PT-2025-39823

Name of the Vulnerable Software and Affected Versions Chef Automate versions prior to 4.13.295 Description Chef Automate versions earlier than 4.13.295 on Linux x86 are susceptible to a condition where an authenticated attacker can access restricted functionality. This is due to improperly...

CVE-2025-11079

A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this issue is some unknown functionality. The manipulation results in file and directory information exposure. The attack may be performed from remote. The exploit has been released to the public and may be...

CVE-2025-60129

Missing Authorization vulnerability in Yext Yext yext allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Yext: from n/a through = 1.1.3...

PT-2025-39707

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.10 Description A security issue exists in Portabilis i-Educar up to version 2.10 related to improper authorization. The issue is associated with an unknown functionality within the /unificacao-aluno file...

CVE-2025-11048

A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly...

CVE-2025-10973

A flaw has been found in JackieDYH Resume-management-system up to fb6b857d852dd796e748ce30c606fe5e61c18273. Affected by this issue is some unknown functionality of the file /admin/show.php. This manipulation of the argument userid causes sql injection. The attack may be initiated remotely. The...

CVE-2025-60130 WordPress WEDOS Global Plugin <= 1.2.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in wedos.com WEDOS Global wgpwpp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WEDOS Global: from n/a through = 1.2.2...

CVE-2025-10995 Open Babel zipstreamimpl.h underflow memory corruption

A security vulnerability has been detected in Open Babel up to 3.1.1. This vulnerability affects the function zlibstream::basicunzipstreambuf::underflow in the library /src/zipstreamimpl.h. Such manipulation leads to memory corruption. Local access is required to approach this attack. The exploit...

CVE-2025-10987

A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...

CVE-2025-57907

Missing Authorization vulnerability in Heureka Group Heureka heureka allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Heureka: from n/a through = 1.1.0...

WordPress Houzez Theme - Functionality Plugin <= 4.1.2 - Broken Access Control Vulnerability

WordPress Houzez Theme - Functionality Plugin = 4.1.2 - Broken Access Control Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Houzez Theme - Functionality versions = 4.1.2...

WordPress Houzez Theme - Functionality Plugin <= 4.1.2 - Arbitrary File Download Vulnerability

WordPress Houzez Theme - Functionality Plugin = 4.1.2 - Arbitrary File Download Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Houzez Theme - Functionality versions = 4.1.2...

CVE-2025-10857

A security flaw has been discovered in Campcodes Point of Sale System POS 1.0. Affected by this issue is some unknown functionality of the file /login.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2025-10837

A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /ordersimple/order.php. The manipulation of the argument ID leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-58029

Missing Authorization vulnerability in Sumit Singh Classic Widgets with Block-based Widgets classic-widgets-with-block-based-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Classic Widgets with Block-based Widgets: from n/a through = 1.0.1...

CVE-2025-57432

Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and possibly altering device functionality. No credentials or authentication...

Multiple vulnerabilities in I-O DATA wireless LAN routers

Overview Wireless LAN routers provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2025-55075 OS command injection CWE-78 - CVE-2025-58116 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinat...

CVE-2025-55075

Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker...

CVE-2025-10618 itsourcecode Online Clinic Management System transact.php sql injection

A security vulnerability has been detected in itsourcecode Online Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file transact.php. Such manipulation of the argument firstname leads to sql injection. The attack may be launched remotely. The exploit has...

CVE-2025-55075

Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker...