7.1
CVE-2025-9983 - Lack of Authentication for RTSP stream
GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only vβ¦
6.9
CVE-2025-10795 - code-projects Online Bidding System bidupdate.php sql injection
A vulnerability has been found in code-projects Online Bidding System 1.0. This affects an unknown part of the file /administrator/bidupdate.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may beβ¦
5.3
CVE-2025-10794 - PHPGurukul Car Rental Project search.php cross site scripting
A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected by this issue is some unknown functionality of the file /carrental/search.php. Executing manipulation of the argument autofocus can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been pβ¦
5.5
CVE-2025-46711 - GPU DDK - NULL Pointer dereference occurs in LockHandle on bridge entry when connection misused
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions.
5.1
CVE-2025-25177 - GPU DDK - Roll-back of pvr_exp_fence not in finalised state can cause UAF
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
6.9
CVE-2025-10793 - code-projects E-Commerce Website admin_account_delete.php sql injection
A vulnerability was detected in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/admin_account_delete.php. Performing manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. Theβ¦
8.7
CVE-2025-10792 - D-Link DIR-513 formWPS buffer overflow
A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. Thβ¦
8.6
CVE-2025-10009 - Authenticated admin RCE in Invoice Ninja
Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja <= 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files.
5.4
CVE-2025-9035 - Reflected XSS in Horato Internet Technologies' Virtual Library Platform
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Horato Internet Technologies Ind. And Trade Inc. Virtual Library Platform allows Reflected XSS.This issue affects Virtual Library Platform: before v202.
6.9
CVE-2025-10791 - code-projects Online Bidding System index.php sql injection
A weakness has been identified in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/index.php. This manipulation of the argument aduser causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to β¦