A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can...
An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php. More information : https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing
FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as “read-only.” An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes....
Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function More information : https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63522.md
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate). More information : https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63520.md
Improper Enforcement of Behavioral Workflow vulnerability in Seneka Software Hardware Information Technology Trade Contracting and Industry Ltd. Co. Onaylarım allows Functionality Misuse.This issue affects Onaylarım: from 25.09.26.01 through 18112025. More information : https://www.usom.gov.tr/bildirim/tr-25-0422
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service. More information : https://support.zabbix.com/browse/ZBX-27284
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory. More information : https://support.zabbix.com/browse/ZBX-27283
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss. More information : https://support.zabbix.com/browse/ZBX-27282
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses More information : https://community.openvpn.net/Security%20Announcements/CVE-2025-12106
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common...
Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery.This issue affects T-Soft E-Commerce: through 28112025. More information : https://www.usom.gov.tr/bildirim/tr-25-0421
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to gain...
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to...