phpMyFAQ has unauthenticated config backup download via /api/setup/backup

Summary An unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files e.g., database.php with database credentials, leading to...

GHSA-9CG9-4H4F-J6FG phpMyFAQ has unauthenticated config backup download via /api/setup/backup

Summary An unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files e.g., database.php with database credentials, leading to...

EUVD-2025-205783

Pterodactyl has a Reflected XSS vulnerability in “Create New Database Host”...

Cross-site Scripting (XSS)

Overview pterodactyl/panel is a game management panel. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Host field when creating a new database host. An attacker can execute arbitrary JavaScript in the context of an administrative user's browser by submitting a...

GHSA-MGR9-6C2J-JXRQ Pterodactyl has a Reflected XSS vulnerability in “Create New Database Host”

!NOTE Message from the Pterodactyl team: The Pterodactyl team has evaluated this as a minor security issue but does not consider it something that should be assigned a CVE, nor does it require active patching by vulnerable systems. This issue is entirely self-inflicted and requires an...

Pterodactyl has a Reflected XSS vulnerability in “Create New Database Host”

!NOTE Message from the Pterodactyl team: The Pterodactyl team has evaluated this as a minor security issue but does not consider it something that should be assigned a CVE, nor does it require active patching by vulnerable systems. This issue is entirely self-inflicted and requires an...

CVE-2025-15185

A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the argument a causes sql injection. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2025-15243 code-projects Simple Stock System login.php sql injection

A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...

EUVD-2025-205763

A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2025-15243 code-projects Simple Stock System login.php sql injection

A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2025-15243

CVE-2025-15243 affects Simple Stock System 1.0 via /market/login.php where manipulating the Username parameter enables SQL injection. Remote exploitation is possible and exploits have been published. Multiple sources describe the vulnerability and its potential impact on confidentiality, integrit...

EUVD-2025-205700

A security vulnerability has been detected in CloudPanel Community Edition up to 2.5.1. The affected element is an unknown function of the file /admin/users of the component HTTP Header Handler. Such manipulation of the argument Referer leads to open redirect. It is possible to launch the attack...

CVE-2025-15212

A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploitation of the attack is possible. The exploit is now public...

EUVD-2025-205665

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationalitynid leads to sql injection. The attack may be launched remotely. Th...

CVE-2025-15210

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationalitynid leads to sql injection. The attack may be launched remotely. Th...

EUVD-2025-205675

A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationalitynid can lead to sql injection. The attack can be executed remotely. The...

CVE-2025-15211

CVE-2025-15211 affects Code-Projects’ Refugee Food Management System 1.0. A SQL injection vulnerability exists in the file /home/refugee.php caused by manipulating input arguments (refNo, Fname, Lname, sex, age, contact, nationality_nid) passed to an unknown function. The issue is exploitable rem...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper lock handling, which can lead to deadlocks...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from improper transaction handling that could lead to a reference count underflow...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an interrupt not being released before device removal, which could result in a null pointer dereference...