EUVD-2025-28857

Malicious code in bioql PyPI...

CVE-2025-9444

A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/deletegroupstudent.php. The manipulation of the argument batchid leads to sql injection. The attack can be initiated...

CVE-2025-9439

CVE-2025-9439 affects 1000projects Online Project Report Submission and Evaluation System 1.0. A cross-site scripting flaw exists in the function at /rse/admin/edit_faculty.php?id=2, caused by manipulating the Name parameter. The attack is remote and an exploit has been made publicly available. T...

CVE-2025-9438 1000projects Online Project Report Submission and Evaluation System add_student.php cross site scripting

A security flaw has been discovered in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected is an unknown function of the file /admin/addstudent.php. The manipulation of the argument address results in cross site scripting. The attack can be executed remotely. The...

It should not submit a project with no total budget. Requires at least one task with cost > 0

Lines of code Vulnerability details Impact When publishing a project, there is still possibility the project doesn't have any task or 0 budget. Proof of Concept According to contest guideline, there is an information says "Note that you cannot submit a project with no total budget. Therefore it...