CVE-2025-15249

A weakness has been identified in zhujunliang3 workplatform up to 6bc5a50bb527ce27f7906d11ea6ec139beb79c31. This vulnerability affects unknown code of the component Content Handler. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. This product...

Full Stack Bank SQL注入漏洞

Full Stack Bank is a banking system by the individual developer Krystian Pińczak. Full Stack Bank suffers from a SQL injection vulnerability that stems from unknown code manipulation of the component User Handler, which could lead to a SQL injection attack...

CVE-2025-15249 zhujunliang3 work_platform Content cross site scripting

A weakness has been identified in zhujunliang3 workplatform up to 6bc5a50bb527ce27f7906d11ea6ec139beb79c31. This vulnerability affects unknown code of the component Content Handler. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. This product...

EUVD-2025-205630

A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated...

CVE-2025-15118

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has...

CVE-2025-15099

CVE-2025-15099 affects simstudioai sim up to version 0.5.27, specifically the CRON Secret Handler’s file apps/sim/lib/auth/internal.ts. The vulnerability arises from manipulation of the INTERNAL_API_SECRET parameter, enabling improper authentication. It is exploitable remotely, and publicly avail...

EUVD-2025-203259

A security flaw has been discovered in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /updateprogram.php. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been...

PT-2025-50638

A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /view book.php. Executing manipulation of the argument book id can lead to sql injection. The attack can be executed remotely. The exploit has been made...

CVE-2025-14246

A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument userid results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publi...

CVE-2025-13811

CVE-2025-13811 affects jsnjfz WebStack-Guns 1.0. The vulnerability is in src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java where manipulation of the argument sort enables an SQL injection. It can be exploited remotely without user interaction. Public PoC/exploit detail...

CVE-2025-13811 jsnjfz WebStack-Guns PageFactory.java sql injection

A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing a manipulation of the argument sort can lead to sql injection. It is possible to launch the atta...

CVE-2025-13241

A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

CVE-2025-13241 code-projects Student Information System index.php sql injection

A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

CVE-2025-13203

Concrete details found: Simple Cafe Ordering System 1.0 has a vulnerability in /addmem.php where manipulating the studentnum parameter enables SQL injection. Remote exploitability is indicated, and multiple sources (NVD, Red Hat, CNVD, CNNVD, CVE lists, and Vuln enrichment) confirm the issue and ...

CVE-2025-12326

A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. The attack can be launched remotely...

CVE-2025-12326 shawon100 RUET OJ POST Request process.php sql injection

A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. The attack can be launched remotely...

CVE-2025-12279

CVE-2025-12279 affects code-projects Client Details System 1.0, with a cross-site scripting flaw in /welcome.php due to insufficient input filtering/escaping. The vulnerability is remote-exploitable and has been publicly disclosed; CVSS indicators show MEDIUM impact with LOW confidentiality/integ...

EUVD-2025-36142

A weakness has been identified in code-projects Online Event Judging System 1.0. This vulnerability affects unknown code of the file /editcontestant.php. Executing manipulation of the argument contestantid can lead to sql injection. The attack can be executed remotely. The exploit has been made...

CVE-2025-12224 Iqbolshoh php-business-website contact.php cross site scripting

A flaw has been found in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This vulnerability affects unknown code of the file admin/contact.php. This manipulation of the argument twitter causes cross site scripting. The attack may be initiated remotely. The exploit h...

EUVD-2025-36057

A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been...