CVE-2025-10794

A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected by this issue is some unknown functionality of the file /carrental/search.php. Executing manipulation of the argument autofocus can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

PT-2025-39261

Name of the Vulnerable Software and Affected Versions NVIDIA Megatron-LM affected versions not specified Description The software contains a flaw in the tasks/orqa/unsupervised/nq.py component that could allow an attacker to inject code. Exploitation of this issue may result in code execution,...

CVE-2025-10840

CVE-2025-10840 affects SourceCodester Pet Grooming Management Software 1.0. The vulnerability is a SQL injection in the file /admin/print-payment.php via manipulation of the sql111 argument, enabling remote exploitation. Public exploits exist. Multiple sources report impact across confidentiality...

CVE-2025-10809

A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. The affected element is an unknown function of the file /admin/department.php. Such manipulation of the argument d leads to sql injection. The attack can be executed remotely. The exploit has been...

Code-Projects Hostel Management System 安全漏洞

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter email in the file /justines/admin/login.php. An attacker can use this...

Campcodes Grocery Sales and Inventory System SQL注入漏洞

CampCodes Grocery Sales and Inventory System is a grocery sales and inventory system from CampCodes Philippines. A SQL injection vulnerability exists in Campcodes Grocery Sales and Inventory System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /manageuser.ph...

PT-2025-38713

Name of the Vulnerable Software and Affected Versions Hostel Management System version 1.0 Description A flaw exists in the processing of the /justines/index.php file within Hostel Management System. Specifically, manipulating the log email argument can lead to SQL injection. This issue can be...

CVE-2025-10596

A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument usn results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

Web-Based Internet Laboratory Management System login.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from the lack of validation of externally entered SQL statements in the parameter useremail in the file login.php...

CVE-2025-10631 itsourcecode Online Petshop Management System Available Products addcnp.php cross site scripting

A vulnerability was identified in itsourcecode Online Petshop Management System 1.0. Impacted is an unknown function of the file addcnp.php of the component Available Products Page. The manipulation of the argument name/description leads to cross site scripting. It is possible to initiate the...

CVE-2025-10624 PHPGurukul User Management System login.php sql injection

A security flaw has been discovered in PHPGurukul User Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument emailid results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and ma...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to improper validation of user-supplied paths in router.go. An attacker can access sensitive files on the server by crafting requests with directory traversal sequences in the URL path. Remediation A fix was...

CVE-2025-54262 Substance3D - Stager | Out-of-bounds Read (CWE-125)

Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

CVE-2025-10480

A weakness has been identified in SourceCodester Online Student File Management System 1.0. This affects an unknown function of the file /savefile.php. Executing manipulation can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public an...

CVE-2025-10479

A security flaw has been discovered in SourceCodester Online Student File Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument studno results in sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-10410 SourceCodester Link Status Checker index.php server-side request forgery

A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed...

CVE-2025-45586

An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite files via supplying a crafted PUT request...

PT-2025-37430

Name of the Vulnerable Software and Affected Versions: SourceCodester Link Status Checker version 1.0 Description: A security issue exists in SourceCodester Link Status Checker 1.0, affecting unknown code within the index.php file. Manipulation of the proxy argument can lead to server-side reques...

CVE-2025-10332

CVE-2025-10332 affects the Unmark to-do list app (cdevroe unmark) up to version 1.9.3. The vulnerability is a cross-site scripting flaw in the Title parameter used in application/views/marks/info.php. Exploitation can be performed remotely; multiple sources state the exploit is publicly available...

CVE-2025-10331 cdevroe unmark Marks.php cross site scripting

A vulnerability has been found in cdevroe unmark up to 1.9.3. This issue affects some unknown processing of the file /application/controllers/Marks.php. Such manipulation of the argument Title leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to th...