Lucene search
+L

608 matches found

CVE
CVE
added 2025/12/29 2:32 a.m.50 views

CVE-2025-15168

The CVE-2025-15168 entry concerns itsourcecode Student Management System (SMS) 1.0. Affected is the function handling the ID parameter in /statistical.php, where manipulating ID enables an SQL injection. The issue allows remote exploitation and is corroborated by multiple sources noting a publicl...

9.8CVSS6.8AI score0.00329EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/12/25 9:15 p.m.11 views

CVE-2025-15086

A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated...

5.3CVSS0.00258EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/10 1:35 a.m.10 views

CVE-2025-14285

A vulnerability was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file editpersonnel.php. The manipulation of the argument perid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be use...

9.8CVSS7.3AI score0.00339EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/08 3:32 p.m.3 views

CVE-2025-14250 code-projects Online Ordering System user_contact.php sql injection

A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /usercontact.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to...

7.5CVSS6.6AI score0.00339EPSS
Exploits1References5
CVE
CVE
added 2025/12/06 5:49 a.m.36 views

CVE-2025-13898

The Ultra Skype Button WordPress plugin (Ultra Skype Button, Plugin Slug: ultra-skype-button) is affected by CVE-2025-13898: a Stored Cross-Site Scripting vulnerability in the btn_id attribute of the [ultra_skype] shortcode. Affects all versions up to 1.0. Root cause: insufficient input sanitizat...

6.4CVSS4.8AI score0.00201EPSS
Exploits0References5
OSV
OSV
added 2025/12/04 4:16 p.m.3 views

CVE-2025-57213

Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request...

7.5CVSS5.7AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/24 5:32 a.m.6 views

EUVD-2025-198622

A vulnerability was detected in code-projects COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

7.5CVSS6.7AI score0.00346EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.9 views

PT-2025-47869

A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function category exists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field leads to sql injection. The attack may be performed from...

6.5CVSS7AI score0.00261EPSS
Exploits0References8
EUVD
EUVD
added 2025/11/21 9:30 p.m.7 views

EUVD-2025-198503

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim...

6.3CVSS6.2AI score0.00154EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.6 views

CVE-2025-13051

When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in...

9.3CVSS7.5AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 2025/11/19 5:35 p.m.38 views

CVE-2025-65099

CVE-2025-65099 – Claude Code pre‑startup trust bypass via Yarn 3.x plugins is raised for Claude Code prior to 1.0.39. The issue allowed code execution from a project directory by exploiting Yarn 3.0+ plugins before the startup trust dialog was accepted. Affected scenario required running Claude C...

9.8CVSS7.1AI score0.00497EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.8 views

itsourcecode Human Resource Management System SQL注入漏洞

itsourcecode Human Resource Management System is itsourcecode open source human resource management system. A SQL injection vulnerability exists in itsourcecode Human Resource Management System version 1.0, which stems from a misuse of the eventSubject parameter in the file...

9.8CVSS7.8AI score0.00379EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.6 views

itsourcecode Web-Based Internet Laboratory SQL注入漏洞

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /user/controller.php. An attacker can...

9.8CVSS7.9AI score0.00379EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.7 views

Projectworlds Advanced Library Management System SQL注入漏洞

Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A SQL injection vulnerability exists in Projectworlds Advanced Library Management System version 1.0, which stems from incorrect manipulation of the parameter rollnumber in the file...

8.8CVSS7AI score0.00346EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.7 views

1000 Projects Design & Development of Student Database Management System SQL注入漏洞

“1000 Projects Design & Development of Student Database Management System” is an open-source project developed by 1000 Projects. Version 1.0 of this system has a SQL injection vulnerability; this vulnerability arises from incorrect handling of the parameter SubCode in the file...

8.8CVSS6.6AI score0.00299EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/11/16 12:0 a.m.4 views

PT-2025-47072

Name of the Vulnerable Software and Affected Versions itsourcecode Inventory Management System version 1.0 Description A security flaw exists in itsourcecode Inventory Management System 1.0. The issue involves a SQL injection that can be triggered by manipulating the U USERNAME argument within an...

9.8CVSS7.5AI score0.00374EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2025/11/16 12:0 a.m.10 views

PT-2025-47069

Name of the Vulnerable Software and Affected Versions itsourcecode Inventory Management System version 1.0 Description A SQL injection issue exists in itsourcecode Inventory Management System version 1.0. The issue is related to the manipulation of the user email argument within an unknown functi...

9.8CVSS7.5AI score0.00379EPSS
Exploits1References13
CVE
CVE
added 2025/11/13 4:32 p.m.34 views

CVE-2025-13121

CVE-2025-13121 affects cameasy Liketea 1.0.0. The vulnerability is in the API Endpoint’s front-end StoreController.php, specifically the list function, where improper handling/manipulation of the lng/lat arguments enables SQL injection. Multiple connected sources (NVD, Red Hat, CVE records, CNVD/...

7.5CVSS7.2AI score0.00364EPSS
Exploits0References5
CVE
CVE
added 2025/11/11 3:30 a.m.18 views

CVE-2025-11856

CVE-2025-11856 (Eventbee Ticketing Widget, WordPress): The WordPress plugin Eventbee Ticketing Widget is vulnerable to Stored Cross-Site Scripting via the shortcode eventbeeticketwidget in all versions up to and including 1.0. Attack requires authenticated access at contributor level or higher, a...

6.4CVSS4.7AI score0.00214EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/11/11 12:23 a.m.5 views

SUSE CVE-2025-62689

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

7.5CVSS6.8AI score0.00422EPSS
Exploits0References8
Rows per page
Query Builder