CVE-2025-63828

by | Nov 18, 2025

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.

CVE-2025-63695

by | Nov 18, 2025

DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php.

CVE-2025-63694

by | Nov 18, 2025

DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage.

CVE-2025-63514

by | Nov 18, 2025

kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter.

CVE-2025-56643

by | Nov 18, 2025

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow...