CVE-2025-14640 code-projects Student File Management System save_student.php sql injection

A flaw has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /admin/savestudent.php. Executing manipulation of the argument studno can lead to sql injection. The attack may be launched remotely. The exploit has been published a...

CVE-2025-14638

A security vulnerability has been detected in itsourcecode Online Pet Shop Management System 1.0. This issue affects some unknown processing of the file /pet1/updatecnp.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-14638

A security vulnerability has been detected in itsourcecode Online Pet Shop Management System 1.0. This issue affects some unknown processing of the file /pet1/updatecnp.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been...

PT-2025-51153

Name of the Vulnerable Software and Affected Versions itsourcecode Online Cake Ordering System version 1.0 Description A SQL injection issue exists in itsourcecode Online Cake Ordering System version 1.0. The issue is located in the /cakeshop/supplier.php file. Manipulation of the supplier...

CVE-2025-14636

A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function imagecheck of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the...

CVE-2025-14636

CVE-2025-14636 affects Tenda AX9 firmware version 22.03.01.46, where the httpd component's image_check uses a weak hash. This enables remote exploitation with high attack complexity, and the exploit is publicly available (proof-of-concept). No concrete remediation/version fix is provided in the s...

CVE-2025-14567

A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has...

CVE-2025-14589

A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keyname can lead to sql injection. The attack may be performed from remote. The exploit has been made...

CVE-2025-14606

CVE-2025-14606 affects tiny-rdm (up to version 1.2.5). The vulnerability lies in the Pickle Decoding component, specifically pickle_convert.go’s pickle.loads, enabling deserialization and a potentially remote attack. The CVE notes remote initiation, with high attack complexity and publicly disclo...

EUVD-2025-203175

A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and...

EUVD-2025-203176

A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...

PT-2025-51132

Name of the Vulnerable Software and Affected Versions Tenda AX9 version 22.03.01.46 Description A security flaw exists in the image check function within the httpd component of Tenda AX9 version 22.03.01.46. This issue involves the use of a weak hash, allowing for remote attacks. The attack is...

CVE-2025-14583

A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing a manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be...

CVE-2025-14531

A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in crlf injection. The attack can be initiated remotely. The exploit has been made public and could ...

CVE-2025-14530

A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...

CVE-2025-14565

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed fro...

CVE-2025-14566

A security flaw has been discovered in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The impacted element is an unknown function of the file /Profilers/SProfile/reg.php. Performing a manipulation of the argument USN results in sql injection. It is possible to initia...

CVE-2025-14565

The CVE-2025-14565 entry concerns kidaze CourseSelectionSystem. Multiple connected sources confirm a vulnerability in the file /Profilers/SProfile/login1.php where manipulation of the Username argument leads to SQL injection. This affects the system upstream of the commit 42cd892b40a18d50bd4ed190...

CVE-2025-14515

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addunit.php. Such manipulation of the argument txtunitDetails leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-14535 UTT 进取 512W formConfigFastDirectionW strcpy buffer overflow

A vulnerability was identified in UTT 进取 512W up to 3.1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigFastDirectionW. The manipulation of the argument ssid leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be...