Security Vulnerabilities
A weakness has been identified in code-projects Nero Social Networking Site 1.0. This affects an unknown part of the file /friendprofile.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-10-27
Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-10-27
A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has been made public and could be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-27
A vulnerability was determined in code-projects Nero Social Networking Site 1.0. Affected is an unknown function of the file /acceptoffres.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-10-27
An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary JavaScript in the victim's browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-27
Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-27
Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-27
A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /editproduct.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-10-27
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-27
A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an unknown function of the file admin-profile.php. Executing manipulation of the argument adminname/email can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.
CVSS Score
2.4
EPSS Score
0.0
Published
2025-10-27