18803 matches found
CVE-2025-13241
A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...
PT-2025-47065
Name of the Vulnerable Software and Affected Versions ProjectSend versions prior to r1945 Description A cross-site scripting issue exists in ProjectSend up to version r1720. The flaw is located within the File Editor/Custom Download Aliases component and involves an unknown function. This...
PT-2025-47076
Name of the Vulnerable Software and Affected Versions code-projects Student Information System version 2.0 Description A flaw exists in code-projects Student Information System 2.0, affecting unknown code within the /index.php file. Manipulation of the Username argument can lead to SQL injection,...
WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Appointment Booking Calendar versions = 1.3.95...
PT-2025-47097
CVE-2025-65065 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-65065 Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13178
A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /editprofile of the component User Profile Handler. This manipulation of the argument firstname/lastname causes basic cross site scripting. The attack is possible to be carried...
CVE-2025-13119
A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2025-13123
A flaw has been found in AMTT Hotel Broadband Operation System 1.0. The impacted element is an unknown function of the file /user/portal/getfirstdate.php. Executing manipulation of the argument uid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-13119
A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2025-13119 Fabian Ros/SourceCodester Simple E-Banking System cross-site request forgery
A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2025-13119
CVE-2025-13119 affects Fabian Ros/SourceCodester Simple E-Banking System 1.0. A CSRF vulnerability is described as originating from an unknown part of the application; the attack can be initiated remotely and an exploit has been published. The available sources do not specify the exact affected c...
EUVD-2025-175309
A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been published and may be used...
MAL-2025-187887 Malicious code in lynx-supervisor-relay-loop (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a26f63e49cfb5c2e768202d61487c55e9c1f08c139bc67fda8a39c99da2c5ee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in arcturus-flare-superagent-sedna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80856987570a96a5084f2b7478d136db28ad9cfe56025418ec26135ba1b5aa9c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in deimos-polaris-gridsome-magellan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2d7daf5a58341775641235bf8ae1045625d4dfe06b3b0772252ddf9a2d15bd0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in transform-ethology-weywot-style-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6827172d705088dbbceab6e5d571e982778c40522594d4b1769be2151dd4821 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in grep-fire-throw-web-sed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebf7689d3d15f023a0d962a1dc51e8ad684feb14bbc8cc9a82f6b8716822f137 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-150358
A flaw has been found in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/usersetting.php. Executing manipulation of the argument usname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...
PT-2025-46834
A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2025-13076
A flaw has been found in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/usersetting.php. Executing manipulation of the argument usname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...