6.9
CVE-2025-14960 - code-projects Simple Blood Donor Management System editeddonor.php sql injection
A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclβ¦
6.9
CVE-2025-14959 - code-projects Simple Stock System signup.php sql injection
A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available tβ¦
4.8
CVE-2025-14958 - floooh sokol sokol_gfx.h _sg_pipeline_common_init heap-based overflow
A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. β¦
5.3
CVE-2025-68430 - CVAT vulnerable to directory traversal via mounted share listing
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of cβ¦
7.1
CVE-2025-68478 - Langflow Vulnerable to External Control of File Name or Path
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normaliβ¦
4.8
CVE-2025-14957 - WebAssembly Binaryen IRBuilder wasm-ir-builder.cpp makeLocalTee null pointer dereference
A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereβ¦
7.7
CVE-2025-68477 - Langflow vulnerable to Server-Side Request Forgery
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and β¦
0.6
CVE-2025-68457 - Orejime has executable code in HTML attributes
Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding `javascript:` code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed oneβ¦
7.4
CVE-2025-14809 - Address bar spoofing risk in ArcSearch on Android
ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content.
7.5
CVE-2025-14812 - Address bar spoofing risk in Arc Search on iOS
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk.