A vulnerability was determined in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_running.php. Executing manipulation of the argument product_name can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

CVE Database V5

Detailed information about CVE-2025-13412: Cross Site Scripting in Campcodes Retro Basketball Shoes Online Store affecting Campcodes Retro Basketball Shoes Onli

CVE-2025-13412: Cross Site Scripting in Campcodes Retro Basketball Shoes Online Store - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-13412: Cross Site Scripting in Campcodes Retro Basketball Shoes Online Store

CVE-2025-13147 is a Server-Side Request Forgery (SSRF) vulnerability affecting Progress MOVEit Transfer versions before 2024. 1. 8 and from 2025. 0. 0 up to before 2025. 0. 4. This vulnerability allows unauthenticated remote attackers to induce the server to make arbitrary HTTP requests, potentially exposing internal resources or sensitive data. The CVSS score is 5. 3 (medium severity), reflecting that exploitation does not require authentication or user interaction but has limited impact on confidentiality and no impact on integrity or availability.

CVE-2025-13147 is a Server-Side Request Forgery (SSRF) vulnerability classified under CWE-918, found in Progress MOVEit Transfer, a widely used managed file transfer solution. The vulnerability affects versions prior to 2024.1.8 and versions from 2025.0.0 up to before 2025.0.4. SSRF vulnerabilities allow attackers to manipulate the server into sending crafted HTTP requests to internal or external systems, potentially bypassing firewall restrictions and accessing sensitive internal resources that are not directly exposed to the internet. This particular SSRF flaw does not require any authentication or user interaction, making it remotely exploitable over the network. The CVSS v3.1 base score of 5.3 indicates a medium severity, with the vector showing network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impact limited to confidentiality (C:L) without affecting integrity or availability. Although no known exploits are currently reported in the wild, the vulnerability poses a risk of internal network reconnaissance, unauthorized data access, or leveraging the server as a proxy for further attacks. MOVEit Transfer is commonly deployed in enterprise environments for secure file transfers, making this vulnerability relevant for organizations that rely on it to protect sensitive data flows. The lack of available patches at the time of reporting means organizations must monitor vendor updates closely. The vulnerability’s presence in multiple versions, including recent releases, underscores the importance of timely patch management. Network-level controls such as egress filtering and strict access controls can help mitigate exploitation risk until patches are applied.

Detailed information about CVE-2025-13147: CWE-918 Server-Side Request Forgery (SSRF) in Progress MOVEit Transfer affecting Progress MOVEit Transfer. Get real-t

CVE-2025-13147: CWE-918 Server-Side Request Forgery (SSRF) in Progress MOVEit Transfer - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-13147: CWE-918 Server-Side Request Forgery (SSRF) in Progress MOVEit Transfer

CVE-2025-63371 is a directory traversal vulnerability found in OneCommander version 3. 102. 0. 0, specifically in its ZIP file processing component. This flaw allows an attacker to craft malicious ZIP archives that, when extracted, can write files outside the intended extraction directory. Exploiting this vulnerability could lead to overwriting critical system or application files, potentially enabling arbitrary code execution or system compromise. No public exploits are currently known, and no CVSS score has been assigned yet. European organizations using OneCommander for file management are at risk, especially if they process untrusted ZIP files. Mitigation requires applying vendor patches once available or employing strict ZIP file validation and extraction controls. Countries with higher adoption of OneCommander or with strategic targets relying on this software are more likely to be affected.

CVE-2025-63371 is a directory traversal vulnerability identified in the ZIP file extraction functionality of OneCommander version 3.102.0.0, a Windows-based file management tool developed by Milos Paripovic. The vulnerability arises because the software does not properly sanitize or validate file paths within ZIP archives before extraction. An attacker can craft a malicious ZIP archive containing file paths with directory traversal sequences (e.g., '../') that cause files to be extracted outside the intended directory, potentially overwriting critical system or application files. This can lead to unauthorized file modification, privilege escalation, or arbitrary code execution if the overwritten files are executable or configuration files. The vulnerability does not require authentication or user interaction beyond opening or extracting the ZIP file with the vulnerable OneCommander version. Although no public exploits have been reported yet, the flaw is significant due to the common use of ZIP archives and the potential for automated exploitation. No CVSS score has been assigned, and no patches have been published at the time of disclosure. The vulnerability was reserved on October 27, 2025, and published on November 19, 2025.

Detailed information about CVE-2025-63371: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-63371: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-63371: n/a

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

CVE-2025-58181 is a vulnerability classified under CWE-1284 affecting the golang.org/x/crypto/ssh package, specifically in the handling of GSSAPI authentication requests by SSH servers. The vulnerability arises because the SSH server does not validate the number of GSSAPI mechanisms specified in an authentication request. An attacker can exploit this by sending a request with an unbounded or excessively large number of mechanisms, which leads to unbounded memory consumption on the server side. This can cause the server to exhaust system memory resources, resulting in denial of service (DoS) conditions. The vulnerability does not require prior authentication or user interaction, making it easier to exploit remotely. The golang.org/x/crypto/ssh package is widely used in Go-based SSH implementations, including cloud-native applications, container orchestration platforms, and various enterprise tools. Although no exploits are currently known in the wild, the flaw presents a significant risk due to the potential for resource exhaustion attacks. The absence of a CVSS score indicates this is a newly published vulnerability, with the patch not yet available. The vulnerability was reserved in August 2025 and published in November 2025. The root cause is insufficient input validation on the number of GSSAPI mechanisms, a classic example of resource management failure leading to potential DoS.

Detailed information about CVE-2025-58181: CWE-1284 in golang.org/x/crypto golang.org/x/crypto/ssh affecting golang.org/x/crypto golang.org/x/crypto/ssh. Get re

CVE-2025-58181: CWE-1284 in golang.org/x/crypto golang.org/x/crypto/ssh - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-58181: CWE-1284 in golang.org/x/crypto golang.org/x/crypto/ssh

Campcodes Online Hospital Management System 1.0 is vulnerable to SQL Injection in /admin/index.php via the parameter username.

Detailed information about CVE-2025-63719: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-63719: n/a

CVE-2025-63719: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-13412: Cross Site Scripting in Campcodes Retro Basketball Shoes Online Store

CVE-2025-13147: CWE-918 Server-Side Request Forgery (SSRF) in Progress MOVEit Transfer

CVE-2025-63371: n/a

CVE-2025-58181: CWE-1284 in golang.org/x/crypto golang.org/x/crypto/ssh

CVE-2025-47914: CWE-237 in golang.org/x/crypto golang.org/x/crypto/ssh/agent

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility