CVE-2025-4488

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deletepackage. The manipulation of the argument ID leads to sql injection. The attack can be launched...

CVE-2025-4470 SourceCodester Online Student Clearance System add-student.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Online Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-student.php. The manipulation of the argument Fullname leads to cross site scripting. The attack can be...

CVE-2025-4470

CVE-2025-4470 affects SourceCodester Online Student Clearance System 1.0, where the vulnerability is in the file /admin/add-student.php. The manipulation of the Fullname parameter enables cross-site scripting (XSS). Exploitation can be performed remotely, and public exploitation has been disclose...

CVE-2025-4464

A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=saveplan. The manipulation of the argument plan leads to sql injection. The attack can be launched remotely...

Exploit for Missing Authorization in Oliverpos Oliver_Pos

Oliver POS – A WooCommerce Point of Sale POS = 2.4.2.3 - Se...

CVE-2025-47417

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible...

CVE-2025-47457 WordPress LocateAndFilter plugin <= 1.6.16 - Broken Access Control Vulnerability

Missing Authorization vulnerability in dgamoni LocateAndFilter locateandfilter allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LocateAndFilter: from n/a through = 1.6.16...

PT-2025-20021 · Rt · Rt-Labs P-Net

Name of the Vulnerable Software and Affected Versions: RT-Labs P-Net versions 1.0.1 and earlier Description: A heap-based buffer overflow in RT-Labs P-Net allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet. Recommendations: For RT-Labs P-Net...

CVE-2025-47417

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible...

CVE-2025-47418

CVE-2025-47418 concerns Crestron Automate VX with versions 5.6.8161.21536–6.4.0.49. The issue is Exposure of Sensitive Information to an Unauthorized Actor, arising from a remote web API that enables recording functionality without visible indication. Remote recording can be enabled via a network...

CVE-2025-47418 Recording

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. There is no visible indication when the system is recording and recording can be enabled remotely via a network API. This issue affects Automate VX: from 5.6.8161.21536...

CVE-2025-47417 Enable Debug Images

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible...

CVE-2025-47417

Summary: CVE-2025-47417 affects Crestron Automate VX. Versions 5.6.8161.21536 through 6.4.0.49 expose snapshots of captured video when the Enable Debug Images feature is active, stored locally without a visible indicator. This is a data-exposure vulnerability enabling potential information disclo...

CVE-2025-47417 Enable Debug Images

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible...

CVE-2025-4301

A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21968)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21968 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after- fre...

PT-2025-19926 · Unknown · Sourcecodester Online Student Clearance System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Student Clearance System version 1.0 Description: A critical issue was found in the /Admin/login.php file, affecting unknown code. The manipulation of the username and password arguments leads to SQL injection. The attac...

CBL Mariner 2.0 Security Update: kernel (CVE-2025-22035)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22035 advisory. - In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in...

GHSA-X39X-9QW5-GHRF Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL

Summary During a manual source code review, ARIMLABS.AI researchers identified that the browseruse module includes an embedded whitelist functionality to restrict URLs that can be visited. This restriction is enforced during agent initialization. However, it was discovered that these measures can...

PT-2025-19725 · Osticket · Osticket

Name of the Vulnerable Software and Affected Versions: osTicket versions 1.17.5 and earlier Description: A SQL injection issue exists in the Search functionality of the tickets.php page, allowing authenticated attackers to execute arbitrary SQL commands. This is achieved via a combination of the...