5.1
CVE-2025-12315 - code-projects Food Ordering System menu.php sql injection
A vulnerability was determined in code-projects Food Ordering System 1.0. This affects an unknown function of the file /admin/menu.php. Executing a manipulation of the argument itemPrice can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may β¦
5.1
CVE-2025-12314 - code-projects Food Ordering System deleteitem.php sql injection
A vulnerability was found in code-projects Food Ordering System 1.0. The impacted element is an unknown function of the file /admin/deleteitem.php. Performing a manipulation of the argument itemID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made pubβ¦
5.3
CVE-2025-12313 - D-Link DI-7001 MINI msp_info.htm command injection
A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /msp_info.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public andβ¦
4.7
CVE-2025-62594 - ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and procβ¦
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occuβ¦
0.0
CVE-2025-62516 -
Further research determined the issue is not a vulnerability.
8.2
CVE-2025-59151 - Pi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injection
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed (CRLF) injection. When a request is made to a file ending with the .lp extension, tβ¦
4.8
CVE-2025-62263 -
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected intβ¦
8.3
CVE-2025-58356 - Constellation allows insecure use of LUKS2 persistent storage partitions
Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function crypt_activate_by_passhrase. If the VM is successful in opening the partition with tβ¦
4.8
CVE-2025-12312 - PHPGurukul Curfew e-Pass Management System view-pass-detail.php cross site scripting
A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. Impacted is an unknown function of the file view-pass-detail.php. This manipulation of the argument Fullname/Category causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may beβ¦
4.8
CVE-2025-12311 - PHPGurukul Curfew e-Pass Management System edit-category-detail.php cross site scripting
A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross site scripting. The attack can be launched remotely. The exploit is now public aβ¦