7.2
CVE-2025-65024 - i-Educar Authenticated Time-based SQL Injection in `agenda_admin_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda_admin_cad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands againstβ¦
8.6
CVE-2025-10703 -
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for Jβ¦
8.6
CVE-2025-10702 -
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for β¦
4.8
CVE-2025-13397 - mrubyc alloc.c mrbc_raw_realloc null pointer dereference
A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbc_raw_realloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is 009111904807b8567262036bf4529β¦
5.3
CVE-2025-13396 - code-projects Courier Management System add-office.php sql injection
A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public andβ¦
5.4
CVE-2025-11963 - Reflected XSS in Saysis's StarCities
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saysis Computer Systems Trade Ltd. Co. StarCities allows Reflected XSS.This issue affects StarCities: before 1.1.61.
4.7
CVE-2025-0421 - iFrame Injection in Mikrogrup's Shopside
Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025.
5.4
CVE-2024-8528 - ALC WebCTRL Carrier i-Vu Reflected XSS due to unsanitized parameter
Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized.
8.6
CVE-2024-8527 - ALC WebCTRL Carrier i-Vu Open Redirect via URL parameter
Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions.
9.3
CVE-2025-12592 - Use of default login credentials in Legacy Vivotek Devices
Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.