PHPGurukul Notice Board System 注入漏洞

Notice Board System is a bulletin board system. A SQL injection vulnerability exists in the Notice Board System, which originates from the lack of validation of externally entered SQL statements in the /category.php file with the parameter catname. An attacker can exploit this vulnerability to...

CVE-2025-3973

A vulnerability, which was classified as critical, was found in PHPGurukul COVID19 Testing Management System 1.0. This affects an unknown part of the file /checkavailability.php. The manipulation of the argument mobnumber leads to sql injection. It is possible to initiate the attack remotely. The...

WordPress Wp Custom CMS Block plugin <= 2.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin Wp Custom CMS Block versions = 2.1...

WordPress Appsero Helper plugin <= 1.3.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Appsero Helper versions = 1.3.4...

CVE-2025-3804

A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...

CVE-2025-3805

A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Affected by this vulnerability is an unknown functionality of the file checkid.py of the component Jinja2 Template Handler. The manipulation of the argument ID leads to...

CVE-2025-3805

CVE-2025-3805 affects sarrionandia tournatrack (Jinja2 Template Handler) with a vulnerability in the check_id.py file. The issue is caused by manipulation of the ID argument, leading to local-injection. Exploitation has been disclosed publicly, and usable exploit details exist in several sources....

CVE-2025-3579

In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system Unix commands, interacting with internal services such as PHP or MySQL, and even invoking native...

CVE-2025-32823

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

CVE-2025-32826

TeleControl Server Basic (all versions

CVE-2025-3694

A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the component Login Handler. The manipulation of the argument loginemail leads to sql injection. It is possible to initiate the attack remotely...

WordPress Uix Shortcodes plugin <= 2.0.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Uix Shortcodes versions = 2.0.4...

WordPress Total processing card payments for WooCommerce plugin <= 7.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Nomupay Payment Processing Gateway versions = 7.1.6...

WordPress Advance WP Query Search Filter plugin <= 1.0.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Advance WP Query Search Filter versions = 1.0.10...

WordPress WP AutoKeyword Plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata in WordPress Plugin WP AutoKeyword versions = 1.0...

e-Diary Management System login.php File SQL Injection Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the logindetail parameter of the login.php file. An attacker can...

EsafeNet CDG 安全漏洞

EsafeNet CDG is a document security management system from EsafeNet, China. A security vulnerability exists in EsafeNet CDG version 5.6.3.154.20520250114, which stems from an incorrect operation of the parameter noticeId that can lead to SQL injection...

CVE-2025-3039

A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /addemployee.php. The manipulation of the argument lname/fname leads to sql injection. It is possible to launch the attack remotely. The exploi...

WordPress DobsonDev Shortcodes plugin <= 2.1.12 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin DobsonDev Shortcodes versions = 2.1.12...

WordPress Simple Post Expiration plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Simple Post Expiration versions = 1.0.1...