7.5
CVE-2025-9038 - S1 Agile Privilege Escalation
Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version.
6.9
CVE-2025-10802 - code-projects Online Bidding System remove.php sql injection
A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
8.8
CVE-2025-9900 - Libtiff: libtiff write-what-where
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlleβ¦
6.9
CVE-2025-10801 - SourceCodester Pet Grooming Management Software edit_tax.php sql injection
A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/edit_tax.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been diβ¦
6.9
CVE-2025-10800 - itsourcecode Online Discussion Forum index.php sql injection
A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the file /index.php. Executing manipulation of the argument email/password can lead to sql injection. The attack can be executed remotely. The exploit has been made available tβ¦
6.9
CVE-2025-10799 - code-projects Hostel Management System index.php sql injection
A security flaw has been discovered in code-projects Hostel Management System 1.0. The affected element is an unknown function of the file /justines/admin/mod_reservation/index.php?view=view. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is pβ¦
6.9
CVE-2025-10798 - code-projects Hostel Management System index.php sql injection
A vulnerability was identified in code-projects Hostel Management System 1.0. Impacted is an unknown function of the file /justines/admin/mod_roomtype/index.php?view=view. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly availβ¦
8.1
CVE-2025-10854 - Symlink Following in txtai leads to arbitrary file write when loading untrusted embedding indices
The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent path traversal vulnerabilities by ensuring safe filenames, it does not account for symbolic links within the tar file. An attacker is able to write a file anywhereβ¦
6.9
CVE-2025-10797 - code-projects Hostel Management System index.php sql injection
A vulnerability was determined in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /justines/index.php. This manipulation of the argument log_email causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed aβ¦
6.9
CVE-2025-10796 - code-projects Hostel Management System login.php sql injection
A vulnerability was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /justines/admin/login.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made public and could beβ¦