969 matches found
CVE-2025-14953
A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The attack requires a high leve...
PT-2025-52483
Name of the Vulnerable Software and Affected Versions Open5GS versions up to 2.7.5 Description A flaw exists in Open5GS impacting the ogs pfcp handle create pdr function within the lib/pfcp/handler.c library of the FAR-ID Handler component. This can lead to a null pointer dereference, potentially...
PT-2025-52279
Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System version 1.0 Description A flaw exists in SourceCodester Client Database Management System 1.0 within the Leads Generation Module. The issue affects the file /user leads.php and allows for...
CVE-2025-14836
A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/usersave.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has...
EUVD-2025-204007
A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/usersave.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has...
PT-2025-51979
Name of the Vulnerable Software and Affected Versions ZZCMS version 2025 Description A security issue exists in ZZCMS 2025 related to the User Data Storage Module. A flaw within the /reg/user save.php file results in the storage of data in cleartext on a file or disk. Remote exploitation is...
CVE-2025-14702
A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit has been published and may be used. The...
CVE-2025-14660
A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can b...
EUVD-2025-203356
A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is possible to be carried...
CVE-2025-14702
A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit has been published and may be used. The...
CVE-2025-14702
CVE-2025-14702 affects the Smartbit CommV Smartschool App (versions up to 10.4.4) due to a path traversal flaw in the be.smartschool.mobile.SplashActivity. The root cause is a vulnerability in a SplashActivity component that can be manipulated locally to traverse file paths. Exploitation requires...
EUVD-2025-203328
A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit has been published and may be used. The...
CVE-2025-14702 Smartbit CommV Smartschool App be.smartschool.mobile.SplashActivity path traversal
A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit has been published and may be used. The...
CVE-2025-14702 Smartbit CommV Smartschool App be.smartschool.mobile.SplashActivity path traversal
A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit has been published and may be used. The...
CVE-2025-14641
A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/adminpic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be use...
PT-2025-51189
A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit has been published and may be used. The...
PT-2025-51210
A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is possible to be carried...
CVE-2025-14650 itsourcecode Online Cake Ordering System product.php sql injection
A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the argument Product can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...
EUVD-2025-203276
A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/adminpic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be use...
CVE-2025-14640
Affects Code-Projects Student File Management System 1.0. The vulnerability is an SQL injection in the /admin/save_student.php handler, triggered by manipulating the stud_no (or student_no) parameter due to lack of input validation. This can be exploited remotely (attack vector NETWORK) and may a...