5.3
CVE-2025-14531 - code-projects Rental Management System Log Transaction.java crlf injection
A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in crlf injection. The attack can be initiated remotely. The exploit has been made public and could beβ¦
9.1
CVE-2025-13780 - Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)
pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a criticalβ¦
7.8
CVE-2025-64669 - Windows Admin Center Elevation of Privilege Vulnerability
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.
8.6
CVE-2025-14046 - Insufficient HTML Sanitization Allows User-Controlled DOM Elements to Overwrite Server-Initialized β¦
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed user-supplied HTML to inject DOM elements with IDs that collided with server-initialized data islands. These collisions could overwrite or shadow critical application state objects used by certβ¦
5.1
CVE-2025-14530 - SourceCodester Real Estate Property Listing App property.php unrestricted upload
A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has beeβ¦
6.9
CVE-2025-14529 - Campcodes Retro Basketball Shoes Online Store admin_running.php sql injection
A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The affected element is an unknown function of the file /admin/admin_running.php. This manipulation of the argument pid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published anβ¦
1
CVE-2025-13912 - Potential non-constant time compiled code with Clang LLVM
Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks.
6.9
CVE-2025-14528 - D-Link DIR-803 Configuration getcfg.php information disclosure
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is nowβ¦
6.9
CVE-2025-14527 - projectworlds Advanced Library Management System view_book.php sql injection
A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /view_book.php. Executing a manipulation of the argument book_id can lead to sql injection. The attack can be executed remotely. The exploit has been made avaiβ¦
9.8
CVE-2025-66048 -
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 133