6.9
CVE-2025-35432 - CISA Thorium does not rate limit account verification email messages
CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes.
5.3
CVE-2025-35431 - CISA Thorium LDAP injection
CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1.
5.3
CVE-2025-35430 - CISA Thorium insecure downloaded file path validation
CISA Thorium does not adequately validate the paths of downloaded files via 'download_ephemeral' and 'download_children'. A remote, authenticated attacker could access arbitrary files subject to file system permissions. Fixed in 1.1.2.
6.9
CVE-2025-10601 - SourceCodester Online Exam Form Submission index.php sql injection
A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. Affected is an unknown function of the file /admin/index.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public β¦
6.9
CVE-2025-10600 - SourceCodester Online Exam Form Submission register.php unrestricted upload
A flaw has been found in SourceCodester Online Exam Form Submission 1.0. This impacts an unknown function of the file /register.php. This manipulation of the argument img causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and may be used.
6.9
CVE-2025-10599 - itsourcecode Web-Based Internet Laboratory Management System login.php AuthenticateUser sql injectiβ¦
A security flaw has been discovered in itsourcecode Web-Based Internet Laboratory Management System 1.0. Impacted is the function User::AuthenticateUser of the file login.php. Performing manipulation of the argument user_email results in sql injection. Remote exploitation of the attack is possible.β¦
6.9
CVE-2025-10598 - SourceCodester Pet Grooming Management Software search_product.php sql injection
A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This issue affects some unknown processing of the file /admin/search_product.php. Such manipulation of the argument group_id leads to sql injection. The attack may be launched remotely. The exploit is publicly avβ¦
6.9
CVE-2025-10597 - kidaze CourseSelectionSystem COUNT2.php sql injection
A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This vulnerability affects unknown code of the file /Profilers/PriProfile/COUNT2.php. This manipulation of the argument cname causes sql injection. The attack may be initiated remotely. Thβ¦
6.9
CVE-2025-10596 - SourceCodester Online Exam Form Submission index.php sql injection
A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument usn results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
6.1
CVE-2025-9862 - Ghost 6.0.6 - SSRF via oEmbed Bookmark
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.