6.9
CVE-2025-58057 - Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted inβ¦
6.9
CVE-2025-9930 - 1000projects Beauty Parlour Management System contact-us.php sql injection
A security vulnerability has been detected in 1000projects Beauty Parlour Management System 1.0. This impacts an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber leads to sql injection. The attack can be initiated remotely. The exploit has been discloseβ¦
4.8
CVE-2025-9929 - code-projects Responsive Blog Site blogs_view.php cross site scripting
A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogs_view.php. Executing manipulation of the argument product_code/gen_name/product_name/supplier can lead to cross site scripting. It is possible to launch the attack remotely. Tβ¦
6.9
CVE-2025-9928 - projectworlds Travel Management System viewcategory.php sql injection
A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been relβ¦
2.9
CVE-2025-58056 - Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line termiβ¦
6.9
CVE-2025-9927 - projectworlds Travel Management System viewpackage.php sql injection
A vulnerability was identified in projectworlds Travel Management System 1.0. The affected element is an unknown function of the file /viewpackage.php. Such manipulation of the argument t1 leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might bβ¦
6.5
CVE-2025-8268 - Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion
The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded β¦
9.3
CVE-2025-55748 - XWiki Platform's configuration files can be accessed through jsx and sx endpoints
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as `http://lβ¦
9.3
CVE-2025-55747 - XWiki Platform's configuration files can be accessed through the webjars API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7.
9
CVE-2025-53690 - Sitecore Products ViewState Deserialization Vulnerability
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.