PT-2026-35460

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add or update script of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-3944 itsourcecode University Management System att_add.php sql injection

A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /attadd.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

CVE-2025-12927

A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archivesadd.php. Such manipulation of the argument flags leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may b...

CVE-2025-12927

CVE-2025-12927 affects DedeBIZ up to version 6.3.2. The vulnerability lies in the /admin/archives_add.php component where manipulation of the flags[] argument enables a remote SQL injection. The issue is caused by an unknown function handling flags[] and has publicly disclosed exploits. Multiple ...

PT-2025-44397

Name of the Vulnerable Software and Affected Versions tftpsync affected versions not specified Description A path traversal flaw exists in the tftpsync/add and tftpsync/delete scripts. A remote attacker on an adjacent network can potentially write or delete files on the filesystem with the...

CVE-2025-12334 code-projects E-Commerce Website product_add.php cross site scripting

A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/productadd.php. The manipulation of the argument prodname/proddesc/prodcost results in cross site scripting. It is possible to launch the attack remotely. The exploit has been mad...

CVE-2025-11417

CVE-2025-11417 affects Campcodes Advanced Online Voting Management System 1.0. The issue is in the unknown code of /admin/voters_add.php where manipulating the photo argument can lead to unrestricted file upload. Attack is remote and, per the documents, the exploit has been publicly released. Con...

CVE-2025-11347

A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function moveuploadedfile of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated...

CVE-2025-11070 Projectworlds Online Shopping System cart_add.php sql injection

A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cartadd.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

Apartment Management System addfloor.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter hdnid in the file /floor/addfloor.php. An attacker can exploit th...

📄 Magnolia DX Core 6.3.8 Command Injection

Magnolia DX Core version 6.3.8 suffers from a remote command injection vulnerability. Exploit Title: Magnolia DX Core 6.3.8 - Command Injection Date: 05/16/2025 Exploit Author: tmrswrr Version: 6.3.8 Vendor home page: https://docs.magnolia-cms.com/home/ Product:...

CVE-2024-10422

A vulnerability, which was classified as critical, has been found in SourceCodester Attendance and Payroll System 1.0. This issue affects some unknown processing of the file /admin/overtimeadd.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. T...

An unspecified vulnerability exists in v2rayL

v2rayL is a Linux GUI client software for v2ray agents. A security vulnerability exists in v2rayL version 2.1.3, which stems from the fact that the /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh files owned by a low-privileged user can be run as root via Sudo, which can be exploited by a local...

CVE-2018-19798

Fleetco Fleet Maintenance Management FMM 1.2 and earlier allows uploading an arbitrary ".php" file with the application/x-php Content-Type to the accidentsadd.php?submit=1 URI, as demonstrated by the valueImages1 field, which leads to remote command execution on the remote server. Any authenticat...