CVE-2025-12339

A security vulnerability has been detected in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file /admin/adminfootball.php. The manipulation of the argument pid leads to sql injection. Remote exploitation of the attack is possible. The exploit...

CVE-2025-12328

A vulnerability was identified in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. Impacted is an unknown function of the file /contestproblem.php. Such manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit is publicly availabl...

Liferay Portal Vulnerable to Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

CVE-2025-62263

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

CVE-2025-62263

CVE-2025-62263 affects Liferay Portal/DXP versions ranging from 7.3.7 to 7.4.3.103 and 2023.Q3.1–2023.Q3.4, including 7.4 GA up to update 92 and 7.3 SP3 up to update 36. The flaw is multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or H...

CVE-2025-12309

CVE-2025-12309 concerns code-projects Nero Social Networking Site 1.0. The SQL injection vulnerability arises from lack of validation of the ID parameter in /friendprofile.php, enabling remote manipulation of SQL statements. Multiple connected sources (CNVD, CNNVD, Red Hat, ENISA, NVD, etc.) desc...

EUVD-2025-36169

Cross-site scripting XSS vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service ACS endpoint servers to inject arbitrary web script or HTML via the RelayState parameter...

CVE-2025-12287

The CVE-2025-12287 vulnerability affects Bdtask Wholesale Inventory Control and Inventory Management System (versions up to 20251013). The root cause is improper handling of the first_name/last_name parameters in the file /Admin_dashboard/edit_profile, enabling SQL injection. The issue can be exp...

CVE-2025-12262 code-projects Online Event Judging System edit_criteria.php sql injection

A vulnerability was determined in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /editcriteria.php. Executing manipulation of the argument critid can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed an...

CVE-2025-12254

A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected by this issue is some unknown functionality of the file /addjudge.php. Such manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit is publicly availabl...

CVE-2025-12243

CVE-2025-12243 affects code-projects Client Details System 1.0. The vulnerability is in the GET Parameter Handler, specifically the file clientdetails/welcome.php; manipulating the ID parameter can cause SQL injection. The issue is exploitable remotely, and exploits have been published. Multiple ...

PT-2025-43906

Name of the Vulnerable Software and Affected Versions Axosoft Scrum and Bug Tracking version 22.1.1.11545 Description A flaw exists in Axosoft Scrum and Bug Tracking that allows for CSV injection. The issue is located in the Edit Ticket Page component, specifically through manipulation of the Tit...

CVE-2025-62248

A reflected cross-site scripting XSS vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through...

CVE-2025-11944

A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and...

CVE-2025-11910

A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible to initiate the attack remotely. The explo...

EUVD-2025-34932

A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes sql injection. The attack can be initiated remotely. The exploit has been published and may be...

CVE-2025-11903 yanyutao0402 ChanCMS update sql injection

A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing a manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. Th...

CVE-2025-11667

A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addcandidatemodal.php.. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has...

B&R Automation Runtime 安全漏洞

B&R Automation Runtime is an automation runtime from B&R Automation. A security vulnerability exists in B&R Automation Runtime versions prior to 6.4 that stems from improper neutralization of formula elements in a CSV file, which could allow a remote attacker to inject formula data...

CVE-2025-11668

A vulnerability was determined in code-projects Automated Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/updateuser.php. This manipulation of the argument Password causes sql injection. The attack is possible to be carried out remotely. The exploit has...