A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing manipulation of the argument ename can lead to sql injection....
In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. More information : https://www.unisoc.com/en/support/announcement/1976557615080263681
Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1. More information : https://www.drupal.org/sa-contrib-2025-099
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1. More information : https://www.drupal.org/sa-contrib-2025-100
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0. More information : https://www.drupal.org/sa-contrib-2025-101
Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules: *.*. More information : https://www.drupal.org/sa-contrib-2025-102
Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*. More information : https://www.drupal.org/sa-contrib-2025-103
Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2: *.*. More information : https://www.drupal.org/sa-contrib-2025-104
The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks. More information : https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124562
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises...
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2....
cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8. More information : https://www.drupal.org/sa-contrib-2025-098
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service More information : https://gitlab.com/wireshark/wireshark/-/issues/20724