CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-12589

Malicious code in bioql PyPI...

5CVSS6.6AI score0.00091EPSS

Exploits1References2

RedhatCVE•added 2025/04/30 12:14 a.m.•14 views

CVE-2025-25776

Cross-Site Scripting XSS vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing...

5CVSS6.2AI score0.00091EPSS

Exploits1References1

Vulnrichment•added 2025/04/28 12:0 a.m.•6 views

CVE-2025-25776

5AI score0.00091EPSS

Exploits1References2

Cvelist•added 2025/04/28 12:0 a.m.•10 views

CVE-2025-25776

0.00091EPSS

Exploits1References2

CVE•added 2025/04/28 12:0 a.m.•52 views

CVE-2025-25776

Codeastro Bus Ticket Booking System v1.0 is affected by CVE-2025-25776: a Cross-Site Scripting (XSS) flaw in the User Registration and User Profile features caused by insufficient input validation on the Full Name and Address fields. Exploitation could allow arbitrary code execution in these fiel...

5CVSS6.2AI score0.00091EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2025/04/28 12:0 a.m.•2 views

PT-2025-18071 · Unknown · Codeastro Bus Ticket Booking System

Name of the Vulnerable Software and Affected Versions: Codeastro Bus Ticket Booking System version 1.0 Description: A Cross-Site Scripting XSS issue exists in the User Registration and User Profile features, allowing an attacker to execute arbitrary code in the Full Name and Address fields during...

5CVSS5.8AI score0.00091EPSS

Exploits1References5

RedhatCVE•added 2025/04/27 12:13 a.m.•17 views

CVE-2025-25775

Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder...

9.8CVSS7.9AI score0.00093EPSS

Exploits1References1

Cvelist•added 2025/04/25 12:0 a.m.•7 views

CVE-2025-25775

Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder...

0.00093EPSS

Exploits1References2

CVE•added 2025/04/25 12:0 a.m.•57 views

CVE-2025-25775

Codeastro Bus Ticket Booking System v1.0 is affected by a SQL injection in the /BusTicket-CI/tiket/cekorder endpoint via the kodetiket parameter. Root cause: unsafe handling of the parameter leading to SQL injection. Impact: per CVSS metrics, high for confidentiality, integrity, and availability ...

9.8CVSS7.5AI score0.00093EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2025/04/25 12:0 a.m.•8 views

CVE-2025-25775

Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder...

9.8AI score0.00093EPSS

Exploits1References2

NVD•added 2025/04/24 9:15 p.m.•11 views

CVE-2025-25777

Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks...

8CVSS0.00105EPSS

Exploits1References2

CVE•added 2025/04/24 12:0 a.m.•55 views

CVE-2025-25777

CVE-2025-25777 affects Codeastro Bus Ticket Booking System v1.0, where an insecure direct object reference (IDOR) allows unauthorized access to user profiles by altering the URL parameter user ID. Root cause: insufficient authentication/authorization checks on profile endpoints, enabling access t...

8CVSS7.1AI score0.00105EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2025/04/24 12:0 a.m.•1 views

PT-2025-17857 · Unknown · Codeastro Bus Ticket Booking System

Name of the Vulnerable Software and Affected Versions: Codeastro Bus Ticket Booking System version 1.0 Description: Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can...

8CVSS6.3AI score0.00105EPSS

Exploits1References10

Vulnrichment•added 2025/04/24 12:0 a.m.•3 views

CVE-2025-25777

6.7AI score0.00105EPSS

Exploits1References2

Cvelist•added 2025/04/24 12:0 a.m.•7 views

CVE-2025-25777

0.00105EPSS

Exploits1References2

Positive Technologies•added 2025/02/25 12:0 a.m.•2 views

PT-2025-7941 · Codeastro · Bus Ticket Booking System

Name of the Vulnerable Software and Affected Versions: Codeastro Bus Ticket Booking System version 1.0 Description: The issue concerns a SQL injection vulnerability via the kodetiket parameter in the "/BusTicket-CI/tiket/cekorder" API endpoint. This allows for potential exploitation. No informati...

9.8CVSS7.1AI score0.00093EPSS

Exploits1References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by