CVE-2025-11061 Campcodes Online Learning Management System edit_student.php sql injection

A vulnerability was found in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/editstudent.php. Performing manipulation of the argument cys results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public...

PT-2025-39739

Name of the Vulnerable Software and Affected Versions Campcodes Online Learning Management System version 1.0 Description A SQL injection issue exists in Campcodes Online Learning Management System version 1.0. The issue is located in the file /admin/de activate.php and affects an unknown functio...

CVE-2025-11034

A vulnerability was found in Dibo Data Decision Making System up to 2.7.0. The affected element is the function downloadImpTemplet of the file /common/dep/commondep.action.jsp. The manipulation of the argument filePath results in path traversal. It is possible to launch the attack remotely. The...

CVE-2025-10307 Backuply – Backup, Restore, Migrate and Clone <= 1.4.8 - Authenticated (Admin+) Arbitrary File Deletion

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete backup functionality in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with...

PT-2025-39689

Name of the Vulnerable Software and Affected Versions WAYOS versions 22.03.17 LQ 04, LQ 05, LQ 06, LQ 07, and LQ 09 Description A flaw exists in WAYOS that allows for command injection. This occurs due to the manipulation of the Name argument within an unknown function of the /usb paswd.asp file...

PT-2025-39671

Name of the Vulnerable Software and Affected Versions kidaze CourseSelectionSystem versions prior to 42cd892b40a18d50bd4ed1905fa89f939173a464 Description A flaw exists in kidaze CourseSelectionSystem that allows for SQL injection. The issue is due to the manipulation of the cbe argument within an...

Fortinet FortiWeb _cmf_get_config_file_path Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the cmfgetconfigfilepath method. The issue results from the...

CVE-2025-10965 LazyAGI LazyLLM server.py lazyllm_call deserialization

A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue is the function lazyllmcall of the file lazyllm/components/deploy/relay/server.py. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed...

CVE-2025-10837

A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /ordersimple/order.php. The manipulation of the argument ID leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-10842

A vulnerability was detected in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/wew.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used...

Simple Food Ordering System order.php File Cross-Site Scripting Vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter ID in the file /ordersimple/order.php, which can be...

Do Not Configure Deprecated Options for the SSH Service

Currently, the SSH service communication protocols are classified into the first generation and the second generation. The configuration options of the SSH service of different versions are incompatible. In addition, the configuration options of some earlier versions are deprecated in the new...

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...

CVE-2025-56816

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load or loadAs method without input...

CVE-2025-10837 code-projects Simple Food Ordering System order.php cross site scripting

A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /ordersimple/order.php. The manipulation of the argument ID leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-10826

A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate results in sql injection. The attack can be launche...

PT-2025-39114

Name of the Vulnerable Software and Affected Versions code-projects Simple Food Ordering System version 1.0 Description A security issue exists in code-projects Simple Food Ordering System 1.0. The vulnerability is related to cross site scripting, triggered by manipulating the ID argument in the...

CVE-2025-10798

A vulnerability was identified in code-projects Hostel Management System 1.0. Impacted is an unknown function of the file /justines/admin/modroomtype/index.php?view=view. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly...

CVE-2025-10797

A vulnerability was determined in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /justines/index.php. This manipulation of the argument logemail causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed...

CVE-2025-10794

A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected by this issue is some unknown functionality of the file /carrental/search.php. Executing manipulation of the argument autofocus can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...