CVE-2026-30561

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addpurchase.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...

CVE-2026-3710

A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. Remote exploitati...

CVE-2025-14648

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalogadd.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2025-14648

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalogadd.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

PT-2025-51152

Name of the Vulnerable Software and Affected Versions DedeBIZ versions up to 6.5.9 Description A security issue exists in DedeBIZ that allows for remote command injection. This is due to manipulation of a functionality within the file /src/admin/catalog add.php. The exploit for this issue has bee...

Employee Profile Management System Code Issue Vulnerability

Employee Profile Management System is an employee profile management system. Employee Profile Management System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter perfile in the file /profiling/addfilequery.php. No details of the...

CVE-2025-14195

A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/addfilequery.php. The manipulation of the argument perfile results in unrestricted upload. The attack may be launched remotely. The exploit has been...

CVE-2025-14195 code-projects Employee Profile Management System add_file_query.php unrestricted upload

A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/addfilequery.php. The manipulation of the argument perfile results in unrestricted upload. The attack may be launched remotely. The exploit has been...

Code-Projects Employee Profile Management System 代码问题漏洞

Employee Profile Management System is an employee profile management system. Employee Profile Management System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter perfile in the file /profiling/addfilequery.php. No details of the...

CVE-2025-12861

A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2025-12861 DedeBIZ spec_add.php sql injection

A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

E-Commerce Website supplier_add.php file cross-site scripting vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters suppname and suppaddress in the file /pages/supplieradd.php, which can be exploite...

PT-2025-44061

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A flaw exists in code-projects E-Commerce Website 1.0 that allows for cross site scripting. The issue is located in the /pages/product add.php file. Manipulation of the prod name, prod...

CVE-2025-11508 code-projects Voting System voters_add.php unrestricted upload

A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/votersadd.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and...

CVE-2025-11417 Campcodes Advanced Online Voting Management System voters_add.php unrestricted upload

A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This vulnerability affects unknown code of the file /admin/votersadd.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has be...

CVE-2025-11410 Campcodes Advanced Online Voting Management System voters_add.php sql injection

A flaw has been found in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/votersadd.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be executed remotely. The exploit has been published and m...

PT-2025-41190

Name of the Vulnerable Software and Affected Versions Campcodes Advanced Online Voting Management System version 1.0 Description A flaw exists in Campcodes Advanced Online Voting Management System that allows for SQL injection. The issue is located in the file /admin/voters add.php and involves...

EUVD-2025-25197

Malicious code in bioql PyPI...

EUVD-2025-25769

Malicious code in bioql PyPI...

GHSA-CR7H-93FH-WHWM magix-combine-ex vulnerable to prototype pollution

A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions through 2.2.2 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...