5.3
CVE-2025-13396 - code-projects Courier Management System add-office.php sql injection
A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public andโฆ
5.4
CVE-2025-11963 - Reflected XSS in Saysis's StarCities
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saysis Computer Systems Trade Ltd. Co. StarCities allows Reflected XSS.This issue affects StarCities: before 1.1.61.
4.7
CVE-2025-0421 - iFrame Injection in Mikrogrup's Shopside
Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025.
5.4
CVE-2024-8528 - ALC WebCTRL Carrier i-Vu Reflected XSS due to unsanitized parameter
Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized.
8.6
CVE-2024-8527 - ALC WebCTRL Carrier i-Vu Open Redirect via URL parameter
Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions.
9.3
CVE-2025-12592 - Use of default login credentials in Legacy Vivotek Devices
Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.
9.8
CVE-2025-10437 - SQLi in Exagate's Webpack Management System
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. Webpack Management System allows SQL Injection.This issue affects Webpack Management System: through 20251119.
6.9
CVE-2025-13395 - codehub666 94list function.php login sql injection
A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the public โฆ
6.3
CVE-2025-64408 - Apache Causeway: Java deserialization vulnerability to authenticated attackers
Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution (RCE) throughย user-controllable URL parameters. These vulnerabilities affect allย applications using Causeway's ViewModel functionality and can be exploitedย by authenticated attackers to execute arbitrary codโฆ
7.1
CVE-2025-12472 - Remote Code Execution in Looker due to Improperly Validated Directory Deletion
An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated foโฆ