CVE-2025-52647 HCL BigFix WebUI is affected by a host header poisoning vulnerability

The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks...

CVE-2025-11589 CodeAstro Gym Management System user-payment.php sql injection

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released t...

CVE-2025-59974

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into the application, which are then stored and executed in the context of other users' browsers when they access...

CVE-2025-59978

CVE-2025-59978 is a Cross-Site Scripting vulnerability in Juniper Networks Junos Space (pre-24.1R4). The issue arises from improper neutralization of input during web page generation, allowing an attacker to store script tags in web pages that, when viewed by another user, can execute commands wi...

CVE-2025-59978 Junos Space: Stored cross-site scripting vulnerability in web application

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's...

CVE-2025-59978 Junos Space: Stored cross-site scripting vulnerability in web application

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's...

CVE-2025-10240

A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...

CVE-2025-10240 Possibility of unintended actions when a user clicks a malicious link in the Progress Flowmon web application

A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...

EUVD-2025-33341

A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...

Akamai Named a Gartner Peer Insights Customers’ Choice for WAAP Six Years in a Row

...

CVE-2025-11431 code-projects Web-Based Inventory and POS System transaction.php sql injection

A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-11425

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /editadmin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly...

CVE-2025-11416 PHPGurukul Beauty Parlour Management System invoices.php sql injection

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/invoices.php. Performing a manipulation of the argument delid results in sql injection. The attack can be initiated remotely. The exploit has been released to th...

CVE-2025-40885

A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized da...

CVE-2025-40887

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data...

EUVD-2025-32874

A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data...

EUVD-2025-32871

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data...

EUVD-2025-32873

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering...

EUVD-2025-32866

A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized da...

CVE-2025-40885

CVE-2025-40885 is an authenticated SQL Injection vulnerability in Nozomi Networks Guardian/CMC Smart Polling functionality caused by improper input validation. An authenticated user with limited privileges can cause the DBMS to execute arbitrary SELECT statements, potentially exposing data. Affec...