Total
4091 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13570 | 1 Angeljudesuarez | 1 Covid Tracking System | 2025-12-02 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=state. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-13571 | 1 Fabian | 1 Simple Cafe Ordering System | 2025-12-02 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was determined in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /listorder.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-13572 | 1 Projectworlds | 1 Advanced Library Management System | 2025-12-02 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /delete_admin.php. The manipulation of the argument admin_id leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-13575 | 1 Fabian | 1 Blog Site | 2025-12-02 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function category_exists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected.
|
|||||
| CVE-2025-13579 | 1 Code-projects | 1 Library System | 2025-12-02 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-13580 | 1 Code-projects | 1 Library System | 2025-12-02 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was determined in code-projects Library System 1.0. Affected is an unknown function of the file /mail.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-13582 | 1 Anisha | 1 Jonnys Liquor | 2025-12-02 | 7.5 HIGH | 7.3 HIGH |
|
A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
|
|||||
| CVE-2025-13583 | 1 Carmelo | 1 Question Paper Generator | 2025-12-02 | 7.5 HIGH | 7.3 HIGH |
|
A weakness has been identified in code-projects Question Paper Generator 1.0. This affects an unknown part of the file /signupscript.php of the component POST Parameter Handler. Executing manipulation of the argument Fname can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
|
|||||
| CVE-2025-13586 | 1 Senior-walter | 1 Online Student Clearance System | 2025-12-02 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirm_password causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
|
|||||
| CVE-2025-13581 | 1 Facebook-julykringcadayona | 1 Student Information System | 2025-12-01 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was identified in itsourcecode Student Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /schedule_edit1.php. Such manipulation of the argument schedule_id leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-66025 | 2025-12-01 | N/A | 4.3 MEDIUM | ||
|
Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or other plugins, clicking these injected links could redirect the Caido application to an attacker-controlled domain, enabling phishing style attacks. This issue has been patched in version 0.53.0.
|
|||||
| CVE-2025-13578 | 1 Code-projects | 1 Library System | 2025-11-26 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-13562 | 1 Dlink | 2 Dir-852, Dir-852 Firmware | 2025-11-26 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.
|
|||||
| CVE-2025-13561 | 1 Torrahclef | 1 Company Website Cms | 2025-11-26 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-13560 | 1 Torrahclef | 1 Company Website Cms | 2025-11-26 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-13557 | 1 Campcodes | 1 Online Polling System | 2025-11-26 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-13410 | 1 Campcodes | 1 Retro Basketball Shoes Online Store | 2025-11-24 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected is an unknown function of the file /admin/receipt.php. Such manipulation of the argument tid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-13485 | 1 Admerc | 1 File Management System | 2025-11-24 | 7.5 HIGH | 7.3 HIGH |
|
A security flaw has been discovered in itsourcecode Online File Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
|
|||||
| CVE-2025-13420 | 1 Angeljudesuarez | 1 Human Resource Management System | 2025-11-24 | 7.5 HIGH | 7.3 HIGH |
|
A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
|
|||||
| CVE-2025-13422 | 1 Darkseid | 1 Sports Club Management System | 2025-11-24 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/change_s_pwd.php. Performing manipulation of the argument login_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
|
|||||
| CVE-2025-64428 | 1 Dataease | 1 Dataease | 2025-11-24 | N/A | 9.8 CRITICAL |
|
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.
|
|||||
| CVE-2025-13178 | 1 Bdtask | 1 Saleserp | 2025-11-24 | 4.0 MEDIUM | 3.5 LOW |
|
A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-13180 | 1 Bdtask | 1 Wholesale | 2025-11-24 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /edit_profile. Performing manipulation of the argument first_name/last_name results in basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-13123 | 1 Amttgroup | 1 Hibos | 2025-11-24 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A flaw has been found in AMTT Hotel Broadband Operation System 1.0. The impacted element is an unknown function of the file /user/portal/get_firstdate.php. Executing manipulation of the argument uid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-12287 | 1 Bdtask | 1 Wholesale | 2025-11-24 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A security vulnerability has been detected in Bdtask Wholesale Inventory Control and Inventory Management System up to 20251013. This impacts an unknown function of the file /Admin_dashboard/edit_profile. Such manipulation of the argument first_name/last_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-2655 | 1 Oretnom23 | 1 Ac Repair And Services System | 2025-11-22 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was detected in SourceCodester AC Repair and Services System 1.0. The affected element is the function save_users/delete_users of the file /classes/Users.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. Other parameters might be affected as well.
|
|||||
| CVE-2025-47286 | 1 Combodo | 1 Itop | 2025-11-21 | N/A | 7.2 HIGH |
|
Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on it.
|
|||||
| CVE-2025-13421 | 1 Angeljudesuarez | 1 Human Resource Management System | 2025-11-21 | 7.5 HIGH | 7.3 HIGH |
|
A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function of the file /src/store/NoticeStore.php. Such manipulation of the argument noticeDesc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-13424 | 1 Campcodes | 1 Supplier Management System | 2025-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_product.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-13449 | 1 Oretnom23 | 1 Online Shop Project | 2025-11-21 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
|
|||||
| CVE-2025-13451 | 1 Oretnom23 | 1 Online Shop Project | 2025-11-21 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-13251 | 1 Datax-web Project | 1 Datax-web | 2025-11-20 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A flaw has been found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknown function. Executing manipulation can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
|
|||||
| CVE-2025-13267 | 1 Jkev | 1 Dental Clinic Appointment Reservation System | 2025-11-20 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was detected in SourceCodester Dental Clinic Appointment Reservation System 1.0. Impacted is an unknown function of the file /success.php. Performing manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
|
|||||
| CVE-2025-13297 | 1 Itsourcecode | 1 Web-based Internet Laboratory Management System | 2025-11-20 | 7.5 HIGH | 7.3 HIGH |
|
A security vulnerability has been detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. The impacted element is an unknown function of the file /course/controller.php. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-12859 | 1 Dedebiz | 1 Dedebiz | 2025-11-20 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability has been found in DedeBIZ up to 6.3.2. This impacts an unknown function of the file /admin/templets_one_edit.php. The manipulation of the argument ids leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-12860 | 1 Dedebiz | 1 Dedebiz | 2025-11-20 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelist_main.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-12861 | 1 Dedebiz | 1 Dedebiz | 2025-11-20 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/spec_add.php. This manipulation of the argument flags[] causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-12927 | 1 Dedebiz | 1 Dedebiz | 2025-11-20 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archives_add.php. Such manipulation of the argument flags[] leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-13396 | 1 Carmelogarcia | 1 Courier Management System | 2025-11-20 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
|
|||||
| CVE-2025-11335 | 1 Dlink | 2 Di-7100g C1, Di-7100g C1 Firmware | 2025-11-19 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub_46409C of the file /msp_info.htm?flag=qos of the component jhttpd. This manipulation of the argument iface causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
|
|||||