6.9
CVE-2025-9420 - itsourcecode Apartment Management System addfloor.php sql injection
A flaw has been found in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /floor/addfloor.php. Executing manipulation of the argument hdnid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be β¦
7.7
CVE-2025-57809 - XGrammar affected by Denial of Service by infinite recursion grammars
XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.
8.7
CVE-2025-8627 - Unauthenticated Protocol Commands on TP-Link KP303
The TP-Link KP303 SmartplugΒ can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0.
8.7
CVE-2025-57805 - The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation
The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2.
6.9
CVE-2025-57804 - h2 allows HTTP Request Smuggling due to illegal characters in headers
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without prβ¦
6.9
CVE-2025-9419 - itsourcecode Apartment Management System addunit.php sql injection
A vulnerability was detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /unit/addunit.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit is now public and may be usβ¦
6.9
CVE-2025-9418 - itsourcecode Apartment Management System addowner.php sql injection
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publβ¦
7.5
CVE-2025-6188 - On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may β¦
On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication.
3.8
CVE-2025-3456 - On affected platforms running Arista EOS, the global common encryption key configuration may be logβ¦
On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocolβ¦
5.3
CVE-2025-9417 - itsourcecode Apartment Management System addemployee.php sql injection
A weakness has been identified in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /employee/addemployee.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made avaiβ¦