0.0

CVE-2025-60662 -

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function.

πŸ“… Published: Oct. 2, 2025, midnight πŸ”„ Last Modified: Oct. 2, 2025, 4:09 p.m.

0.0

CVE-2025-59405 -

The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompil…

πŸ“… Published: Oct. 2, 2025, midnight πŸ”„ Last Modified: Oct. 2, 2025, 5:05 p.m.

0.0

CVE-2025-60661 -

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function.

πŸ“… Published: Oct. 2, 2025, midnight πŸ”„ Last Modified: Oct. 2, 2025, 4:11 p.m.

0.0

CVE-2025-61087 -

SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section.

πŸ“… Published: Oct. 2, 2025, midnight πŸ”„ Last Modified: Oct. 2, 2025, 2:45 p.m.

0.0

CVE-2025-59406 -

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, …

πŸ“… Published: Oct. 2, 2025, midnight πŸ”„ Last Modified: Oct. 2, 2025, 5:06 p.m.

0.0

CVE-2025-56154 -

htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads.

πŸ“… Published: Oct. 2, 2025, midnight πŸ”„ Last Modified: Oct. 2, 2025, 4:05 p.m.

0.0

CVE-2025-56162 -

YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw('field(goods_id, ...)'), allowing attackers to: (a) enumerate or modify database data, including dumping admin pas…

πŸ“… Published: Oct. 2, 2025, midnight πŸ”„ Last Modified: Oct. 2, 2025, 3:46 p.m.

0.0

CVE-2025-56381 -

ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.

πŸ“… Published: Oct. 2, 2025, midnight πŸ”„ Last Modified: Oct. 2, 2025, 2:06 p.m.

0.0

CVE-2025-56380 -

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter

πŸ“… Published: Oct. 2, 2025, midnight πŸ”„ Last Modified: Oct. 2, 2025, 2:05 p.m.

0.0

CVE-2025-61096 -

PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter.

πŸ“… Published: Oct. 2, 2025, midnight πŸ”„ Last Modified: Oct. 2, 2025, 2:32 p.m.
Total resulsts: 312544
Page 12 of 31,255
Β« previous page Β» next page
Filters