40 matches found
EUVD-2025-19563
Malicious code in bioql PyPI...
EUVD-2025-19522
Malicious code in bioql PyPI...
EUVD-2025-19562
Malicious code in bioql PyPI...
EUVD-2025-19523
Malicious code in bioql PyPI...
Daily Expense Manager Cross-Site Scripting Vulnerability
Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter username in the file /login.php, which can be exploited by an...
Daily Expense Manager update.php File SQL Injection Vulnerability
Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the parameters pname, pprice, and id in the file /update.php. No details of the vulnerabilit...
Daily Expense Manager User Enumeration Vulnerability
Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a user enumeration vulnerability that stems from the unvalidated parameter name in the file /check.php, no details of the vulnerability are available at this time...
CVE-2025-40732
user enumeration vulnerability in Daily Expense Manager v1.0. To exploit this vulnerability a POST request must be sent using the name parameter in /check.php...
CVE-2025-40731
SQL injection vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pname, pprice and id parameters in /update.php...
CVE-2025-40734
Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirmpassword parameters in /register.php...
CVE-2025-40733
Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php...
CVE-2025-40733
Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php...
CVE-2025-40732
user enumeration vulnerability in Daily Expense Manager v1.0. To exploit this vulnerability a POST request must be sent using the name parameter in /check.php...
CVE-2025-40732
user enumeration vulnerability in Daily Expense Manager v1.0. To exploit this vulnerability a POST request must be sent using the name parameter in /check.php...
CVE-2025-40734
Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirmpassword parameters in /register.php...
CVE-2025-40733
Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php...
CVE-2025-40734
Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirmpassword parameters in /register.php...
CVE-2025-40731
SQL injection vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pname, pprice and id parameters in /update.php...
CVE-2025-40731
SQL injection vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pname, pprice and id parameters in /update.php...
CVE-2025-40734
Daily Expense Manager (version 1.0) is affected by a Reflected XSS flaw in /register.php, exploitable via POST parameters password and confirm_password. The root cause is insufficient input filtering/escaping of user-supplied data, enabling execution of injected JavaScript. Documented impact is a...