nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin.

CVE-2025-50240 is a SQL injection vulnerability identified in nbcio-boot version 1.0.3. The vulnerability exists in the /sys/user/deleteRecycleBin endpoint, specifically via the userIds parameter. SQL injection vulnerabilities occur when untrusted input is improperly sanitized and directly incorporated into SQL queries, allowing an attacker to manipulate the database query. In this case, an attacker could craft malicious input for the userIds parameter to execute arbitrary SQL commands against the backend database. This could lead to unauthorized data access, data modification, or deletion, and potentially allow privilege escalation or further compromise of the application and underlying systems. The vulnerability does not have a CVSS score assigned yet, and no known exploits in the wild have been reported as of the published date. The lack of patch links suggests that a fix may not yet be publicly available. The vulnerability affects nbcio-boot v1.0.3, but no other version information is provided. The endpoint involved, /sys/user/deleteRecycleBin, implies that the function is related to user account management, specifically the deletion of recycled or soft-deleted user records, which could be a sensitive operation with elevated privileges. Exploitation would likely not require authentication if the endpoint is exposed without proper access controls, but this is not explicitly stated. Given the nature of SQL injection, the attack could be automated and remotely executed, increasing the risk of exploitation if the system is internet-facing or accessible by untrusted users.

CVE Database V5

Detailed information about CVE-2025-50240: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-50240: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-50240: n/a

NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predictor state that influences transient execution. A successful exploit of this vulnerability may lead to information disclosure.

CVE-2025-23269 is a medium-severity vulnerability affecting NVIDIA Jetson Orin and Xavier devices running Jetson Linux. The vulnerability arises from a shared microarchitectural predictor state within the kernel that influences transient execution, leading to exposure of sensitive information. Specifically, this is a side-channel type vulnerability related to speculative execution, where an attacker with limited privileges (low privileges) but local access can exploit the shared predictor state to infer confidential data from other processes or kernel memory. The vulnerability does not require user interaction but does require local access and has a high attack complexity, limiting remote exploitation. The affected versions include all Jetson Orin devices prior to JP5.x: 35.6.2 and JP6.x: 36.4.4, and all Jetson Xavier devices prior to JP5.x: 35.6.2. The CVSS v3.1 base score is 4.7, reflecting a medium severity primarily due to the high complexity and limited attack vector (local). The vulnerability is categorized under CWE-1423, which relates to exposure of sensitive information caused by shared microarchitectural predictor state influencing transient execution, a class of side-channel attacks similar in nature to Spectre/Meltdown variants but specific to NVIDIA's Jetson platform. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that mitigation may require vendor updates or kernel patches once available. This vulnerability could allow attackers to leak sensitive data such as cryptographic keys or proprietary information processed on these embedded AI and edge computing devices.

Detailed information about CVE-2025-23269: CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Trans

CVE-2025-23269: CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution in NVIDIA Jetson Orin and Xavier Devices - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-23269: CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution in NVIDIA Jetson Orin and Xavier Devices

A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /xray_form.php. The manipulation of the argument itr_no leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7754 is a SQL Injection vulnerability identified in version 1.0 of the code-projects Patient Record Management System, specifically within the /xray_form.php file. The vulnerability arises from improper sanitization or validation of the 'itr_no' parameter, which is susceptible to malicious input manipulation. An attacker can remotely exploit this flaw by injecting crafted SQL commands through the 'itr_no' argument, potentially allowing unauthorized access to the underlying database. This could lead to unauthorized data retrieval, modification, or deletion of patient records stored within the system. The vulnerability does not require user interaction and can be exploited over the network without authentication, increasing the risk of automated or widespread attacks. Although the CVSS 4.0 base score is 5.3 (medium severity), the impact on confidentiality, integrity, and availability is notable due to the sensitive nature of patient data managed by the system. No official patches or fixes have been published yet, and while no known exploits are currently observed in the wild, the public disclosure of the exploit details raises the risk of imminent exploitation attempts. The vulnerability affects only version 1.0 of the product, which suggests that organizations using this specific version are at risk. Given the criticality of healthcare data, the presence of this vulnerability in a patient record management system is a significant concern.

Detailed information about CVE-2025-7754: SQL Injection in code-projects Patient Record Management System affecting code-projects Patient Record Management Syst

CVE-2025-7754: SQL Injection in code-projects Patient Record Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7754: SQL Injection in code-projects Patient Record Management System

NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

CVE-2025-23270 is a high-severity vulnerability affecting NVIDIA Jetson Orin, IGX Orin, and Xavier devices running Jetson Linux. The flaw exists in the UEFI Management mode, where an unprivileged local attacker can exploit a side channel vulnerability due to missing error condition reporting (CWE-392). This vulnerability allows an attacker without privileges or user interaction to potentially gain access to sensitive information through side channel analysis. Successful exploitation could lead to severe consequences including code execution, data tampering, denial of service, and information disclosure. The vulnerability affects multiple versions of Jetson Orin Series (prior to JP5.x: 35.6.2 and JP6.x: 36.4.4), Xavier Series (prior to JP5.x: 35.6.2), and IGX Orin (prior to IGX 1.1.2). The CVSS v3.1 score is 7.1, indicating high severity, with an attack vector of physical/local (AV:P), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), and scope changed (S:C), impacting confidentiality, integrity, and availability (C:H/I:H/A:H). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability stems from improper error handling in UEFI management, which can be leveraged for side channel attacks, a sophisticated technique that can leak sensitive data or allow further compromise of the system.

Detailed information about CVE-2025-23270: CWE-392: Missing Report of Error Condition in NVIDIA Jetson Orin, IGX Orin and Xavier Devices affecting NVIDIA Jetson

CVE-2025-23270: CWE-392: Missing Report of Error Condition in NVIDIA Jetson Orin, IGX Orin and Xavier Devices - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-23270: CWE-392: Missing Report of Error Condition in NVIDIA Jetson Orin, IGX Orin and Xavier Devices

A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit_product.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7755: Unrestricted Upload in code-projects Online Ordering System affecting code-projects Online Ordering System. Get real-t

CVE-2025-7755: Unrestricted Upload in code-projects Online Ordering System

CVE-2025-7755: Unrestricted Upload in code-projects Online Ordering System

Description

Technical Details

Related Threats

CVE-2025-50240: n/a

CVE-2025-23269: CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution in NVIDIA Jetson Orin and Xavier Devices

CVE-2025-7754: SQL Injection in code-projects Patient Record Management System

CVE-2025-23270: CWE-392: Missing Report of Error Condition in NVIDIA Jetson Orin, IGX Orin and Xavier Devices

CVE-2025-7753: SQL Injection in code-projects Online Appointment Booking System

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility