Lucene search
K

11469 matches found

Cvelist
Cvelist
added 2025/10/08 10:32 p.m.9 views

CVE-2025-11509 code-projects E-Commerce Website product_add.php sql injection

A vulnerability was detected in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/productadd.php. Performing manipulation of the argument prodname results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used...

6.5CVSS0.00359EPSS
Exploits1References5
CVE
CVE
added 2025/10/08 10:32 p.m.14 views

CVE-2025-11509

Code-projects E-Commerce Website 1.0 is affected by a SQL injection in the prod_name parameter of /pages/product_add.php. Connected sources (CNVD-2025-23964, RH-CVE-2025-11509, CNNVD-202510-1110, PT-2025-41317, etc.) describe exploitation remotely and publicly available exploit code, indicating t...

9.8CVSS6.5AI score0.00359EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/10/08 10:32 p.m.13 views

CVE-2025-11508

Voting System 1.0 contains a vulnerability in /admin/voters_add.php where manipulating the photo argument enables unrestricted file uploads. The issue is remotely exploitable and has publicly disclosed exploit information. No patch/version remediation details are provided in the supplied document...

9.8CVSS5AI score0.00401EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/10/08 10:32 p.m.8 views

CVE-2025-11508 code-projects Voting System voters_add.php unrestricted upload

A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/votersadd.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and...

5.8CVSS0.00401EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/10/08 10:32 p.m.2 views

CVE-2025-11508 code-projects Voting System voters_add.php unrestricted upload

A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/votersadd.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and...

5.8CVSS6.5AI score0.00401EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/10/08 10:17 p.m.7 views

CVE-2025-11410

A flaw has been found in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/votersadd.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be executed remotely. The exploit has been published and m...

8.8CVSS7AI score0.00299EPSS
Exploits1References1
NVD
NVD
added 2025/10/08 5:15 p.m.6 views

CVE-2025-11485

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

4.8CVSS0.00266EPSS
Exploits1References5
OSV
OSV
added 2025/10/08 5:15 p.m.6 views

CVE-2025-11485

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

4.8CVSS4.1AI score0.00266EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/08 5:2 p.m.6 views

EUVD-2025-33292

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

4.8CVSS5.4AI score0.00266EPSS
Exploits1References7
CVE
CVE
added 2025/10/08 5:2 p.m.13 views

CVE-2025-11485

CVE-2025-11485 affects SourceCodester Student Grades Management System 1.0, specifically the add_user function in /admin.php within the Manage Users Page. The vulnerability arises from manipulating the first_name/last_name parameters, enabling cross-site scripting (XSS). The issue can be exploite...

4.8CVSS5.6AI score0.00266EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/08 12:30 p.m.8 views

Melis Platform CMS Unauthenticated Admin Account Creation

Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'...

9.3CVSS7AI score0.00298EPSS
Exploits3References5Affected Software1
CVE
CVE
added 2025/10/08 10:46 a.m.17 views

CVE-2025-10352

The CVE-2025-10352 entry details an unauthenticated vulnerability in Melis Platform’s melis-core, allowing an attacker to create an administrator account via /melis/MelisCore/ToolUser/addNewUser. Affected: Melis Platform melis-core module; impact is unauthorized admin creation with potential full...

9.3CVSS6.5AI score0.00298EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2025/10/08 3:17 a.m.8 views

CVE-2025-11347

A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function moveuploadedfile of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated...

7.5CVSS7.2AI score0.00479EPSS
Exploits1References1
NVD
NVD
added 2025/10/08 12:15 a.m.5 views

CVE-2025-11417

A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This vulnerability affects unknown code of the file /admin/votersadd.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has be...

8.8CVSS0.00292EPSS
Exploits1References5
OSV
OSV
added 2025/10/08 12:15 a.m.5 views

CVE-2025-11417

A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This vulnerability affects unknown code of the file /admin/votersadd.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has be...

8.8CVSS5.7AI score0.00292EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-50550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blk-iolatency: Fix memory leak on adddisk failures When a gendisk is successfully initialized but adddisk fails such as when a loop device has invalid number of...

5.5CVSS5.8AI score0.0018EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.1 views

Melis Platform 安全漏洞

Melis Platform is an open source cross-framework digital platform from Melis Platform Open Source. A security vulnerability exists in Melis Platform, which originates in the melis-core module and allows an unauthenticated attacker to create an administrator account by requesting...

9.3CVSS6.6AI score0.00298EPSS
Exploits3References1
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.4 views

Code-Projects E-Commerce Website SQL注入漏洞

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter suppemail in the file /pages/supplieradd.php. An attacker can exploit this vulnerability to...

9.8CVSS8.2AI score0.00359EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/10/08 12:0 a.m.5 views

CVE-2025-60299

Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...

5.1AI score0.00195EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.4 views

PT-2025-41317

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A flaw exists in code-projects E-Commerce Website 1.0. Manipulation of the prod name argument in the file '/pages/product add.php' can lead to SQL injection. This issue may be exploited...

9.8CVSS6.6AI score0.00359EPSS
Exploits1References9
Rows per page
Query Builder