7.5
CVE-2025-58410 - GPU DDK - Multiple calls into PhysmemGEMPrimeExport can inherit write access permission for an exisβ¦
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource.
7.2
CVE-2025-62519 - phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation β¦
8.8
CVE-2025-13319 - Authenticated SQL injection in API - Digi On-Prem Manager
An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by default, and a valid API token is required to perform the attack.
5.3
CVE-2025-13290 - code-projects Simple Food Ordering System saveorder.php sql injection
A vulnerability has been found in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /saveorder.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosedβ¦
5.3
CVE-2025-13289 - 1000projects Design & Development of Student Database Management System SubjectDetails.php sql injeβ¦
A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Affected is an unknown function of the file /TeacherLogin/Academics/SubjectDetails.php. The manipulation of the argument SubCode results in sql injection. The attack may be performed from reβ¦
8.7
CVE-2025-13288 - Tenda CH22 PPTPUserSetting fromPptpUserSetting buffer overflow
A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed pubβ¦
7.1
CVE-2025-4321 - DoS in RS9116W-WiSeConnect L2CAP protocol due to reception of malformed packets
In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Service, if it receives malformed L2CAP packets, only hard reset will bring the device to normal operation
0.0
CVE-2025-13310 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
5.3
CVE-2025-13287 - itsourcecode Online Voting System index.php sql injection
A weakness has been identified in itsourcecode Online Voting System 1.0. This affects an unknown function of the file /index.php?page=categories. Executing manipulation of the argument id/category can lead to sql injection. The attack can be executed remotely. The exploit has been made available toβ¦
5.3
CVE-2025-13286 - itsourcecode Online Voting System ajax.php sql injection
A security flaw has been discovered in itsourcecode Online Voting System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_user. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been β¦