CVE-2025-13076

A flaw has been found in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/usersetting.php. Executing manipulation of the argument usname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...

CVE-2025-13063

A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an unknown function. Executing manipulation can lead to missing authorization. The attack may be performed from remote. The exploit has been published and may be used. Multiple endpoints are affected...

CVE-2025-13063 DinukaNavaratna Dee Store authorization

A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an unknown function. Executing manipulation can lead to missing authorization. The attack may be performed from remote. The exploit has been published and may be used. Multiple endpoints are affected...

PT-2025-46717

Name of the Vulnerable Software and Affected Versions DinukaNavaratna Dee Store version 1.0 Description A flaw exists in DinukaNavaratna Dee Store version 1.0 that can lead to missing authorization due to manipulation. The issue is present in an unknown function and can be exploited remotely. The...

PT-2025-45596

Name of the Vulnerable Software and Affected Versions SourceCodester Survey Application System version 1.0 Description A flaw exists in the SourceCodester Survey Application System that allows for SQL injection. This occurs through manipulation of the fullname argument within the save user/update...

PT-2025-45582

Name of the Vulnerable Software and Affected Versions qianfox FoxCMS versions up to 1.2.16 Description A cross-site scripting issue exists in the add/edit function of the app/admin/controller/Product.php file. Manipulation of the Title argument can trigger this issue. The attack can be initiated...

CVE-2025-12617

A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/logincrud.php. Executing a manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be use...

CVE-2025-12617

A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/logincrud.php. Executing a manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be use...

EUVD-2025-37471

A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/logincrud.php. Executing manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used...

CVE-2025-12598

A flaw has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is the function savetenant of the file /adminclass.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-12598

A flaw has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is the function savetenant of the file /adminclass.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-12342

A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2025-12250

A flaw has been found in OpenWGA 7.11.12 Build 737. This affects an unknown function of the file WGA.File of the component TMLScript API. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was...

CVE-2025-12342

A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

EUVD-2025-36389

A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

PT-2025-44077

Name of the Vulnerable Software and Affected Versions Serdar Bayram Ghost Hot Spot versions prior to 20251015 Description A flaw exists in the Login component of Serdar Bayram Ghost Hot Spot. This issue is due to a SQL injection vulnerability within an unknown function of the /Auth.php file. The...

EUVD-2025-36337

A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and...

CVE-2025-12312

A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. Impacted is an unknown function of the file view-pass-detail.php. This manipulation of the argument Fullname/Category causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may ...

EUVD-2025-36230

A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an unknown function of the file admin-profile.php. Executing manipulation of the argument adminname/email can lead to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2025-12289

A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activitystate/1/categoryid/1001. Executing manipulation of the argument categoryid can lead to...