9.3
CVE-2025-40618 - SQL injection vulnerability in Bookgy
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA"ย ย parameter in /bkg_imprimir_comprobante.php
9.3
CVE-2025-40617 - SQL injection vulnerability in Bookgy
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkg_seleccionar_hora_ajax.php.
6.1
CVE-2025-1551 - IBM Operational Decision Manager cross-site scripting
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discloโฆ
5.1
CVE-2025-40616 - Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy
Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkg_imprimir_comprobante.php.
5.1
CVE-2025-40615 - Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy
Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/api_ajustes.php.
6.3
CVE-2025-46346 - YesWiki Vulnerable to Stored XSS in Comments
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the applicationโs comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user viโฆ
4.8
CVE-2025-4069 - code-projects Product Management System add_item stack-based overflow
A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. An attack has to be approached locally. The exploiโฆ
4.8
CVE-2025-4068 - code-projects Simple Movie Ticket Booking System changeprize stack-based overflow
A vulnerability classified as critical was found in code-projects Simple Movie Ticket Booking System 1.0. Affected by this vulnerability is the function changeprize. The manipulation of the argument prize leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit hโฆ
6.9
CVE-2025-4067 - ScriptAndTools Online-Travling-System viewpackage.php access control
A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed toโฆ
6.9
CVE-2025-4066 - ScriptAndTools Online-Travling-System addpackage.php access control
A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/addpackage.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosโฆ