6.9
CVE-2025-10832 - SourceCodester Pet Grooming Management Software fetch_product_details.php sql injection
A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. The affected element is an unknown function of the file /admin/fetch_product_details.php. The manipulation of the argument barcode results in sql injection. The attack may be performed from remote. The exploit has beeβ¦
4.3
CVE-2025-42907 - Server-Side Request Forgery in SAP BI Platform
SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the system.
6.9
CVE-2025-10831 - Campcodes Computer Sales and Inventory System pro_edit1.php sql injection
A vulnerability has been found in Campcodes Computer Sales and Inventory System 1.0. Impacted is an unknown function of the file /pages/pro_edit1.php. The manipulation of the argument prodcode leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed β¦
6.9
CVE-2025-10830 - Campcodes Computer Sales and Inventory System inv_edit1.php sql injection
A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. This issue affects some unknown processing of the file /pages/inv_edit1.php. Executing manipulation of the argument idd can lead to sql injection. The attack can be executed remotely. The exploit has been published and may β¦
8.7
CVE-2025-9495 - Viessmann Vitogate 300 Authentication Bypass
The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browserβs developer tools to bypass login restrictions. By removing specific UI elements, an attackerβ¦
8.5
CVE-2025-9494 - Viessmann Vitogate 300 OS Command Injection
An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Specifically, the `/cgi-bin/vitogate.cgi` endpoint is affected, when the `form` JSON parameter is set to `form-0-2`. The vulnerability stemsβ¦
6.9
CVE-2025-10829 - Campcodes Computer Sales and Inventory System sup_edit1.php sql injection
A vulnerability was detected in Campcodes Computer Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/sup_edit1.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public β¦
5.3
CVE-2025-10828 - SourceCodester Pet Grooming Management Software edit.php sql injection
A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/edit.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and β¦
5.3
CVE-2025-10827 - PHPJabbers Restaurant Menu Maker preview.php cross site scripting
A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made availableβ¦
5.3
CVE-2025-10826 - Campcodes Online Beauty Parlor Management System sales-reports-detail.php sql injection
A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate results in sql injection. The attack can be launched β¦