Lucene search
K

6891 matches found

vulnersOsv
vulnersOsv
added 2025/11/27 11:15 a.m.8 views

pretix-tracking-scripts (>=1.0.0 <=1.0.1) potentially affected by CVE-2025-13742 via pretix (=2024.11.0)

pretix PYPI version =2024.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on pretix and may be impacted: - pretix-tracking-scripts =1.0.0, =1.0.1 Source cves: CVE-2025-13742 Source advisory: OSV:PYSEC-2025-154...

6.1CVSS5.8AI score0.00155EPSS
Exploits0
CNVD
CNVD
added 2025/11/27 12:0 a.m.3 views

Online Shopping Portal Insecure Direct Object Reference Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from an insecure direct object reference vulnerability, which stems from the order tracking functionality not properly implementing an access control mechanism that directly references data sent from the client as an object...

4.3CVSS6.7AI score0.00214EPSS
Exploits1References1
OSV
OSV
added 2025/11/25 8:16 p.m.6 views

CVE-2025-65647

Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...

4.3CVSS5.8AI score0.00214EPSS
Exploits1References2
Wired Threat Level
Wired Threat Level
added 2025/11/25 7:54 p.m.10 views

ICE Offers Up to $280 Million to Immigrant-Tracking ‘Bounty Hunter’ Firms

Immigration and Customs Enforcement lifted a $180 million cap on a proposed immigrant-tracking program while guaranteeing multimillion-dollar payouts for private surveillance firms...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/25 6:2 a.m.12 views

CVE-2025-13585

A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

9.8CVSS7.3AI score0.00339EPSS
Exploits1References1
CVE
CVE
added 2025/11/25 12:0 a.m.11 views

CVE-2025-65647

CVE-2025-65647 applies to PHPGURUKUL Online Shopping Portal 2.1, where an Insecure Direct Object Reference (IDOR) in the Track order function allows information disclosure via the oid parameter. The vulnerability stems from insufficient access control when referencing data sent from the client as...

4.3CVSS6AI score0.00214EPSS
Exploits1References2Affected Software1
Redos
Redos
added 2025/11/25 12:0 a.m.5 views

ROS-20251125-13

A vulnerability in the maskedPaths feature of the isolated container runc tool is related to the runc state that allows link tracking. Exploitation of the vulnerability could allow an attacker to Affect the confidentiality, integrity and availability of protected information...

7.8CVSS6.7AI score0.0067EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2025/11/25 12:0 a.m.3 views

Securing the Model Context Protocol (MCP): Risks, Controls, and Governance

The Model Context Protocol MCP replaces static, developer-controlled API integrations with more dynamic, user-driven agent systems, which also introduces new security risks. As MCP adoption grows across community servers and major platforms, organizations encounter threats that existing AI...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.5 views

PHPGurukul Online Shopping Portal 安全漏洞

Online Shopping Portal is an online store. Online Shopping Portal suffers from an insecure direct object reference vulnerability, which stems from the order tracking functionality not properly implementing an access control mechanism that directly references data sent from the client as an object...

4.3CVSS6.4AI score0.00214EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/24 9:33 p.m.18 views

CVE-2025-13570

A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=state. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made publ...

8.8CVSS6.9AI score0.0027EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/24 9:33 p.m.10 views

CVE-2025-13569

A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/?page=city. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

8.8CVSS7AI score0.0027EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/24 8:33 p.m.6 views

CVE-2025-13567

A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This affects an unknown function of the file /admin/?page=establishment. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

8.8CVSS7AI score0.0027EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/24 8:33 p.m.6 views

CVE-2025-13568

A flaw has been found in itsourcecode COVID Tracking System 1.0. This impacts an unknown function of the file /admin/?page=people. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

8.8CVSS6.8AI score0.0027EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/24 4:31 p.m.4 views

EUVD-2025-198945

Malicious code in @posthog/github-release-tracking-plugin npm...

6.6AI score
Exploits0References1
EUVD
EUVD
added 2025/11/24 3:1 p.m.4 views

EUVD-2025-198842

Malicious code in capacitor-plugin-apptrackingios npm...

6.6AI score
Exploits0References1
NVD
NVD
added 2025/11/24 6:15 a.m.3 views

CVE-2025-13585

A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

9.8CVSS0.00339EPSS
Exploits1References6
OSV
OSV
added 2025/11/24 6:15 a.m.5 views

CVE-2025-13585

A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

9.8CVSS5.8AI score0.00339EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/11/24 5:32 a.m.12 views

CVE-2025-13585 itsourcecode COVID Tracking System login.php sql injection

A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

7.5CVSS0.00339EPSS
Exploits1References6
CVE
CVE
added 2025/11/24 5:32 a.m.11 views

CVE-2025-13585

The CVE-2025-13585 affects itsourcecode COVID Tracking System 1.0. A flaw in /login.php allows manipulation of the code argument to trigger SQL injection. The issue is remotely exploitable and exploits are publicly available. Connected sources confirm the vulnerability details and that a fix vers...

9.8CVSS7.3AI score0.00339EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2025/11/24 5:32 a.m.6 views

EUVD-2025-198622

A vulnerability was detected in code-projects COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

7.5CVSS6.7AI score0.00339EPSS
Exploits1References6
Rows per page
Query Builder