CVE-2025-12283

CVE-2025-12283 affects code-projects Client Details System 1.0. The vulnerability is an authorization bypass via an unknown function, exploitable remotely, with an exploit publicly released. Connected sources confirm the same description across CNVD, RH, CNNVD/CVELIST variants. No specific affect...

CVE-2025-12269

A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting Page. The manipulation results in cross site scripting. It is possible to launch the attack...

CVE-2025-12270

A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/assignmentid/tasks/taskid/subfile of the component Student Assignment Submission Handler. This manipulation causes improper...

EUVD-2025-36158

A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting Page. The manipulation results in cross site scripting. It is possible to launch the attack...

CVE-2025-12237

The CVE-2025-12237 entry concerns projectworlds Advanced Library Management System 1.0. A vulnerability exists in the /index.php file where manipulating the keywords parameter enables SQL injection. The flaw is remotely exploitable, and public exploit code is available. Connected sources corrobor...

CVE-2025-12227

A vulnerability was determined in projectworlds Gate Pass Management System 1.0. The affected element is an unknown function of the file /add-pass.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may b...

CVE-2025-12228

A vulnerability was identified in projectworlds Expense Management System 1.0. The impacted element is an unknown function of the file /public/admin/users/create of the component Users Page. The manipulation leads to cross site scripting. The attack is possible to be carried out remotely. The...

EUVD-2025-36082

A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles Page. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been...

PT-2025-44058

Name of the Vulnerable Software and Affected Versions Willow CMS versions prior to 1.4.1 Description A flaw exists in Willow CMS that allows for unrestricted file uploads. This issue is present in a file located at /admin/images/add and involves an unknown function. Remote attackers can exploit...

PT-2025-43955

Name of the Vulnerable Software and Affected Versions code-projects Client Details System version 1.0 Description A security flaw exists that allows for authorization bypass. The issue is located within an unknown function and can be exploited remotely. The exploit for this issue has been publicl...

LearnHouse 安全漏洞

LearnHouse is an online learning management system open-sourced by LearnHouse. LearnHouse has a security vulnerability that originates from a cross-site scripting vulnerability in an unknown function in file /dash/org/settings/previews...

Code-Projects Client Details System 安全漏洞

Client Details System is a client information system. An authorization bypass vulnerability exists in Client Details System that stems from an authorization bypass of an unknown function and can be exploited by an attacker to compromise confidentiality...

Projectworlds Expense Management System 安全漏洞

Projectworlds Expense Management System is an open source expense management system from Projectworlds. A security vulnerability exists in Projectworlds Expense Management System version 1.0, which stems from misuse of an unknown function in the file /public/admin/currencies/create, and could lea...

PT-2025-44002

Name of the Vulnerable Software and Affected Versions Simple Food Ordering System version 1.0 Description A security issue exists in Simple Food Ordering System 1.0 where manipulation of the pname/category/price argument in the /editproduct.php file can lead to cross site scripting. This issue ca...

PT-2025-43954

Name of the Vulnerable Software and Affected Versions code-projects Client Details System version 1.0 Description A security issue exists in code-projects Client Details System 1.0. The issue involves cross site scripting, potentially allowing remote attackers to compromise the system. The affect...

CVE-2025-11853

The CVE concerns Teedy (Sismics Teedy) up to 1.11, affecting the API’s /api/file endpoint. The root cause is improper access controls in the API Endpoint file, enabling a remote attacker to manipulate access. Public exploit discussion is noted, and the vulnerability is exploitable without user in...

PT-2025-41753

Name of the Vulnerable Software and Affected Versions SourceCodester Best Salon Management System version 1.0 Description A security flaw exists in SourceCodester Best Salon Management System 1.0. The issue is a SQL injection impacting an unknown function within the /booking.php file. The serv id...

Social Network Website SQL注入漏洞

Social Network Website is a simple social networking website by Pynch Personal Developers. Social Network Website suffers from a SQL injection vulnerability that stems from incorrect manipulation of an unknown function in the component Search, which could lead to an SQL injection attack...

CVE-2025-11583

A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

EUVD-2025-33262

A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fastsettingpppoeset. Executing manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly...