Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28712 matches found

RedhatCVE
RedhatCVEadded 2025/09/28 6:48 p.m.6 views

CVE-2025-11074

A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

7.5CVSS6.8AI score0.00441EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/09/28 12:0 a.m.10 views

PT-2025-39795

Name of the Vulnerable Software and Affected Versions code-projects Project Monitoring System version 1.0 Description A cross site scripting issue exists due to manipulation of the txtapplyto argument. The issue is located in the file /onlineJobSearchEngine/postjob.php within an unknown function...

5.1CVSS3.9AI score0.00264EPSS
Exploits1References11
Cvelist
Cvelistadded 2025/09/27 9:32 p.m.10 views

CVE-2025-11080 zhuimengshaonian wisdom-education ExamInfoController.java selectStudentExamInfoList improper authorization

A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads ...

5.3CVSS0.00241EPSS
Exploits0References5
NVD
NVDadded 2025/09/27 7:15 p.m.7 views

CVE-2025-11074

A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

9.8CVSS0.00441EPSS
Exploits1References5
OSV
OSVadded 2025/09/27 7:15 p.m.2 views

CVE-2025-11074

A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

9.8CVSS5.7AI score0.00441EPSS
Exploits1References5
Cvelist
Cvelistadded 2025/09/27 6:32 p.m.7 views

CVE-2025-11074 code-projects Project Monitoring System login.php sql injection

A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

7.5CVSS0.00441EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/09/27 6:32 p.m.2 views

CVE-2025-11074 code-projects Project Monitoring System login.php sql injection

A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

7.5CVSS6.6AI score0.00441EPSS
Exploits1References5
CVE
CVEadded 2025/09/27 6:32 p.m.19 views

CVE-2025-11074

Affected software: code-projects Project Monitoring System 1.0. Vulnerability: SQL injection in the login.php file caused by unsafe handling of username/password inputs, enabling remote exploitation. Root cause/condition: Manipulation of the parameters in /login.php leads to SQL injection; exploi...

9.8CVSS6.6AI score0.00441EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVEadded 2025/09/27 9:42 a.m.9 views

CVE-2025-5069

An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain unauthorized access to confidential issues by creating a project with an identical name to the victim's...

6.5CVSS6.9AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/09/27 9:42 a.m.7 views

CVE-2025-10871

An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves...

7.2CVSS6.8AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/09/27 7:45 a.m.2 views

CVE-2025-10490

The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.3.202 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5AI score0.00182EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2025/09/27 2:19 a.m.261 views

Exploit for Missing Authorization in Ptoffice Pt_Project_Notebooks

CVE-2025-5304 PT Project Notebooks 1.0.0 - 1.1.3 - Missing Aut...

9.8CVSS6.5AI score0.00583EPSS
Exploits2
NVD
NVDadded 2025/09/27 1:15 a.m.3 views

CVE-2025-59945

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...

8.1CVSS0.00306EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/09/27 1:1 a.m.1 views

CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...

8.1CVSS6.2AI score0.00306EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/09/27 1:1 a.m.12 views

CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...

8.1CVSS0.00306EPSS
Exploits0References2
OSV
OSVadded 2025/09/27 1:1 a.m.3 views

CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...

8.1CVSS6.5AI score0.00306EPSS
Exploits0References4
CVE
CVEadded 2025/09/27 1:1 a.m.21 views

CVE-2025-59945

Vulnerability summary (CVE-2025-59945): SysReptor (Syslifters) versions 2024.74 through 2025.82 allow authenticated, non-admin users to grant themselves the is_project_admin privilege, enabling reading, modifying, and deleting pentest projects they are not members of. This is mitigated in version...

8.1CVSS6.2AI score0.00306EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2025/09/27 12:0 a.m.5 views

Code-Projects Project Monitoring System SQL注入漏洞

Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameters username/password in the file /login.php. An attacker can exploit this...

9.8CVSS8.2AI score0.00441EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2025/09/27 12:0 a.m.7 views

PT-2025-39738

Name of the Vulnerable Software and Affected Versions code-projects Project Monitoring System version 1.0 Description A flaw exists in code-projects Project Monitoring System 1.0 that allows for SQL injection. The issue is located in an unknown function of the /login.php file. Manipulation of the...

9.8CVSS7.4AI score0.00441EPSS
Exploits1References11
Positive Technologies
Positive Technologiesadded 2025/09/27 12:0 a.m.4 views

PT-2025-39701

Name of the Vulnerable Software and Affected Versions SysReptor versions 2024.74 through 2025.82 Description Authenticated, unprivileged users can assign the is project admin permission to themselves, granting them unauthorized access to read, modify, and delete pentesting projects they are not...

8.1CVSS6.5AI score0.00306EPSS
Exploits0References10
Rows per page
Query Builder