5.3
CVE-2025-13174 - rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery
A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function do_job of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument web_hook_url can lead to server-side request foโฆ
5.3
CVE-2025-13172 - CodeAstro Gym Management System view-member-report.php sql injection
A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/view-member-report.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been released to the puโฆ
4.4
CVE-2025-4618 - Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser
A sensitive information disclosure vulnerability in Palo Alto Networks Prismaยฎ Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue.
1.1
CVE-2025-4617 - Prisma Browser: Insufficient Policy Enforcement Vulnerability in Prisma Browser
An insufficient policy enforcement vulnerability in Palo Alto Networks Prismaยฎ Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser. Browser self-protection should be enabled to mitigate this issue.
1.1
CVE-2025-4616 - Prisma Browser: Insufficient Validation of Untrusted Input Vulnerability in Prisma Browser
An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prismaยฎ Browser allows a locally authenticated non-admin user to revert the browserโs security controls.
5.3
CVE-2025-13171 - ZZCMS wangkan_list.php sql injection
A vulnerability was identified in ZZCMS 2023. This impacts an unknown function of the file /admin/wangkan_list.php. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
7.3
CVE-2025-13204 - CVE-2025-13204
npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.
0.0
CVE-2025-13197 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.9
CVE-2025-13170 - code-projects Simple Online Hotel Reservation System edit_account.php sql injection
A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /admin/edit_account.php. Performing a manipulation of the argument admin_id results in sql injection. The attack is possible to be carried out remotely. Tโฆ
5.6
CVE-2025-8870 - On affected platforms running Arista EOS, certain serial console input might result in an unexpecteโฆ
On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153