5
CVE-2025-12766 - Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of affected versionโฆ
An Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of BlackBerryยฎ AtHocยฎ (OnPrem) version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System (IWS).
7.2
CVE-2025-65022 - i-Educar Authenticated Time-based SQL Injection in `agenda.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the appliโฆ
7.2
CVE-2025-65023 - i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionario_vinculo_cad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands โฆ
7.2
CVE-2025-65024 - i-Educar Authenticated Time-based SQL Injection in `agenda_admin_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda_admin_cad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands againstโฆ
8.6
CVE-2025-10703 -
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for Jโฆ
8.6
CVE-2025-10702 -
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for โฆ
4.8
CVE-2025-13397 - mrubyc alloc.c mrbc_raw_realloc null pointer dereference
A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbc_raw_realloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is 009111904807b8567262036bf4529โฆ
5.3
CVE-2025-13396 - code-projects Courier Management System add-office.php sql injection
A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public andโฆ
5.4
CVE-2025-11963 - Reflected XSS in Saysis's StarCities
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saysis Computer Systems Trade Ltd. Co. StarCities allows Reflected XSS.This issue affects StarCities: before 1.1.61.
4.7
CVE-2025-0421 - iFrame Injection in Mikrogrup's Shopside
Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025.