5655 matches found
PT-2025-16208 · Unknown · Scriptandtools Ecommerce-Website-In-Php
Name of the Vulnerable Software and Affected Versions: ScriptAndTools eCommerce-website-in-PHP version 3.0 Description: A problematic issue has been identified in the software. The issue involves improper restriction of excessive authentication attempts, potentially allowing remote attacks. The...
PT-2025-16184 · Unknown · Tutorials-Website Employee Management System
Name of the Vulnerable Software and Affected Versions: Tutorials-Website Employee Management System version 1.0 Description: A vulnerability was found in the Tutorials-Website Employee Management System, affecting an unknown part of the file /admin/update-user.php. The manipulation of the ID...
CVE-2025-3411
A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308. This issue affects some unknown processing of the file 3apiplatform/api-platform/src/main/java/top/aias/platform/controller/AsrController.java. The manipulation of the argument url leads to server-sid...
CVE-2025-3333
A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/menuupdate.php. The manipulation of the argument menu leads to sql injection. The attack can be launched...
CVE-2025-3332
A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0. Affected is an unknown function of the file /admin/menusave.php. The manipulation of the argument menu leads to sql injection. It is possible to launch the attack remotely. The...
CVE-2025-32406
An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response...
Security Advisory April 2025 for Ivanti EPM 2024 and EPM 2022 SU6
Security Advisory Ivanti EPM 2022 SU6 and EPM 2024 Multiple CVEs Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses medium and high vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability...
PT-2025-15315 · Unknown · Lenve Vblog
Name of the Vulnerable Software and Affected Versions: Lenve VBlog versions up to 1.0.0 Description: A critical issue was found, affecting the configure function of the WebSecurityConfig.java file. This leads to improper access controls, allowing remote attacks. The issue has been publicly...
The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and management system, as well as the Cisco Evolved Programmable Network Manager (EPNM) software for managing network services, allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network Manager EPNM software lies in the insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to perform...
CVE-2025-3369 xxyopen Novel-Plus list sql injection
A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /novel/friendLink/list. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2025-3342
CVE-2025-3342 affects codeprojects Online Restaurant Management System 1.0, specifically the /admin/payment_save.php path. The vulnerability arises from improper handling/manipulation of the ID parameter, leading to SQL injection. Impact is reported as remote, with public disclosure of the exploi...
CVE-2025-3318
A vulnerability classified as critical was found in KenjFrog 肯尼基蛙 company-financial-management 公司财务管理系统 1.0. Affected by this vulnerability is the function page of the file src/main/java/com/controller/ShangpinleixingController.java. The manipulation of the argument sort leads to sql injection. T...
CVE-2025-3306
A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /don.php. The manipulation of the argument fullname leads to sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2025-3296
CVE-2025-3296 affects SourceCodester Online Eyewear Shop 1.0. The vulnerability is an SQL injection caused by improper handling of the ID parameter in /classes/Users.php?f=delete_customer, allowing remote exploitation. Descriptions across multiple sources confirm a critical issue with variant CVS...
CVE-2025-3254 xujiangfei admintwo add server-side request forgery
A vulnerability was found in xujiangfei admintwo 1.0. It has been classified as critical. Affected is an unknown function of the file /resource/add. The manipulation of the argument description leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has bee...
CVE-2025-3245
A vulnerability was found in itsourcecode Library Management System 1.0. It has been rated as critical. Affected by this issue is the function Search of the file librarymanagement/src/LibraryManagement/Forgot.java. The manipulation of the argument txtuname leads to sql injection. The attack may b...
CVE-2025-30080
Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service software abort...
CVE-2025-3188
CVE-2025-3188 affects PHPGurukul e-Diary Management System 1.0. The vulnerability lies in the /add-notes.php file where manipulating the Category parameter enables SQL injection. Exploitation can be initiated remotely, and public disclosures exist across multiple sources, indicating active risk. ...
CVE-2025-3150
A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been...
CVE-2025-3135
CVE-2025-3135 affects fcba_zzm ICT-park Smart Park Management System (version 2.1). The vulnerability is in the unknown code path of /api/system/dept/update and leads to SQL injection. It can be exploited remotely and has documented public exploit exposure. Public sources consistently describe a ...