CVE-2025-14218

CVE-2025-14218 affects code-projects Currency Exchange System version 1.0, specifically the /editotheraccount.php file. The vulnerability arises from an injectable ID parameter in an unknown function, enabling SQL injection that can be exploited remotely. Multiple connected sources reiterate that...

EUVD-2025-201666

A security flaw has been discovered in code-projects Currency Exchange System 1.0. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has be...

EUVD-2025-201654

A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The impacted element is an unknown function of the file /admin/invoiceprint.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack...

PT-2025-49558

A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /user contact.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available t...

PT-2025-49572

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0, specifically within the file /newrecord.php. Manipulation of the ID argument can lead to SQL injection. The attack can ...

PT-2025-49510

A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

PT-2025-49556

A security flaw has been discovered in code-projects Online Ordering System 1.0. The affected element is an unknown function of the file /user school.php. The manipulation of the argument product id results in sql injection. The attack may be performed from remote. The exploit has been released t...

PT-2025-49546

A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...

EUVD-2025-201606

A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information disclosure. The attack can be executed...

CVE-2025-14197 Verysync 微力同步 Web Administration f96956469e7be39d information disclosure

A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information disclosure. The attack can be executed...

PT-2025-49412

Name of the Vulnerable Software and Affected Versions Verysync versions up to 2.21.3 Description A flaw exists in Verysync that allows for unrestricted file upload. This impacts an unknown function within the Web Administration Module, specifically related to the file...

PT-2025-49396

A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...

EUVD-2025-201538

A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure...

CVE-2025-14117 fit2cloud Halo cross-site request forgery

A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure...

CVE-2025-14117

CVE-2025-14117 affects fit2cloud Halo 2.21.10. The vulnerability is a cross-site request forgery in an unknown function, exploitable remotely with the exploit publicly disclosed. Multiple sources (NVD, Red Hat, EUVD, OSV, CVE List) confirm the same impact and remote vector. No version fixes are d...

CVE-2025-14117 fit2cloud Halo cross-site request forgery

A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure...

PT-2025-49329

Name of the Vulnerable Software and Affected Versions fit2cloud Halo version 2.21.10 Description A cross-site request forgery issue exists in fit2cloud Halo version 2.21.10. The issue is related to an unknown function. The attack can be initiated remotely and the exploit has been publicly...

CVE-2025-13790

A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure...

CVE-2025-13815 moxi159753 Mogu Blog v2 pictures unrestricted upload

A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestricted upload. The attack may be initiated remotely. The exploit has been made available to the...

CVE-2025-13790

A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure...