CVE-2025-13325

The CVE-2025-13325 entry concerns itsourcecode Student Information System 1.0. The vulnerability is in the file /enrollment_edit1.php, where manipulation of the en_id parameter enables SQL injection. The attack can be performed remotely, and public exploit details exist. Remediation or affected v...

PT-2025-47231

Name of the Vulnerable Software and Affected Versions code-projects Simple Pizza Ordering System version 1.0 Description A security flaw exists in code-projects Simple Pizza Ordering System 1.0. Manipulation of the ID argument in the /listorder.php file results in SQL injection. The attack can be...

CVE-2025-13228

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-13227

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-13304

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated...

CVE-2025-13223

CVE-2025-13223 is a Type Confusion in V8 within Google Chrome/Chromium (prior to 142.0.7444.175) that can lead to heap corruption via a crafted HTML page. The issue affects Chromium-based Chrome, with root cause described as V8 type confusion; high severity and potential remote code/impact on hea...

CVE-2025-13303

A vulnerability was determined in code-projects Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /search-edit.php. This manipulation of the argument Consignment causes sql injection. The attack can be initiated remotely. The exploit has been publicly...

CVE-2025-13300

A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2025-13301 itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection

A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /subject/controller.php. The manipulation results in sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-13300 itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection

A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2025-13300 itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection

A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2025-13299 itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection

A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing a manipulation can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2025-13280

A vulnerability was determined in CodeAstro Simple Inventory System 1.0. The impacted element is an unknown function of the file /index.php of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has bee...

CVE-2025-13179

A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. This issue affects some unknown processing. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclose...

CVE-2025-13275 Iqbolshoh php-business-website about.php unrestricted upload

A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of the file /admin/about.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has be...

CVE-2025-13273

A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deletepayment. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be...

CVE-2025-13265

A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack...

CVE-2025-13265 lsfusion platform ZipUtils.java unpackFile path traversal

A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack...

CVE-2025-13235

A vulnerability was determined in itsourcecode Inventory Management System 1.0. This affects an unknown function of the file /admin/login.php. Executing manipulation of the argument useremail can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly...

EUVD-2025-197736

A weakness has been identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrow.php. Executing manipulation of the argument rollnumber can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...