EUVD-2025-201696

A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to...

EUVD-2025-201666

A security flaw has been discovered in code-projects Currency Exchange System 1.0. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has be...

CVE-2025-14210

A security vulnerability has been detected in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /deletemember.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed...

CVE-2025-14192

CVE-2025-14192 affects RashminDungrani online-banking up to build 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. The vulnerability is an SQL injection in the file /site/dist/auth_login.php caused by manipulation of the Username argument. It is remotely exploitable and the exploit has been made public....

CVE-2025-14190

Chanjet TPlus is affected by CVE-2025-14190 through a SQL injection in the parameter currentAccId used by the Load path: /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. The flaw, exploitable remotely, stems from the unknown/undocumented functionality a...

EUVD-2025-199930

A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public a...

CVE-2025-13788

A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public a...

CVE-2025-13788

chanjet crm is affected by a SQL injection in /tools/upgradeattribute.php via the gblOrgID parameter. The vulnerability affects Chanjet CRM versions up to 20251106 (pre-51107). Root cause: input manipulation in an unknown function leads to injectable SQL. Impact is high (remote attacker, data exp...

CVE-2025-13585

A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

CVE-2025-13582

A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product results in sql injection. Remote exploitation of the attack ...

EUVD-2025-198618

A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirmpassword causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

EUVD-2025-198589

A vulnerability was determined in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /listorder.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly...

EUVD-2025-198590

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /deleteadmin.php. The manipulation of the argument adminid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

EUVD-2025-198578

A vulnerability has been found in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the publ...

EUVD-2025-198575

A vulnerability was detected in Campcodes School File Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing manipulation of the argument studno results in sql injection. The attack can be initiated remotely. The exploit is now public and...

CVE-2025-13554

A security vulnerability has been detected in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /index.php of the component Login. Such manipulation of the argument txtUsername leads to sql injection. It is possible to launch the attack remotely. The exploit h...

CVE-2025-64428 DataEase DB2 JNDI Vulnerability

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed...

CVE-2025-13451

A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

CVE-2025-13421

A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function of the file /src/store/NoticeStore.php. Such manipulation of the argument noticeDesc leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-13410

A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected is an unknown function of the file /admin/receipt.php. Such manipulation of the argument tid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and...