6.9
CVE-2025-4710 - Campcodes Sales and Inventory System transaction.php sql injection
A vulnerability, which was classified as critical, has been found in Campcodes Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /pages/transaction.php. The manipulation of the argument cid leads to sql injection. The attack may be launched remotely. Tโฆ
6.9
CVE-2025-4709 - Campcodes Sales and Inventory System transaction_del.php sql injection
A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/transaction_del.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploโฆ
2.9
CVE-2025-47285 - Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, `concat()` may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressionโฆ
3.1
CVE-2025-47279 - undici Denial of Service attack via bad certificate data
Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, thenโฆ
7
CVE-2025-43853 - iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature
The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlinโฆ
5.4
CVE-2025-47580 - WordPress Front End Users plugin <= 3.2.35 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through <= 3.2.35.
6.9
CVE-2025-4708 - Campcodes Sales and Inventory System sales_add.php sql injection
A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/sales_add.php. The manipulation of the argument discount leads to sql injection. It is possible to launch the attack remotely. The exploit has been dโฆ
6.9
CVE-2025-4707 - Campcodes Sales and Inventory System transaction_add.php sql injection
A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pages/transaction_add.php. The manipulation of the argument prod_name leads to sql injection. The attack may be initiated remotely. The exploโฆ
8.5
CVE-2025-30421 - Stack-based Buffer Overflow in DrObjectStorage::XML_Serialize() in NI Circuit Design Suite
There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite. ย This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacโฆ
6.9
CVE-2025-4706 - projectworlds Online Examination System Procedure3b_yearwiseVisit.php sql injection
A vulnerability was found in projectworlds Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Procedure3b_yearwiseVisit.php. The manipulation of the argument Visit_year leads to sql injection. The attack can be initiated remotely. Tโฆ