5.1
CVE-2025-13210 - itsourcecode Inventory Management System index.php sql injection
A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=add. Such manipulation of the argument PROMODEL leads to sql injection. The attack may be performed from remote. The exploit has beβ¦
5.3
CVE-2025-13209 - bestfeng oa_git_free WorkflowPredefineController.java updateWriteBack xml external entity reference
A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity refereβ¦
5.3
CVE-2025-13208 - FantasticLBP Hotels Server hotelList.php sql injection
A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. The impacted element is an unknown function of the file controller/api/hotelList.php. The manipulation of the argument subjectId/cityName results in sql injection. The attack can be exeβ¦
6.9
CVE-2025-13203 - code-projects Simple Cafe Ordering System addmem.php sql injection
A weakness has been identified in code-projects Simple Cafe Ordering System 1.0. This vulnerability affects unknown code of the file /addmem.php. Executing manipulation of the argument studentnum can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made avaiβ¦
5.1
CVE-2025-13202 - code-projects Simple Cafe Ordering System add_to_cart cross site scripting
A security flaw has been discovered in code-projects Simple Cafe Ordering System 1.0. This affects an unknown part of the file /add_to_cart. Performing manipulation of the argument product_name results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been relβ¦
6.9
CVE-2025-13201 - code-projects Simple Cafe Ordering System login.php sql injection
A vulnerability was identified in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /login.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit is publicly availableβ¦
6.9
CVE-2025-13200 - SourceCodester Farm Management System exposure of information through directory listing
A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes exposure of information through directory listing. The attack is possible to be carried out remotely. The exploit has been publicly disclβ¦
4.8
CVE-2025-13199 - code-projects Email Logging Interface signup.cpp path traversal
A vulnerability was found in code-projects Email Logging Interface 2.0. Affected is an unknown function of the file signup.cpp. The manipulation of the argument Username results in path traversal: '../filedir'. The attack is only possible with local access. The exploit has been made public and coulβ¦
5.1
CVE-2025-13198 - DouPHP file.class.php unrestricted upload
A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impacts an unknown function of the file upload/include/file.class.php. The manipulation of the argument File leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed to the pβ¦
3.5
CVE-2025-12983 - Memory Allocation with Excessive Size Value in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially crafted markdown content with nested formatting β¦