CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2295 matches found

Cvelist•added 2025/10/07 11:2 p.m.•9 views

CVE-2025-11416 PHPGurukul Beauty Parlour Management System invoices.php sql injection

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/invoices.php. Performing a manipulation of the argument delid results in sql injection. The attack can be initiated remotely. The exploit has been released to th...

7.5CVSS0.00376EPSS

Exploits1References5

NVD•added 2025/10/07 10:15 p.m.•7 views

CVE-2025-43823

Cross-site scripting XSS vulnerability in the Commerce Search Result widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4 before patch 6, 2023.Q3 before patch 9, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload...

5.4CVSS0.002EPSS

Exploits0References1

Cvelist•added 2025/10/07 9:54 p.m.•12 views

CVE-2025-43823

4.8CVSS0.002EPSS

Exploits0References1

CVE•added 2025/10/07 8:2 p.m.•16 views

CVE-2025-11407

CVE-2025-11407 affects D-Link DI-7001 MINI (firmware 24.04.18B1). The vulnerability is in the upgrade_filter.asp component where manipulation of the path argument leads to OS command injection. Attack could be initiated remotely, and public exploits exist. Some sources do not provide a confirmed ...

9.8CVSS6.7AI score0.04033EPSS

Exploits1References5Affected Software1

Cvelist•added 2025/10/07 5:32 p.m.•9 views

CVE-2025-11402 SourceCodester Hotel and Lodge Management System del_curr.php sql injection

A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /delcurr.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been...

6.5CVSS0.00316EPSS

Exploits1References5