4.8
CVE-2025-64758 - @dependencytrack/frontend Vulnerable to Persistent Cross-Site-Scripting via Welcome Message
@dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEM_CONFIGURATION permissionβ¦
6.9
CVE-2025-64342 - ESF-IDF's ESP32 Bluetooth Controller Has an Invalid Access Address Vulnerability
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address (AA) of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly β¦
7.4
CVE-2025-58407 - GPU DDK - TOCTOU bug affecting psFWMemContext->uiPageCatBaseRegSet
Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine.
6.9
CVE-2025-13291 - Campcodes Supplier Management System confirm_order.php sql injection
A vulnerability was found in Campcodes Supplier Management System 1.0. This affects an unknown part of the file /manufacturer/confirm_order.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could beβ¦
7.5
CVE-2025-58410 - GPU DDK - Multiple calls into PhysmemGEMPrimeExport can inherit write access permission for an exisβ¦
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource.
7.2
CVE-2025-62519 - phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation β¦
8.8
CVE-2025-13319 - Authenticated SQL injection in API - Digi On-Prem Manager
An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by default, and a valid API token is required to perform the attack.
5.3
CVE-2025-13290 - code-projects Simple Food Ordering System saveorder.php sql injection
A vulnerability has been found in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /saveorder.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosedβ¦
5.3
CVE-2025-13289 - 1000projects Design & Development of Student Database Management System SubjectDetails.php sql injeβ¦
A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Affected is an unknown function of the file /TeacherLogin/Academics/SubjectDetails.php. The manipulation of the argument SubCode results in sql injection. The attack may be performed from reβ¦
8.7
CVE-2025-13288 - Tenda CH22 PPTPUserSetting fromPptpUserSetting buffer overflow
A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed pubβ¦