Common Vulnerabilities and Exposures (CVEs)

CVE ID : CVE-2025-4500

Published : May 10, 2025, 1:15 p.m. | 2 hours, 24 minutes ago

Description : A vulnerability, which was classified as critical, has been found in code-projects Hotel Management System 1.0. Affected by this issue is the function Edit of the component Edit Room. The manipulation of the argument roomnumber leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4501

Published : May 10, 2025, 1:15 p.m. | 2 hours, 24 minutes ago

Description : A vulnerability, which was classified as critical, was found in code-projects Album Management System 1.0. This affects the function searchalbum of the component Search Albums. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1752

Published : May 10, 2025, 2:15 p.m. | 1 hour, 24 minutes ago

Description : A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python’s recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4502

Published : May 10, 2025, 2:15 p.m. | 1 hour, 24 minutes ago

Description : A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/creditor_add.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4503

Published : May 10, 2025, 2:15 p.m. | 1 hour, 24 minutes ago

Description : A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/customer_update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-53145

Published : May 10, 2025, 3:15 p.m. | 24 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition

In btsdio_probe, the data->work is bound with btsdio_work. It will be
started in btsdio_send_frame.

If the btsdio_remove runs with a unfinished work, there may be a race
condition that hdev is freed but used in btsdio_work. Fix it by
canceling the work before do cleanup in btsdio_remove.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4504

Published : May 10, 2025, 3:15 p.m. | 24 minutes ago

Description : A vulnerability was found in SourceCodester Online College Library System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4497

Published : May 10, 2025, 7:15 a.m. | 3 hours, 36 minutes ago

Description : A vulnerability was found in code-projects Simple Banking System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the component Sign In. The manipulation of the argument password2 leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2158

Published : May 10, 2025, 10:15 a.m. | 37 minutes ago

Description : The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post custom fields. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP file types can be uploaded and included, or pearcmd is enabled on a server with register_argc_argv also enabled.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4498

Published : May 10, 2025, 10:15 a.m. | 37 minutes ago

Description : A vulnerability classified as critical has been found in code-projects Simple Bus Reservation System 1.0. Affected is the function a::install of the component Install Bus. The manipulation of the argument bus leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4496

Published : May 10, 2025, 5:15 a.m. | 2 hours ago

Description : A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2944

Published : May 10, 2025, 6:15 a.m. | 1 hour ago

Description : The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Video Button and Countdown Widgets in all versions up to, and including, 2.6.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4495

Published : May 10, 2025, 1:15 a.m. | 2 hours, 23 minutes ago

Description : A vulnerability has been found in JAdmin-JAVA JAdmin 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /memoAjax/save. The manipulation of the argument ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1137

Published : May 10, 2025, 3:15 a.m. | 23 minutes ago

Description : IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47763

Published : May 10, 2025, 3:15 a.m. | 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47762

Published : May 10, 2025, 3:15 a.m. | 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47765

Published : May 10, 2025, 3:15 a.m. | 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47764

Published : May 10, 2025, 3:15 a.m. | 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47766

Published : May 10, 2025, 3:15 a.m. | 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47768

Published : May 10, 2025, 3:15 a.m. | 23 minutes ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…