WordPress RepairBuddy plugin <= 4.1116 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Signature Upload to Orders vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Signature Upload to Orders vulnerability discovered by Teerachai Somprasong in WordPress Plugin RepairBuddy versions = 4.1116...

PT-2025-45600

A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orders.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-52040

In Frappe ERPNext 15.57.5, the function get_blanket_orders() in erpnext/controllers/queries.py is vulnerable to SQL Injection via the blanket_order_type parameter due to unvalidated inputs, enabling an attacker to extract information from databases. The public documents do not provide exploitatio...

Hydrogen Krypton Travel App for Android suffers from an override access vulnerability

Hydrogen Krypton Travel APP is a comprehensive service platform in the field of new energy vehicles. The vulnerability exists in "My Wallet" and "My Orders" in the Android version of Hydrogen Krypton Mobility APP, which allows an attacker to view any user's details by using their cell phone numbe...