PT-2025-47799

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim...

CVE-2025-64660

Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network...

USN-7878-1 cups-filters vulnerabilities

It was discovered that cups-filters incorrectly handled certain malformed TIFF image files. A remote attacker could use this issue to cause cups-filters to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,...

CVE-2025-13469 Public Knowledge Project omp/ojs Payment Instructions Setting paymentForm.tpl cross site scripting

A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the argument...

CVE-2025-13469

CVE-2025-13469 affects Public Knowledge Project platforms PKP OJS/OMP/Ops (versions 3.3.0/3.4.0/3.5.0) where an attacker can trigger a cross-site scripting (XSS) by manipulating the argument manualInstructions in the file plugins/paymethod/manual/templates/paymentForm.tpl under the Payment Instru...

python-kdcproxy: Remote DoS via unbounded TCP upstream buffering

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

CVE-2025-13449

The CVE-2025-13449 entry concerns code-projects Online Shop Project 1.0. The vulnerability arises from improper handling of the Password parameter in the login.php processing, resulting in a SQL injection risk. Multiple connected sources (Red Hat, NVD, CVE lists, vulnerability enrichment) confirm...

Hush Framework 安全漏洞

Hush Framework is a web application framework by the individual developer of james.huang. A security vulnerability exists in Hush Framework version 2.0, which stems from improperly neutralized HTTP host headers and could lead to remote attacks...

TencentOS Server 4: clamav (TSSA-2025:0012)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0012 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Ubuntu: Security Advisory (USN-7872-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-13343

A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-13226

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2025-13224

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-13300

A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2025-13290

A vulnerability has been found in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /saveorder.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...

CVE-2025-13347

A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=saveuser. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been published...

CVE-2025-13275

A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of the file /admin/about.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has be...

CVE-2025-41733 Possible malfunction credential injection

The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials...

CVE-2025-13259

A flaw has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /manufacturer/editunit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

DEBIAN-CVE-2025-13227

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...