CVE-2025-1557

A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-1553

CVE-2025-1553 affects pankajindevops scale; root cause is a cross-site scripting issue in the /scale/project goal parameter. Exploitation is possible remotely and has been disclosed publicly. No version details or updates are provided; multiple sources indicate there is no available fix yet.

CVE-2025-0485

A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been classified as problematic. Affected is an unknown function of the file /fladmin/sysconfigdoedit.php. The manipulation of the argument info leads to cross site scripting. It is possible to launch the attack remotely. The exploi...

CVE-2024-13203

A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did...

PT-2025-3819 · Unknown · Code-Projects Online Book Shop

Name of the Vulnerable Software and Affected Versions: code-projects Online Book Shop version 1.0 Description: A critical issue has been found in the code-projects Online Book Shop. It affects an unknown function of the file /search result.php. The manipulation of the argument s leads to SQL...

Yunfan Learning Examination System 安全漏洞

Yunfan Learning Examination System is an examination application from China Yunfan Yunfan Company. A security vulnerability exists in Yunfan Learning Examination System version 1.9.2, which originates from an unknown function in the file...

Yunfan Learning Examination System 访问控制错误漏洞

Yunfan Learning Examination System is an examination application from China Yunfan Yunfan Company. An access control error vulnerability exists in Yunfan Learning Examination System version 1.9.2, which originates from an unknown function in file...

PT-2025-35305 · Unknown +1 · Mixmark-Io Turndown +1

Name of the Vulnerable Software and Affected Versions: mixmark-io turndown versions through 7.2.1 Description: A security flaw exists in mixmark-io turndown, potentially leading to inefficient regular expression complexity through manipulation of an unknown function within the...

CVE-2024-12942

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/adminlogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack...

CVE-2024-12931

A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been classified as critical. Affected is an unknown function of the file /addCatController.php. The manipulation of the argument size leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...

CVE-2024-11743

A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=deleteuser of the component POST Request Handler. The manipulation leads to cross-site request forgery. It...

CVE-2024-11101

CVE-2024-11101 impacts the 1000 Projects Beauty Parlour Management System 1.0. The vulnerability exists in an unknown function of the file /admin/search-invoices.php , where manipulation of the searchdata parameter enables an SQL injection. The described impact is remote execution with the exploi...

CVE-2024-9283 RelaxedJS ReLaXed Pug to PDF Converter cross site scripting

A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public an...

CVE-2024-9032

A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to path traversal. It is possible to launch the attack remotely. The exploit has...

WCMS 路径遍历漏洞

WCMS is a content management system CMS from the individual developers at Vedegis. A path traversal vulnerability exists in WCMS version 0.3.2 and earlier, which stems from an unknown function in the /wex/finder.php file that improperly handles the parameter p, resulting in path traversal...

CVE-2024-8173

A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file /login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2024-7853 SourceCodester Yoga Class Registration System sql injection

A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=categories/viewcategory. The manipulation of the argument id leads to sql injection. It is possible to launch the atta...

CVE-2024-7853

CVE-2024-7853 affects SourceCodester Yoga Class Registration System (up to v1.0). The vulnerability is an SQL injection in the file /admin/?page=categories/view_category, triggered by manipulating the id parameter. It can be exploited remotely, and public disclosure of the exploit is noted. The c...

CVE-2024-7853 SourceCodester Yoga Class Registration System sql injection

A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=categories/viewcategory. The manipulation of the argument id leads to sql injection. It is possible to launch the atta...

CVE-2024-7808

A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file logindbc.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...