CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/07 9:18 a.m.•15 views

CVE-2025-1210

A vulnerability classified as critical was found in code-projects Wazifa System 1.0. Affected by this vulnerability is an unknown functionality of the file /controllers/control.php. The manipulation of the argument to leads to sql injection. The attack can be launched remotely. The exploit has be...

8.8CVSS7.3AI score0.00428EPSS

RedhatCVE•added 2026/01/07 9:18 a.m.•6 views

CVE-2025-1173

A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file processusersdel.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely...

7.2CVSS7.3AI score0.00602EPSS

6.1CVSS6.2AI score0.00482EPSS

CVE-2025-1155

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is planned to remove...

4.8CVSS5.9AI score0.00353EPSS

CVE-2025-1830

A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as problematic. This issue affects some unknown processing of the component Customer Information Handler. The manipulation of the argument Customer Name leads to cross site scripting. The attack may be initiated remotely. The...

RedhatCVE•added 2026/01/07 9:18 a.m.•9 views

CVE-2025-1227

A vulnerability was found in ywoa up to 2024.07.03. It has been rated as critical. This issue affects the function selectList of the file com/cloudweb/oa/mapper/xml/AddressDao.xml. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the...

8.8CVSS7.3AI score0.00484EPSS

RedhatCVE•added 2026/01/07 9:18 a.m.•8 views

CVE-2025-1357

A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

5.3CVSS6.7AI score0.00435EPSS

RedhatCVE•added 2026/01/07 9:18 a.m.•13 views

CVE-2025-1641

A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been classified as critical. This affects an unknown part of the file /AGE0000700/GetHorariosDoDia?idespec=0=1103=2025-02-25+19%3A25=0=1=1=5=01=0⌖=.horarios--dia--d0&=1739371223797. The manipulation leads to sql injection. It is...

9.8CVSS7.3AI score0.0059EPSS

RedhatCVE•added 2026/01/07 9:18 a.m.•19 views

CVE-2025-1902

A vulnerability was found in PHPGurukul Student Record System 3.2. It has been declared as critical. This vulnerability affects unknown code of the file /password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has...

9.8CVSS7.7AI score0.00559EPSS

RedhatCVE•added 2026/01/07 9:18 a.m.•13 views

CVE-2025-1159

A vulnerability was found in CampCodes School Management Software 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academic-calendar. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit h...

5.4CVSS6.2AI score0.00343EPSS

RedhatCVE•added 2026/01/07 9:18 a.m.•18 views

CVE-2025-1195

A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/EditCategory. The manipulation of the argument CategoryId leads to cross site scripting. The attack may b...

5.4CVSS6.2AI score0.00313EPSS

RedhatCVE•added 2026/01/07 9:18 a.m.•19 views

CVE-2025-1555

A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. This vulnerability affects the function saveImage. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the publ...

7.5CVSS6.7AI score0.0065EPSS

RedhatCVE•added 2026/01/07 9:18 a.m.•16 views

CVE-2025-1209

A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is the function searchuser of the file /searchresualts.php. The manipulation of the argument firstname/lastname leads to cross site scripting. It is possible to launch the attack remotely. The...

5.4CVSS6.1AI score0.00313EPSS

RedhatCVE•added 2026/01/07 9:18 a.m.•5 views

CVE-2025-1537

A vulnerability was found in Harpia DiagSystem 12. It has been rated as critical. This issue affects some unknown processing of the file /diagsystem/PACS/atualatendimentojpeg.php. The manipulation of the argument codexame leads to sql injection. The attack may be initiated remotely. The exploit h...

6.5CVSS7.1AI score0.00346EPSS

9.8CVSS7AI score0.00621EPSS

CVE-2025-1186

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been...

RedhatCVE•added 2026/01/07 9:18 a.m.•14 views

CVE-2025-1339

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. The exploit...

8.8CVSS7.2AI score0.02672EPSS

RedhatCVE•added 2026/01/07 9:18 a.m.•10 views

CVE-2025-1906

A vulnerability has been found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The...

9.8CVSS7.8AI score0.00383EPSS

7.5CVSS7.3AI score0.02571EPSS

CVE-2025-1546

A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Affected by this vulnerability is the function logoperateclear of the file /webui/modules/log/operate.mds. The manipulation of the argument startcode leads to os command...

RedhatCVE•added 2026/01/07 9:18 a.m.•10 views

CVE-2025-1582

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/all-request.php. The manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The...

9.8CVSS7.2AI score0.00501EPSS

9.8CVSS7.4AI score0.00491EPSS

CVE-2025-1168

A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-contact.php. The manipulation of the argument contact leads to sql injection. The attack can be initiated...