608 matches found
CVE-2025-15168
The CVE-2025-15168 entry concerns itsourcecode Student Management System (SMS) 1.0. Affected is the function handling the ID parameter in /statistical.php, where manipulating ID enables an SQL injection. The issue allows remote exploitation and is corroborated by multiple sources noting a publicl...
CVE-2025-15086
A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated...
CVE-2025-14285
A vulnerability was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file editpersonnel.php. The manipulation of the argument perid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be use...
CVE-2025-14250 code-projects Online Ordering System user_contact.php sql injection
A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /usercontact.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to...
CVE-2025-13898
The Ultra Skype Button WordPress plugin (Ultra Skype Button, Plugin Slug: ultra-skype-button) is affected by CVE-2025-13898: a Stored Cross-Site Scripting vulnerability in the btn_id attribute of the [ultra_skype] shortcode. Affects all versions up to 1.0. Root cause: insufficient input sanitizat...
CVE-2025-57213
Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request...
EUVD-2025-198622
A vulnerability was detected in code-projects COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...
PT-2025-47869
A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function category exists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field leads to sql injection. The attack may be performed from...
EUVD-2025-198503
IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim...
CVE-2025-13051
When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in...
CVE-2025-65099
CVE-2025-65099 – Claude Code pre‑startup trust bypass via Yarn 3.x plugins is raised for Claude Code prior to 1.0.39. The issue allowed code execution from a project directory by exploiting Yarn 3.0+ plugins before the startup trust dialog was accepted. Affected scenario required running Claude C...
itsourcecode Human Resource Management System SQL注入漏洞
itsourcecode Human Resource Management System is itsourcecode open source human resource management system. A SQL injection vulnerability exists in itsourcecode Human Resource Management System version 1.0, which stems from a misuse of the eventSubject parameter in the file...
itsourcecode Web-Based Internet Laboratory SQL注入漏洞
Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /user/controller.php. An attacker can...
Projectworlds Advanced Library Management System SQL注入漏洞
Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A SQL injection vulnerability exists in Projectworlds Advanced Library Management System version 1.0, which stems from incorrect manipulation of the parameter rollnumber in the file...
1000 Projects Design & Development of Student Database Management System SQL注入漏洞
“1000 Projects Design & Development of Student Database Management System” is an open-source project developed by 1000 Projects. Version 1.0 of this system has a SQL injection vulnerability; this vulnerability arises from incorrect handling of the parameter SubCode in the file...
PT-2025-47072
Name of the Vulnerable Software and Affected Versions itsourcecode Inventory Management System version 1.0 Description A security flaw exists in itsourcecode Inventory Management System 1.0. The issue involves a SQL injection that can be triggered by manipulating the U USERNAME argument within an...
PT-2025-47069
Name of the Vulnerable Software and Affected Versions itsourcecode Inventory Management System version 1.0 Description A SQL injection issue exists in itsourcecode Inventory Management System version 1.0. The issue is related to the manipulation of the user email argument within an unknown functi...
CVE-2025-13121
CVE-2025-13121 affects cameasy Liketea 1.0.0. The vulnerability is in the API Endpoint’s front-end StoreController.php, specifically the list function, where improper handling/manipulation of the lng/lat arguments enables SQL injection. Multiple connected sources (NVD, Red Hat, CVE records, CNVD/...
CVE-2025-11856
CVE-2025-11856 (Eventbee Ticketing Widget, WordPress): The WordPress plugin Eventbee Ticketing Widget is vulnerable to Stored Cross-Site Scripting via the shortcode eventbeeticketwidget in all versions up to and including 1.0. Attack requires authenticated access at contributor level or higher, a...
SUSE CVE-2025-62689
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...