EUVD-2025-36393

A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/adminfeature.php. Performing manipulation of the argument pid results in sql injection. The attack may be initiated remotely. The exploit has been released to...

PT-2025-44067

Name of the Vulnerable Software and Affected Versions Campcodes Retro Basketball Shoes Online Store version 1.0 Description A security flaw exists in Campcodes Retro Basketball Shoes Online Store version 1.0. The issue affects an unknown part of the file /admin/admin feature.php. Manipulation of...

CVE-2025-12309

CVE-2025-12309 concerns code-projects Nero Social Networking Site 1.0. The SQL injection vulnerability arises from lack of validation of the ID parameter in /friendprofile.php, enabling remote manipulation of SQL statements. Multiple connected sources (CNVD, CNNVD, Red Hat, ENISA, NVD, etc.) desc...

CVE-2025-12292

A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be...

EUVD-2025-36184

A security vulnerability has been detected in Bdtask Wholesale Inventory Control and Inventory Management System up to 20251013. This impacts an unknown function of the file /Admindashboard/editprofile. Such manipulation of the argument firstname/lastname leads to sql injection. The attack may be...

SQL Injection

net.mingsoft:ms-mcms is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the contenttitle parameter in the /cms/content/list endpoint, which allows an attacker to inject and execute arbitrary SQL queries through crafted input in the FreeMarker template rendering...

EUVD-2025-36146

A vulnerability was determined in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /editcriteria.php. Executing manipulation of the argument critid can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed an...

CVE-2025-12254

A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected by this issue is some unknown functionality of the file /addjudge.php. Such manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit is publicly availabl...

CVE-2025-12248 CLTPHP search.html sql injection

A security vulnerability has been detected in CLTPHP 3.0. The affected element is an unknown function of the file /home/search.html. Such manipulation of the argument keyword leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used...

CVE-2025-12238

A security flaw has been discovered in code-projects Automated Voting System 1.0. The affected element is an unknown function of the file /admin/user.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2025-12242 CodeAstro Gym Management System check-attendance.php sql injection

A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-12215 projectworlds Online Shopping System login_submit.php sql injection

A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /loginsubmit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-12208

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /adminclass.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been mad...

[SECURITY] Fedora 42 Update: python-sqlparse-0.4.2-14.fc42

sqlparse is a tool for parsing SQL strings. It can generate pretty-printed renderings of SQL in various formats. It is a python module, together with a command-line tool...

CVE-2025-11447 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...

CVE-2025-11447

CVE-2025-11447 affects GitLab CE/EE with DoS risk from unauthenticated GraphQL requests carrying crafted JSON payloads. Affected versions include 11.0–18.3.5, 18.4 prior to 18.4.3, and 18.5 prior to 18.5.1. Remediation has been issued; updates to GitLab 18.5.1 (and later) address the issue. Explo...

CVE-2025-11447 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...

PT-2025-43875

Name of the Vulnerable Software and Affected Versions projectworlds Online Shopping System version 1.0 Description A flaw has been identified in projectworlds Online Shopping System 1.0. The issue involves a potential SQL injection affecting an unknown function within the /login submit.php file...

PT-2025-44017

Name of the Vulnerable Software and Affected Versions Nero Social Networking Site version 1.0 Description A security flaw exists in the /deletemessage.php file of Nero Social Networking Site. Manipulation of the message id argument can lead to SQL injection. This issue can be exploited remotely...

Code-Projects Online Event Judging System SQL注入漏洞

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter contestantid in the file /editcontestant.php. An attacker can...