88734 matches found
PT-2025-41695
Name of the Vulnerable Software and Affected Versions code-projects Hospital Management System version 1.0 Description A flaw exists in the session function of the express-session component in code-projects Hospital Management System version 1.0. This issue involves manipulation of the secret...
PT-2025-41623
Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A flaw exists in CodeAstro Gym Management System 1.0. This issue is related to an unknown functionality within the file /admin/equipment-entry.php. Manipulation of the ename argument may...
CVE-2025-11589 CodeAstro Gym Management System user-payment.php sql injection
A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released t...
CVE-2025-11583
A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...
CVE-2025-11509
A vulnerability was detected in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/productadd.php. Performing manipulation of the argument prodname results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used...
PowerJob ๅฎๅ จๆผๆด
PowerJob is an open source distributed computing and job scheduling framework from PowerJob Open Source that allows developers to easily schedule tasks in their applications. A security vulnerability exists in PowerJob 5.1.2 and earlier versions, which stems from a lack of authorization checking ...
๐ Perfex CRM Chatbot Cross Site Scripting
Perfex CRM's chatbot feature suffers from a persistent cross site scripting vulnerability. CVE-2025-60374 CVE-2025-60374: Stored Cross-Site Scripting XSS in Perfex CRM Chatbot โ ๏ธ Security Advisory A critical Stored Cross-Site Scripting vulnerability in Perfex CRM's chatbot feature --- ๐ Overview A...
EUVD-2025-33570
Newforma Info Exchange NIX '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the NIX service account...
EUVD-2025-33569
Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the customer-configured NIX service account...
CVE-2025-11557
A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of the argument fullname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the publ...
CVE-2025-11552 code-projects Online Complaint Site category.php sql injection
A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might...
CVE-2025-11474
A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /editbooking.php. Performing manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has...
CVE-2025-11469
A weakness has been identified in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /pages/savecustomer.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The exploit has...
EUVD-2025-33262
A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fastsettingpppoeset. Executing manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly...
CVE-2025-11527
CVE-2025-11527 concerns the Tenda AC7 router (version 15.03.06.44). A vulnerability in the file /goform/fast_setting_pppoe_set allows manipulation of the Password parameter to trigger a stack-based overflow in a function whose exact name is not disclosed in the documents. The issue is exploitable...
CVE-2025-11526
A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing a manipulation of the argument wifichkHz results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public...
CVE-2025-11422
A vulnerability has been found in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /admin/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be executed remotely. The exploit has been disclose...
CVE-2025-11523
The CVE-2025-11523 entry concerns Tenda AC7 15.03.06.44. The affected component is the AdvSetLanip handler, with the vulnerability arising from improper filtering/handling of the lanIp parameter in /goform/AdvSetLanip, enabling remote command injection. Public exploits exist and can be used to ac...
CVE-2025-11515
Affected software: code-projects Online Complaint Site 1.0. Vulnerable component/function: the file /cms/users/register-complaint.php, where manipulation of the cid parameter leads to an SQL injection. Root cause / impact (as stated): lack of input validation in cid allows remote attacker to inje...
i-Educar ๅฎๅ จๆผๆด
i-Educar is a free educational software from Portรกbilis Open Source. A security vulnerability exists in i-Educar version 2.9.10 and earlier, which stems from improper privilege inheritance in the user type handling component in the file app/Http/Controllers/AccessLevelController.php, which could...