PT-2025-52728

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security flaw exists in itsourcecode Student Management System 1.0. The issue involves SQL injection within the /record.php file, triggered by manipulating the ID argument. This...

CVE-2025-14760

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

PT-2025-52084

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Anubis anubis allows PHP Local File Inclusion.This issue affects Anubis: from n/a through = 1.25...

Class and Exam Timetable Management /index.php File SQL Injection Vulnerability

Class and Exam Timetable Management is a course and exam timetable management system. Class and Exam Timetable Management suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameters username/password in the file...

EUVD-2025-203861

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 GOT2000 all versions and Mitsubishi Electric GT Designer3 Version1 GOT1000 all versions allows a local unauthenticated attacker to obtain plaintext credentials from the project file for GT...

EUVD-2025-203916

Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...

HP多款产品 安全漏洞

HP TC8 and HP TC10 are both a video conferencing system from Hewlett-Packard HP USA. A security vulnerability exists in various HP products that stems from sensitive data being written to log files, which could lead to information disclosure...

CVE-2025-67906

In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path...

PT-2025-51141

A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technical staff pic.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the...

EUVD-2025-203090

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed fro...

CVE-2024-47570

An insertion of sensitive information into log file vulnerability CWE-532 in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions...

Currency Exchange System /edit.php File SQL Injection Vulnerability

Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of file /edit.php. An attacker can exploit this vulnerability to execute...

Currency Exchange System /edittrns.php File SQL Injection Vulnerability

Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /edittrns.php. An attacker can exploit this vulnerabilit...

CVE-2024-47570

An insertion of sensitive information into log file vulnerability CWE-532 in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions...

CVE-2025-14258 itsourcecode Student Management System newsubject.php sql injection

A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newsubject.php. The manipulation of the argument sub leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed t...

CVE-2025-14227

A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to...

CVE-2025-14215

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2025-14215

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2025-14215

The CVE-2025-14215 entry affects Currency Exchange System 1.0, specifically the /edit.php file where manipulating the ID parameter enables SQL injection. The vulnerability is remote and has public exploitation activity, with varied CVSS assessments (high/critical ranges) indicating potential impa...

PT-2025-49552

A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...