CVE-2025-10598

SourceCodester Pet Grooming Management Software 1.0 is affected by a SQL injection in /admin/search_product.php caused by improper handling of the group_id parameter. This vulnerability can be exploited remotely and has publicly available exploit code. Some connected advisories mention a practica...

CVE-2025-10596 SourceCodester Online Exam Form Submission index.php sql injection

A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument usn results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2025-10441

A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub433F7C of the file versionupgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched...

CVE-2025-10417

A security flaw has been discovered in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=deleteproduct. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-10418

A weakness has been identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewstudents.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made availab...

CVE-2025-43804

Cross-site scripting XSS vulnerability in Search widget in Liferay Portal 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 allows remote attackers to inject arbitrary web script or HTML via the comliferayportalsearchwebportletSearchPortletuserId parameter...

CVE-2025-10564

A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=deletecategory. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-10565

CVE-2025-10565 affects Campcodes Grocery Sales and Inventory System 1.0. A SQL injection exists in the /ajax.php?action=delete_receiving endpoint, triggered by manipulating the ID parameter. Several connected sources confirm remote exploitation possibilities and public disclosure of the exploit. ...

CVE-2025-10400

A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Impacted is an unknown function of the file /routers/ticket-message.php. Such manipulation of the argument ticketid leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-10399

A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made...

CVE-2025-10473

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql injection. The attack may be launched remotely. The exploit has...

CVE-2025-43800

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

CVE-2025-43800

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

CVE-2025-43791

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

CVE-2025-10459

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of the argument delid results in sql injection. The attack can be executed remotely. The exploit has been released to the...

CVE-2025-10448 Campcodes Online Job Finder System index.php sql injection

A flaw has been found in Campcodes Online Job Finder System 1.0. This affects an unknown function of the file /index.php?q=result&searchfor=bycompany. This manipulation of the argument Search causes sql injection. The attack can be initiated remotely. The exploit has been published and may be use...

CVE-2025-10446

A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/custsearchfrm.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely...

CVE-2025-10444

A security flaw has been discovered in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /advancesearch.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has...

PT-2025-37704

Name of the Vulnerable Software and Affected Versions: PHPGurukul Beauty Parlour Management System version 1.1 Description: A security flaw exists in PHPGurukul Beauty Parlour Management System version 1.1. The issue is located in the /admin/all-appointment.php file. Manipulation of the delid...

CVE-2025-10407

A vulnerability was identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewuser.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...