6.9
CVE-2025-12293 - SourceCodester Point of Sales category.php sql injection
A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be β¦
6.9
CVE-2025-12292 - SourceCodester Point of Sales index.php sql injection
A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utβ¦
5.1
CVE-2025-12291 - ashymuzuro Full-Ecommece-Website/Muzuro Ecommerce System Add Product index.php unrestricted upload
A vulnerability was found in ashymuzuro Full-Ecommece-Website and Muzuro Ecommerce System up to 1.1.0. This affects an unknown part of the file /admin/index.php?add_product of the component Add Product Page. The manipulation results in unrestricted upload. The attack may be performed from remote. Tβ¦
7
CVE-2025-34133 - Wimi Teamwork < v7.38.17 CSRF
Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery (CSRF) vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrf_token' without validating the fieldβs value; only the presence of the field is checked. An attacker can craβ¦
6.2
CVE-2025-10023 - A user with elevated privileges can inject XSS in the Services Meta-services configuration page
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.β¦
6.8
CVE-2025-12351 - Inadequate access control measure allows unauthorized users to access restricted administrative funβ¦
Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of tβ¦
5.3
CVE-2025-12290 - Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 359 cross sβ¦
A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of the argument keywords leads to cross site scripting. The attack is possible to β¦
5.3
CVE-2025-12289 - Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1001 cross β¦
A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activity_state/1/category_id/1001. Executing manipulation of the argument category_id can lead toβ¦
5.4
CVE-2025-36121 - HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application
IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
0
CVE-2025-26862 - PingFederate unexpected browser flow initiation in redirectless mode
Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks.