CVE-2025-13109 HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query'

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woofaddquery" and "woofremovequery" functions due to missing validation on a user controlled key. This makes it...

PT-2025-48129

Name of the Vulnerable Software and Affected Versions versions prior to 2025-9558 Description A potential out-of-bounds write issue exists in the gen prov start function within the pb adv.c file. The issue occurs because the full length of received data is copied into the link.rx.buf receiver...

CVE-2025-65092

ESF-IDF (Espressif IoT Development Framework) contains a vulnerability in the ESP32-P4 hardware JPEG decoder where the software JPEG parser lacks validation, allowing an out-of-bounds array access when processing crafted images. Affected versions are 5.5.1, 5.4.3, and 5.3.4; mitigations are fixes...

MLX has Wild Pointer Dereference in load_gguf()

Summary Segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 Vulnerability Location: mlx/io/gguf.cp...

Online Voting System /index.php File Code Problem Vulnerability

Online Voting System is an online voting system. Online Voting System has a code issue vulnerability that stems from a lack of validation of uploaded files in the page parameter of file /index.php. An attacker can exploit this vulnerability to upload malicious files...

CVE-2025-40548

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under...

Student Record Management System login.php File SQL Injection Vulnerability

Student Record Management System is a software application. Student Record Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the id and password parameters of login.php. An attacker can exploit this...

PT-2025-47338

Name of the Vulnerable Software and Affected Versions Open Source Point of Sale version 3.4.1 Description The password change functionality has a flaw where a user can set an empty password due to a lack of server-side validation. Omitting or providing empty values for the password and repeat...

EUVD-2025-38370

The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcontactattributeimport function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above...

CVE-2025-46556

CVE-2025-46556 – MantisBT (Mantis Bug Tracker) Affected software: MantisBT up to version 2.27.1.Root cause: lack of server-side validation of note length allows extremely long notes to be submitted.Impact: permanently corrupts issue activity logs; the activity stream UI fails to render, preventin...

Simple Food Ordering System addproduct.php File Upload Vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System has a file upload vulnerability that stems from the lack of valid validation of uploaded files by the parameter photo in the file /addproduct.php. No details of the vulnerability are available at this time...

Simple Food Ordering System editproduct.php File Upload Vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System has a file upload vulnerability that stems from the lack of valid validation of uploaded files by the parameter photo in the file /editproduct.php. No details of the vulnerability are available at this time...

NeuVector 信任管理问题漏洞

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. A trust management issue vulnerability exists in NeuVector that stems from not enforci...

EUVD-2025-34572

The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Editor-level access and above, to uploa...

Simple Food Ordering System editproduct.php File SQL Injection Vulnerability

Simple Food Ordering System is a simple food ordering system. The Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Category in the file /editproduct.php. An attacker can exploit...

CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation

Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...

CVE-2025-11616

A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. These issues only affect applications using IPv6. Users should upgrade to the latest...

EUVD-2025-33752

A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing code can lead to an invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header. This issue only affects applications using IPv6. We recommend upgrading to the...

CVE-2025-11617 Buffer Over-read when receiving IPv6 packets with incorrect payload length in FreeRTOS-Plus-TCP

A missing validation check in FreeRTOS-Plus-TCP's IPv6 packet processing code can lead to an out-of-bounds read when receiving a IPv6 packet with incorrect payload lengths in the packet header. This issue only affects applications using IPv6. We recommend users upgrade to the latest version and...

PT-2025-41582

Name of the Vulnerable Software and Affected Versions FreeRTOS-Plus-TCP affected versions not specified Description A missing validation check in the ICMPv6 packet processing code can result in an out-of-bounds read when receiving ICMPv6 packets of specific message types that are smaller than...