025-10811 concerns code-projects Hostel Management System 1.0. The vulnerability is a SQL injection in the parameter ID of the file /justines/admin/mod_comments/index.php?view=view, caused by lack of input validation. Attacks could be executed remotely and data theft is possible; exploitatio...

PT-2025-39064

Name of the Vulnerable Software and Affected Versions code-projects Hostel Management System version 1.0 Description A flaw exists in code-projects Hostel Management System 1.0 that allows for SQL injection. Manipulation of the ID argument in the file '/justines/admin/mod...

Code-Projects Hostel Management System SQL注入漏洞

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /justines/admin/modcomments/index.php. An attacker can use this...

CLSA-2025-1758293394 postgresql: Fix of 2 CVEs

CVE-2025-8714: prevent execution of unsafe meta-commands in plain-text dumps pgdump/pgrestore/pgdumpall, psql restricted mode - CVE-2025-8715: sanitize newlines in object names to avoid unsafe SQL comments in dumps...

[SECURITY] Fedora 43 Update: exiv2-0.28.6-2.fc43

A command line utility to access image metadata, allowing one to: print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag print the Iptc metadata of Jpeg images print the Jpeg comment of Jpeg images set, add and delete Exif and Iptc metadata of...

GitLab CE和EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability in GitLab CE and EE versions 15.1 through before 18.1.6, 18.2...

CVE-2025-58759

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...

Linux Distros Unpatched Vulnerability : CVE-2024-23792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user ...

Improper Input Validation

Overview datahihi1/tiny-env is a simple environment variable loader for PHP applications Affected versions of this package are vulnerable to Improper Input Validation in the parsing of environment variable values. An attacker can cause applications to process unintended characters or comment text...

GHSA-72CM-7236-H43R TinyEnv: Inline comments not stripped properly in .env values

Impact TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text. Applications depending on strict environment values may expose logic errors, insecure...