6.9
CVE-2025-7458 - SQLite integer overflow in key info allocation may lead to information disclosure.
An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a laโฆ
5.4
CVE-2025-6060 - XSS in DECE Software's Geodi
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DECE Software Geodi allows Cross-Site Scripting (XSS).This issue affects Geodi: before GEODI Setup 9.0.146.
4.4
CVE-2025-41241 - Denial-of-service vulnerability
VMware vCenter contains a denial-of-service vulnerability.ย A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition.
7.2
CVE-2025-6175 - CRLF Injection in DECE Software's Geodi
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting.This issue affects Geodi: before GEODI Setup 9.0.146.
4.8
CVE-2025-40686 - Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through theย 'employeeid' parameter in/detailview.php.
4.8
CVE-2025-40685 - Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through theย 'searcstate' parameter in/state.php.
4.8
CVE-2025-40684 - Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through theย 'searccountry' parameter in/country.php.
4.8
CVE-2025-40683 - Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through theย 'searccity' parameter in /city.php.
8.7
CVE-2025-40682 - SQL injection vulnerability in Human Resource Management System
SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the โcityโ and โstateโ parameters in the /controller/ccity.php endpoint.
6.4
CVE-2025-5587 - Appzend <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Pโฆ
The Appzend theme for WordPress is vulnerable to Stored Cross-Site Scripting via the โprogressbarLayoutโ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level accesโฆ