5.1
CVE-2025-66321 -
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
5.1
CVE-2025-66320 -
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
7.1
CVE-2025-14255 - Galaxy Software Services|Vitals ESP - SQL Injection
Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
7.1
CVE-2025-14254 - Galaxy Software Services|Vitals ESP - SQL Injection
Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
6.9
CVE-2025-14253 - Galaxy Software Services|Vitals ESP - Arbitrary File Read
Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
5.3
CVE-2025-14222 - code-projects Employee Profile Management System print_personnel_report.php sql injection
A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /print_personnel_report.php. This manipulation of the argument per_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
5.1
CVE-2025-14221 - SourceCodester Online Banking System page cross site scripting
A vulnerability was detected in SourceCodester Online Banking System 1.0. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used.
5.3
CVE-2025-14220 - ORICO CD3510 File Upload path traversal
A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early a…
5.1
CVE-2025-14219 - Campcodes Retro Basketball Shoes Online Store admin_running.php unrestricted upload
A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing a manipulation of the argument product_image can lead to unrestricted upload. It is possible to launch the attack remotely…
6.9
CVE-2025-14218 - code-projects Currency Exchange System editotheraccount.php sql injection
A security flaw has been discovered in code-projects Currency Exchange System 1.0. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been…