6.9
CVE-2025-10405 - itsourcecode Baptism Information Management System listbaptism.php sql injection
A vulnerability was determined in itsourcecode Baptism Information Management System 1.0. Affected is an unknown function of the file /listbaptism.php. This manipulation of the argument bapt_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclβ¦
6.9
CVE-2025-10404 - itsourcecode Baptism Information Management System rptbaptismal.php sql injection
A vulnerability was found in itsourcecode Baptism Information Management System 1.0. This impacts an unknown function of the file /rptbaptismal.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public and could be uβ¦
6.9
CVE-2025-10403 - PHPGurukul Beauty Parlour Management System view-enquiry.php sql injection
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/view-enquiry.php. The manipulation of the argument viewid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed β¦
5.3
CVE-2025-6051 - Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer` class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue ariβ¦
6.9
CVE-2025-10402 - PHPGurukul Beauty Parlour Management System readenq.php sql injection
A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/readenq.php. Executing manipulation of the argument delid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may bβ¦
5.3
CVE-2025-10401 - D-Link DIR-823x diag_ping command injection
A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument target_addr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and mayβ¦
5.3
CVE-2025-10400 - SourceCodester Food Ordering Management System ticket-message.php sql injection
A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Impacted is an unknown function of the file /routers/ticket-message.php. Such manipulation of the argument ticket_id leads to sql injection. The attack may be launched remotely. The exploit has been diβ¦
5.3
CVE-2025-10399 - Korzh EasyQuery Query Builder UI fetch sql injection
A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made availablβ¦
2.3
CVE-2025-0164 - IBM QRadar SIEM information disclosure
IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment.
6.7
CVE-2025-36035 - IBM PowerVM Hypervisor denial of service
IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resourβ¦