28694 matches found
CVE-2025-11124 code-projects Project Monitoring System postjob.php cross site scripting
A vulnerability has been found in code-projects Project Monitoring System 1.0. Affected is an unknown function of the file /onlineJobSearchEngine/postjob.php. Such manipulation of the argument txtapplyto leads to cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2025-11124 code-projects Project Monitoring System postjob.php cross site scripting
A vulnerability has been found in code-projects Project Monitoring System 1.0. Affected is an unknown function of the file /onlineJobSearchEngine/postjob.php. Such manipulation of the argument txtapplyto leads to cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2025-11074
A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...
PT-2025-39795
Name of the Vulnerable Software and Affected Versions code-projects Project Monitoring System version 1.0 Description A cross site scripting issue exists due to manipulation of the txtapplyto argument. The issue is located in the file /onlineJobSearchEngine/postjob.php within an unknown function...
CVE-2025-11080 zhuimengshaonian wisdom-education ExamInfoController.java selectStudentExamInfoList improper authorization
A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads ...
CVE-2025-11074
A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2025-11074
A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2025-11074 code-projects Project Monitoring System login.php sql injection
A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2025-11074 code-projects Project Monitoring System login.php sql injection
A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2025-11074
Affected software: code-projects Project Monitoring System 1.0. Vulnerability: SQL injection in the login.php file caused by unsafe handling of username/password inputs, enabling remote exploitation. Root cause/condition: Manipulation of the parameters in /login.php leads to SQL injection; exploi...
CVE-2025-5069
An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain unauthorized access to confidential issues by creating a project with an identical name to the victim's...
CVE-2025-10871
An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves...
CVE-2025-10490
The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.3.202 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Exploit for Missing Authorization in Ptoffice Pt_Project_Notebooks
CVE-2025-5304 PT Project Notebooks 1.0.0 - 1.1.3 - Missing Aut...
CVE-2025-59945
SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...
CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users
SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...
CVE-2025-59945
Vulnerability summary (CVE-2025-59945): SysReptor (Syslifters) versions 2024.74 through 2025.82 allow authenticated, non-admin users to grant themselves the is_project_admin privilege, enabling reading, modifying, and deleting pentest projects they are not members of. This is mitigated in version...
CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users
SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...
CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users
SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...
Code-Projects Project Monitoring System SQL注入漏洞
Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameters username/password in the file /login.php. An attacker can exploit this...