9.8
CVE-2025-37099 -
A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
8.2
CVE-2025-6297 - dpkg-deb: Fix cleanup for control member with restricted directories
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeaβ¦
6.9
CVE-2025-6963 - Campcodes Employee Management System myprofile.php sql injection
A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /myprofile.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosedβ¦
6.9
CVE-2025-6962 - Campcodes Employee Management System myprofileup.php sql injection
A vulnerability, which was classified as critical, was found in Campcodes Employee Management System 1.0. This affects an unknown part of the file /myprofileup.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclβ¦
6.9
CVE-2025-6961 - Campcodes Employee Management System mark.php sql injection
A vulnerability, which was classified as critical, has been found in Campcodes Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /mark.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit hasβ¦
6.9
CVE-2025-6960 - Campcodes Employee Management System empproject.php sql injection
A vulnerability classified as critical was found in Campcodes Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /empproject.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has beenβ¦
6.9
CVE-2025-6959 - Campcodes Employee Management System eloginwel.php sql injection
A vulnerability classified as critical has been found in Campcodes Employee Management System 1.0. Affected is an unknown function of the file /eloginwel.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to β¦
5.5
CVE-2025-53099 - Sentry Missing Invalidation of Authorization Codes During OAuth Exchange and Revocation
Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a usβ¦
9
CVE-2025-34064 - OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. Theβ¦
10
CVE-2025-34063 - OneLogin AD Connector JWT Authentication Bypass via Exposed Signing Key
A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenantβs SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary users β¦