5.1
CVE-2025-40616 - Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy
Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkg_imprimir_comprobante.php.
5.1
CVE-2025-40615 - Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy
Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/api_ajustes.php.
6.3
CVE-2025-46346 - YesWiki Vulnerable to Stored XSS in Comments
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the applicationโs comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user viโฆ
4.8
CVE-2025-4069 - code-projects Product Management System add_item stack-based overflow
A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. An attack has to be approached locally. The exploiโฆ
4.8
CVE-2025-4068 - code-projects Simple Movie Ticket Booking System changeprize stack-based overflow
A vulnerability classified as critical was found in code-projects Simple Movie Ticket Booking System 1.0. Affected by this vulnerability is the function changeprize. The manipulation of the argument prize leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit hโฆ
6.9
CVE-2025-4067 - ScriptAndTools Online-Travling-System viewpackage.php access control
A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed toโฆ
6.9
CVE-2025-4066 - ScriptAndTools Online-Travling-System addpackage.php access control
A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/addpackage.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosโฆ
6.9
CVE-2025-4065 - ScriptAndTools Online-Travling-System addadvertisement.php access control
A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been dโฆ
6.9
CVE-2025-4064 - ScriptAndTools Online-Travling-System viewenquiry.php access control
A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/viewenquiry.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclโฆ
1
CVE-2025-3301 - DPA Countermeasures Unavailable for Certain Cryptographic Operations on Series 2 Devices
DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The best practice is to useโฆ