Skip to main content
CVE-2025-12378 MEDIUM POC This Month

A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. Performing manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

PHP Authentication Bypass File Upload Simple Food Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-12339 MEDIUM POC This Month

A security vulnerability has been detected in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file /admin/admin_football.php. The manipulation of the argument pid leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

PHP SQLi Retro Basketball Shoes Online Store
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-12338 MEDIUM POC This Month

A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file /admin/admin_product.ph. Executing a manipulation of the argument pid can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

SQLi Retro Basketball Shoes Online Store
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-12337 MEDIUM POC This Month

A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/admin_feature.php. Performing a manipulation of the argument pid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

PHP SQLi Retro Basketball Shoes Online Store
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-12336 MEDIUM POC This Month

A vulnerability was identified in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_index.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

PHP SQLi Retro Basketball Shoes Online Store
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-12342 MEDIUM This Month

A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-12103 MEDIUM PATCH This Month

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role `trustyai-service-operator-lmeval-user-role` and a CRB `trustyai-service-operator-default-lmeval-user-rolebinding` which is being applied to `system:authenticated` making it so that every single user or service account can get a list of pods running in any namespace on the cluster Additionally users can access all `persistentvolumeclaims` and `lmevaljobs`

Red Hat Information Disclosure
NVD
CVSS 3.1
5.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy