5.3
CVE-2025-14962 - code-projects Simple Stock System chatuser.php cross site scripting
A flaw has been found in code-projects Simple Stock System 1.0. The impacted element is an unknown function of the file /market/chatuser.php. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used.
6.9
CVE-2025-14961 - code-projects Simple Blood Donor Management System editedcampaign.php sql injection
A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation of the argument campaignname results in sql injection. The attack can be executed remotely. The exploit is now publicβ¦
6.9
CVE-2025-14960 - code-projects Simple Blood Donor Management System editeddonor.php sql injection
A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclβ¦
6.9
CVE-2025-14959 - code-projects Simple Stock System signup.php sql injection
A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available tβ¦
4.8
CVE-2025-14958 - floooh sokol sokol_gfx.h _sg_pipeline_common_init heap-based overflow
A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. β¦
5.3
CVE-2025-68430 - CVAT vulnerable to directory traversal via mounted share listing
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of cβ¦
7.1
CVE-2025-68478 - Langflow Vulnerable to External Control of File Name or Path
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normaliβ¦
4.8
CVE-2025-14957 - WebAssembly Binaryen IRBuilder wasm-ir-builder.cpp makeLocalTee null pointer dereference
A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereβ¦
7.7
CVE-2025-68477 - Langflow vulnerable to Server-Side Request Forgery
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and β¦
0.6
CVE-2025-68457 - Orejime has executable code in HTML attributes
Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding `javascript:` code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed oneβ¦