4.8
CVE-2025-13412 - Campcodes Retro Basketball Shoes Online Store admin_running.php cross site scripting
A vulnerability was determined in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_running.php. Executing manipulation of the argument product_name can lead to cross site scripting. The attack may be performed from remoβ¦
5.3
CVE-2025-13147 - External Service Interaction (DNS)
Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4.
0.0
CVE-2025-47914 - CVE-2025-47914 in golang.org/x/crypto/ssh/agent
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
0.0
CVE-2025-58181 - CVE-2025-58181 in golang.org/x/crypto/ssh
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
5.1
CVE-2025-13411 - Campcodes Retro Basketball Shoes Online Store admin_football.php unrestricted upload
A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Performing manipulation of the argument product_image results in unrestricted upload. The attack is possible to be carrieβ¦
6.9
CVE-2025-13410 - Campcodes Retro Basketball Shoes Online Store receipt.php sql injection
A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected is an unknown function of the file /admin/receipt.php. Such manipulation of the argument tid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and maβ¦
6.5
CVE-2025-36371 - IBM i Information Disclosure
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation.Β A user with access to the database plan cache could see information they do not have authority to view.
8.8
CVE-2025-65103 - OpenSTAManager has an authenticated SQL Injection vulnerability in API via 'display' parameter
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.9.5, an authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in anβ¦
8.7
CVE-2025-65094 - WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation (IDOR)
WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups[] parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, buβ¦
6.9
CVE-2025-65100 - Security Snapshot May Use Unintended Timestamp When Only ISAR_APT_SNAPSHOT_DATE Is Set
Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISAR_APT_SNAPSHOT_DATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb.