CVE-2025-3369

A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /novel/friendLink/list. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-3205

A vulnerability, which was classified as critical, was found in CodeAstro Student Grading System 1.0. This affects an unknown part of the file studentsubject.php. The manipulation of the argument studentId leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2025-3242

A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument id/searchdata leads to sql injection. The attack can be initiated remotely. The exploit h...

CVE-2025-3195

A vulnerability, which was classified as critical, has been found in itsourcecode Online Blood Bank Management System 1.0. This issue affects some unknown processing of the file /bbms.php. The manipulation of the argument Search leads to sql injection. The attack may be initiated remotely. The...

CVE-2025-3142

A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument buildingno leads to sql injection. The attack may be initiated remotely...

PT-2025-14624 · Unknown · Project Worlds Online Lawyer Management System

Name of the Vulnerable Software and Affected Versions: Project Worlds Online Lawyer Management System version 1.0 Description: A critical issue has been found in the processing of the file /lawyer booking.php, where the manipulation of the unblock id argument leads to sql injection. This issue ca...

CVE-2025-3038

A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /viewaccount.php. The manipulation of the argument salaryrate leads to sql injection. The attack may be initiated remotely. The exploit has...

PT-2025-35790

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description The Chamilo learning management system has an issue due to a lack of validation of XML object sequences. This can allow a remote attacker to execute arbitrary SQL queries. The issue exists in the...

CVE-2025-2852

A vulnerability has been found in SourceCodester Food Ordering Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/menus/viewmenu.php. The manipulation of the argument ID leads to sql injection. The attack can be...

CVE-2025-2675

CVE-2025-2675 affects PHPGurukul Bank Locker Management System 1.0. The vulnerability is a SQL injection in the add-lockertype.php function, triggered by manipulating the lockerprice parameter. It is exploitable remotely and, per sources in the connected documents, the exploit has been disclosed ...

CVE-2025-2593

A vulnerability has been found in FastCMS up to 0.1.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/client/article/list. The manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The exploit has...

The vulnerability of the VMmanager 6 virtualization tool, related to the lack of protective measures for the SQL query structure, allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of VMmanager 6’s virtualization mechanism is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...

CVE-2025-2393

A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/salutdel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-2389

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/addcity.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-2383

CVE-2025-2383 affects PHPGurukul Doctor Appointment Management System 1.0. The vulnerability is a SQL injection in the /doctor/search.php file via the searchdata parameter in an affected request, with remote exploitation and exploitation disclosed publicly. The exact vulnerable component is descr...

CVE-2025-2378

A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been classified as critical. This affects an unknown part of the file /download-medical-cards.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely...

CVE-2025-2050

A vulnerability classified as critical was found in PHPGurukul User Registration & Login and User Management System 3.3. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be launched...

CVE-2025-2067

A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The exploit has been...

Fedora 40 : exim (2025-e694138ac5)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-e694138ac5 advisory. This is an update fixing possible remote SQL injection. Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

CVE-2025-1840

A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be launched...