2026-02-28 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2019-25489 | Doditsolutions - Homey BNB (Airbnb Clone Script) | Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. Attackers can send GET requests to the rooms/ajax_refresh_subtotal endpoint with malicious hosting_id values to extract sensitive database information or cause denial of service. | CVSS4.0: 8.8 - HIGH CVSS3.1: 8.2 - HIGH | 0 1 2 | Exploitation: pocAutomatable: yesTechnical Impact: partial | Homey BNB V4 SQL Injection via ajax_refresh_subtotal | github |
| CVE-2025-11251 | Dayneks Software Industry and Trade Inc. - E-Commerce Platform | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection.This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS3.1: 9.8 - CRITICAL | 0 | Exploitation: noneAutomatable: yesTechnical Impact: total | SQLi in Dayneks Software’s E-Commerce Platform | github |
| CVE-2021-0584 | n/a - Android | In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-179289794 | CNA n/a CVSS3.1: 5.5 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
This post is licensed under CC BY 4.0 by the author.