6.9
CVE-2025-6611 - code-projects Inventory Management System createBrand.php sql injection
A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /php_action/createBrand.php. The manipulation of the argument brandStatus leads to sql injection. The attack can be initiated remotely. Tβ¦
6.6
CVE-2025-50178 - GitForge.jl lacks validation for user provided fields
GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the `GitForge.get_repo` function for GitHub, the user can provide any string for the owner and repo fields. These inputs are not valiβ¦
5.3
CVE-2025-49135 - CVAT missing validation for in-progress backup upload names
CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the sβ¦
5.1
CVE-2025-6610 - itsourcecode Employee Management System editempprofile.php sql injection
A vulnerability was found in itsourcecode Employee Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/editempprofile.php. The manipulation of the argument FirstName leads to sql injection. It is possible to initiate the attack remotely. β¦
9.1
CVE-2021-4457 - ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload
The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.
5.3
CVE-2025-6609 - SourceCodester Best Salon Management System bwdates-reports-details.php sql injection
A vulnerability was found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /panel/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be laβ¦
5.3
CVE-2025-6608 - SourceCodester Best Salon Management System edit-services.php sql injection
A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /panel/edit-services.php. The manipulation of the argument editid leads to sql injection. The attack can be launched rβ¦
4.6
CVE-2025-48991 - Tuleap missing CSRF protection on tracker canned responses administration
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into chanβ¦
8.1
CVE-2025-48954 - Discourse vulnerable to XSS via user-provided query parameter in oauth failure flow
Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled.
5.3
CVE-2025-6607 - SourceCodester Best Salon Management System stock.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/stock.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has beβ¦