PT-2025-48393

A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure...

PT-2025-48398

Name of the Vulnerable Software and Affected Versions codingWithElias School Management System affected versions not specified Description A weakness exists in codingWithElias School Management System. The issue involves cross site scripting triggered by manipulating the First Name argument withi...

CVE-2025-13588

A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and...

CVE-2025-13576

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints...

CVE-2025-13577

A flaw has been found in PHPGurukul Hostel Management System 2.1. The impacted element is an unknown function of the file /register-complaint.php. Executing a manipulation of the argument cdetails can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-13544

A weakness has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected is an unknown function of the file /customerregister.php. Executing manipulation can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has bee...

EUVD-2025-198599

A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2025-13576

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints...

CVE-2025-13576 code-projects Blog Site admin.php improper authorization

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints...

PT-2025-47874

A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2025-13544

A weakness has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected is an unknown function of the file /customerregister.php. Executing manipulation can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has bee...

CVE-2025-13396

A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public a...

CVE-2025-13256

A weakness has been identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrow.php. Executing a manipulation of the argument rollnumber can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

CVE-2025-13269

A vulnerability has been found in Campcodes School Fees Payment Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=savepayment. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-13267

A vulnerability was detected in SourceCodester Dental Clinic Appointment Reservation System 1.0. Impacted is an unknown function of the file /success.php. Performing manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit is now...

CVE-2025-13243

A vulnerability was found in code-projects Student Information System 2.0. Impacted is an unknown function of the file /editprofile.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

CVE-2025-13185

A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profileimage/bannerimage results in unrestricted upload. The attack can be launched remotely. The exploit has been...

CVE-2025-13236

A vulnerability was identified in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

EUVD-2025-197749

A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has be...

CVE-2025-13259 Campcodes Supplier Management System edit_unit.php sql injection

A flaw has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /manufacturer/editunit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...