CVE-2025-13130

Radarr CVE-2025-13130 affects Radarr 5.28.0.10274. The vulnerability targets an unknown function in C:\ProgramData\Radarr\bin\Radarr.Console.exe (Service component), enabling manipulation that leads to incorrect default permissions. Exploitation is local-only (no network vector) and the issue is ...

CVE-2025-13063

A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an unknown function. Executing manipulation can lead to missing authorization. The attack may be performed from remote. The exploit has been published and may be used. Multiple endpoints are affected...

CVE-2025-13063

A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an unknown function. Executing manipulation can lead to missing authorization. The attack may be performed from remote. The exploit has been published and may be used. Multiple endpoints are affected...

CVE-2025-13063 DinukaNavaratna Dee Store authorization

A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an unknown function. Executing manipulation can lead to missing authorization. The attack may be performed from remote. The exploit has been published and may be used. Multiple endpoints are affected...

CVE-2025-13063

CVE-2025-13063 affects DinukaNavaratna Dee Store 1.0. The flaw is an unauthorized access issue in an unknown function that can be triggered remotely; exploitation has been published and affects multiple endpoints. Reported CVSS metrics indicate network-based access with low attack complexity and ...

CVE-2025-13060 SourceCodester Survey Application System view_survey.php sql injection

A security vulnerability has been detected in SourceCodester Survey Application System 1.0. This affects an unknown function of the file /viewsurvey.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and m...

CVE-2025-13059 SourceCodester Alumni Management System manage_career.php sql injection

A weakness has been identified in SourceCodester Alumni Management System 1.0. The impacted element is an unknown function of the file /managecareer.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...

CVE-2025-12930

A vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may...

CVE-2025-12919 EverShop Order Order.resolvers.js resource injection

A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be...

PT-2025-45576

Name of the Vulnerable Software and Affected Versions TOZED ZLT T10 T10PLUS version 3.04.15 Description A flaw exists in TOZED ZLT T10 T10PLUS. Manipulation of an unknown function within the /reqproc/proc post file of the Reboot Handler component can lead to a denial of service. Access to the loc...

EUVD-2025-37439

A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/editroom.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely...

Client Details System Authorization Bypass Vulnerability

Client Details System is a client information system. An authorization bypass vulnerability exists in Client Details System that stems from an authorization bypass of an unknown function and can be exploited by an attacker to compromise confidentiality...

CVE-2025-12342

A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2025-12283

A security flaw has been discovered in code-projects Client Details System 1.0. The impacted element is an unknown function. The manipulation results in authorization bypass. The attack can be launched remotely. The exploit has been released to the public and may be exploited...

CVE-2025-12248

A security vulnerability has been detected in CLTPHP 3.0. The affected element is an unknown function of the file /home/search.html. Such manipulation of the argument keyword leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used...

CVE-2025-12227

A vulnerability was determined in projectworlds Gate Pass Management System 1.0. The affected element is an unknown function of the file /add-pass.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may b...

EUVD-2025-36390

A vulnerability was detected in ermig1979 AntiDupl up to 2.3.12. Impacted is an unknown function of the file AntiDupl.NET.WinForms.exe of the component Delete Duplicate Image Handler. The manipulation results in link following. The attack is only possible with local access. The vendor was contact...

CVE-2025-12334

A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/productadd.php. The manipulation of the argument prodname/proddesc/prodcost results in cross site scripting. It is possible to launch the attack remotely. The exploit has been mad...

CVE-2025-12329

A security flaw has been discovered in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. The affected element is an unknown function of the file /details.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The...

CVE-2025-12328 shawon100 RUET OJ contestproblem.php sql injection

A vulnerability was identified in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. Impacted is an unknown function of the file /contestproblem.php. Such manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit is publicly availabl...