987 matches found
CVE-2025-10843
A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploi...
CVE-2025-10802
A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...
CVE-2025-10786
A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=deleteuser. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be us...
CVE-2025-10768
A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connectionurl causes deserialization. The attack may be initiated remotely. The exploit has been...
CVE-2025-10843
A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploi...
CVE-2025-10760
A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookuprepo.go. Executing manipulation of the argument url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been published and may be...
CVE-2025-10811
A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/modcomments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...
CVE-2025-10802
A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...
PT-2025-39064
Name of the Vulnerable Software and Affected Versions code-projects Hostel Management System version 1.0 Description A flaw exists in code-projects Hostel Management System 1.0 that allows for SQL injection. Manipulation of the ID argument in the file '/justines/admin/mod...
PT-2025-39088
Name of the Vulnerable Software and Affected Versions fuyang lipengjun platform version 1.0 Description An improper authorization issue exists in the TopicCategoryController function within the /topiccategory/queryAll file of the fuyang lipengjun platform. This allows for remote attacks. The...
CVE-2025-10768
A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connectionurl causes deserialization. The attack may be initiated remotely. The exploit has been...
CVE-2025-10768 h2oai h2o-3 IBMDB2 JDBC Driver ImportSQLTable deserialization
A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connectionurl causes deserialization. The attack may be initiated remotely. The exploit has been...
PT-2025-38662
Name of the Vulnerable Software and Affected Versions h2oai h2o-3 versions through 3.46.08 Description A flaw exists in h2oai h2o-3, specifically in an unknown function within the /99/ImportSQLTable file of the IBMDB2 JDBC Driver component. Manipulation of the connection url argument can lead to...
PT-2025-38655
Name of the Vulnerable Software and Affected Versions Harness version 3.3.0 Description A flaw exists in Harness that impacts the LookupRepo function within the app/api/controller/gitspace/lookup repo.go file. Manipulation of the url argument can lead to server-side request forgery, potentially...
CVE-2025-10716 Creality Cloud App com.cxsw.sdprinter AndroidManifest.xml improper export of android application components
A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cxsw.sdprinter. Executing manipulation can lead to improper export of android application components. It is possible ...
PT-2025-38539
Name of the Vulnerable Software and Affected Versions Creality Cloud App versions up to 6.1.0 Description A flaw has been found in Creality Cloud App for Android. The vulnerability is due to improper export of android application components within the AndroidManifest.xml file of the...
CVE-2025-10626
A flaw has been found in SourceCodester Online Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /admin/updates3.php. This manipulation of the argument credits causes sql injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2025-10626
A flaw has been found in SourceCodester Online Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /admin/updates3.php. This manipulation of the argument credits causes sql injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2025-10600
A flaw has been found in SourceCodester Online Exam Form Submission 1.0. This impacts an unknown function of the file /register.php. This manipulation of the argument img causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and may be used...
CVE-2025-10448
A flaw has been found in Campcodes Online Job Finder System 1.0. This affects an unknown function of the file /index.php?q=result=bycompany. This manipulation of the argument Search causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...