CVEs from 2025
Total
8,944
critical
critical 1,361
high
high 2,043
medium
medium 2,040
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-31951 | high | 8.8 | 8.8 | 1mo ago | HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized comma… | |||
| CVE-2025-58074 | high | 8.8 | 8.8 | 1mo ago | A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may res… | |||
| CVE-2025-70420 | high | 8.8 | 8.8 | 2mo ago | A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused b… | |||
| CVE-2025-53847 | high | 8.8 | 8.8 | 2mo ago | A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS … | |||
| CVE-2025-15101 | high | 8.8 | 8.8 | 2mo ago | An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted param… | |||
| CVE-2025-67030 | high | 8.8 | 8.8 | 2mo ago | Plexus-Utils has a Directory Traversal vulnerability in its extractFile method | |||
| CVE-2025-14349 | high | 8.8 | 8.8 | 4mo ago | Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by … | |||
| CVE-2025-7636 | high | 8.8 | 8.8 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security Systems Computer Industry and Trade Inc. ZEUS PDKS allows SQL Injection. This i… | |||
| CVE-2025-7347 | high | 8.8 | 8.8 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers. This issue affects Dinibh… | |||
| CVE-2025-10465 | high | 8.8 | 8.8 | 4mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server. This issue affects S… | |||
| CVE-2025-15467 | high | 8.8 | 8.8 | 4mo ago | Important: openssl security update | |||
| CVE-2025-15494 | high | 8.8 | 8.8 | 5mo ago | A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to … | |||
| CVE-2025-15492 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of th… | |||
| CVE-2025-31643 | high | 8.8 | 8.8 | 5mo ago | Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0. | |||
| CVE-2025-29004 | high | 8.8 | 8.8 | 5mo ago | Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege… | |||
| CVE-2025-47553 | high | 8.8 | 8.8 | 5mo ago | Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.25. | |||
| CVE-2025-31047 | high | 8.8 | 8.8 | 5mo ago | Deserialization of Untrusted Data vulnerability in Themify Themify Edmin allows Object Injection.This issue affects Themify Edmin: from n/a through 2.0.0. | |||
| CVE-2025-15423 | high | 8.8 | 8.8 | 5mo ago | A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The a… | |||
| CVE-2025-15406 | high | 8.8 | 8.8 | 5mo ago | A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possib… | |||
| CVE-2025-15404 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /save_file.php. The manipulation of the argument Fil… | |||
| CVE-2025-15393 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API… | |||
| CVE-2025-15392 | high | 8.8 | 8.8 | 5mo ago | A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Exe… | |||
| CVE-2025-15390 | high | 8.8 | 8.8 | 5mo ago | A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible t… | |||
| CVE-2025-15375 | high | 8.8 | 8.8 | 5mo ago | A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipu… | |||
| CVE-2025-15254 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injectio… | |||
| CVE-2025-15205 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argum… | |||
| CVE-2025-15199 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argumen… | |||
| CVE-2025-15192 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the arg… | |||
| CVE-2025-15191 | high | 8.8 | 8.8 | 5mo ago | A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_u… | |||
| CVE-2025-15139 | high | 8.8 | 8.8 | 5mo ago | A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command in… | |||
| CVE-2025-15133 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Suc… | |||
| CVE-2025-15132 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This mani… | |||
| CVE-2025-15131 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation r… | |||
| CVE-2025-15050 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of the argument File leads t… | |||
| CVE-2025-15009 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Exec… | |||
| CVE-2025-15004 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The manipulation of the argument orderby leads to sql injection. It is possib… | |||
| CVE-2025-14885 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_leads.php of the component Leads Generation Module. Executing manipulatio… | |||
| CVE-2025-14856 | high | 8.8 | 8.8 | 6mo ago | A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment … | |||
| CVE-2025-14834 | high | 8.8 | 8.8 | 6mo ago | A weakness has been identified in code-projects Simple Stock System 1.0. This affects an unknown function of the file /checkuser.php. Executing a manipulation of the argument Username can lead to sql… | |||
| CVE-2025-14749 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to… | |||
| CVE-2025-14589 | high | 8.8 | 8.8 | 6mo ago | A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keynam… | |||
| CVE-2025-13506 | high | 8.8 | 8.8 | 6mo ago | Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database. This issue a… | |||
| CVE-2025-14516 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performin… | |||
| CVE-2025-14230 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was detected in code-projects Daily Time Recording System 4.5.0. The impacted element is an unknown function of the file /admin/add_payroll.php. Performing manipulation of the argumen… | |||
| CVE-2025-14225 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead t… | |||
| CVE-2025-14222 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /print_personnel_report.php. This manipulation of the argument per_id causes… | |||
| CVE-2025-14214 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in itsourcecode Student Information System 1.0. This affects an unknown part of the file /section_edit1.php. The manipulation of the argument ID leads to sql injection.… | |||
| CVE-2025-14203 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes … | |||
| CVE-2025-14195 | high | 8.8 | 8.8 | 6mo ago | A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add_file_query.php. The manipulation of the argumen… | |||
| CVE-2025-14193 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file /view_personnel.php. Executing a manipulation of the argume… | |||
| CVE-2025-14126 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The … | |||
| CVE-2025-14086 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function of the file /app-api/v1/members/openid/. The manipulation of the argument openid results in improper a… | |||
| CVE-2025-14085 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper cont… | |||
| CVE-2025-14051 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead … | |||
| CVE-2025-57201 | high | 8.8 | 8.8 | 6mo ago | AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attack… | |||
| CVE-2025-13816 | high | 8.8 | 8.8 | 6mo ago | A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File … | |||
| CVE-2025-13808 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java… | |||
| CVE-2025-13790 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has… | |||
| CVE-2025-13581 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was identified in itsourcecode Student Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /schedule_edit1.php. Such manipulation of the arg… | |||
| CVE-2025-13580 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in code-projects Library System 1.0. Affected is an unknown function of the file /mail.php. This manipulation of the argument ID causes sql injection. The attack may be… | |||
| CVE-2025-13579 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can b… | |||
| CVE-2025-13576 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possi… | |||
| CVE-2025-13575 | high | 8.8 | 8.8 | 6mo ago | A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function category_exists of the file /resources/functions/blog.php of the component Category Handler. Such m… | |||
| CVE-2025-13573 | high | 8.8 | 8.8 | 6mo ago | A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add_book.php. The manipulation of the argument image r… | |||
| CVE-2025-13571 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /listorder.php. Executing manipulation of the argumen… | |||
| CVE-2025-13570 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=state. Performing manipulation of the argument… | |||
| CVE-2025-13569 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/?page=city. Such manipulation of the argument ID leads to sql injection. T… | |||
| CVE-2025-13568 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in itsourcecode COVID Tracking System 1.0. This impacts an unknown function of the file /admin/?page=people. This manipulation of the argument ID causes sql injection. The attac… | |||
| CVE-2025-13567 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This affects an unknown function of the file /admin/?page=establishment. The manipulation of the argument ID results in sql inj… | |||
| CVE-2025-13347 | high | 8.8 | 8.8 | 7mo ago | A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_user. Executing manipulation of the argument User… | |||
| CVE-2025-13346 | high | 8.8 | 8.8 | 7mo ago | A vulnerability was detected in SourceCodester Train Station Ticketing System 1.0. This affects an unknown part of the file /ajax.php?action=save_station. Performing manipulation of the argument id/s… | |||
| CVE-2025-13345 | high | 8.8 | 8.8 | 7mo ago | A security vulnerability has been detected in SourceCodester Train Station Ticketing System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_ticket. Such ma… | |||
| CVE-2025-13325 | high | 8.8 | 8.8 | 7mo ago | A vulnerability was determined in itsourcecode Student Information System 1.0. The affected element is an unknown function of the file /enrollment_edit1.php. Executing manipulation of the argument en… | |||
| CVE-2025-13306 | high | 8.8 | 8.8 | 7mo ago | A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of t… | |||
| CVE-2025-13290 | high | 8.8 | 8.8 | 7mo ago | A vulnerability has been found in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /saveorder.php. Such manipulation of the argument ID … | |||
| CVE-2025-13289 | high | 8.8 | 8.8 | 7mo ago | A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Affected is an unknown function of the file /TeacherLogin/Academics/SubjectDetails.php. Th… | |||
| CVE-2025-13287 | high | 8.8 | 8.8 | 7mo ago | A weakness has been identified in itsourcecode Online Voting System 1.0. This affects an unknown function of the file /index.php?page=categories. Executing manipulation of the argument id/category ca… | |||
| CVE-2025-13286 | high | 8.8 | 8.8 | 7mo ago | A security flaw has been discovered in itsourcecode Online Voting System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_user. Performing manipulation of the argume… | |||
| CVE-2025-13279 | high | 8.8 | 8.8 | 7mo ago | A vulnerability was found in code-projects Nero Social Networking Site 1.0. The affected element is an unknown function of the file /profilefriends.php. Performing manipulation of the argument ID res… | |||
| CVE-2025-13278 | high | 8.8 | 8.8 | 7mo ago | A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrowed_book_search.php. Such manipulation of the argument datefr… | |||
| CVE-2025-13274 | high | 8.8 | 8.8 | 7mo ago | A weakness has been identified in Campcodes School Fees Payment Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_fees. Executing a manip… | |||
| CVE-2025-13273 | high | 8.8 | 8.8 | 7mo ago | A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_payment. Per… | |||
| CVE-2025-13270 | high | 8.8 | 8.8 | 7mo ago | A vulnerability was found in Campcodes School Fees Payment Management System 1.0. This affects an unknown function of the file /ajax.php?action=save_course. The manipulation of the argument ID result… | |||
| CVE-2025-13269 | high | 8.8 | 8.8 | 7mo ago | A vulnerability has been found in Campcodes School Fees Payment Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_payment. The manipulation of the a… | |||
| CVE-2025-13264 | high | 8.8 | 8.8 | 7mo ago | A security flaw has been discovered in SourceCodester Online Magazine Management System 1.0. This affects an unknown part of the file /view_magazine.php. The manipulation of the argument ID results i… | |||
| CVE-2025-13263 | high | 8.8 | 8.8 | 7mo ago | A vulnerability was identified in SourceCodester Online Magazine Management System 1.0. Affected by this issue is some unknown functionality of the file /categories.php. The manipulation of the argum… | |||
| CVE-2025-13260 | high | 8.8 | 8.8 | 7mo ago | A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/edit_product.php. Such manipulation of the argument cmbProductUn… | |||
| CVE-2025-13259 | high | 8.8 | 8.8 | 7mo ago | A flaw has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /manufacturer/edit_unit.php. This manipulation of the argument ID causes sql injection.… | |||
| CVE-2025-13256 | high | 8.8 | 8.8 | 7mo ago | A weakness has been identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrow.php. Executing a manipulation of the argument roll_number c… | |||
| CVE-2025-13255 | high | 8.8 | 8.8 | 7mo ago | A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. This issue affects some unknown processing of the file /book_search.php. Performing a manipulation of the … | |||
| CVE-2025-13254 | high | 8.8 | 8.8 | 7mo ago | A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /add_member.php. Such manipulation of the argument roll_num… | |||
| CVE-2025-13253 | high | 8.8 | 8.8 | 7mo ago | A vulnerability was determined in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /add_librarian.php. This manipulation of the argument Username causes … | |||
| CVE-2025-13251 | high | 8.8 | 8.8 | 7mo ago | A flaw has been found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknown function. Executing manipulation can lead to sql injection. The attack may be launched remotely. The exploit has been… | |||
| CVE-2025-13250 | high | 8.8 | 8.8 | 7mo ago | A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in impro… | |||
| CVE-2025-13243 | high | 8.8 | 8.8 | 7mo ago | A vulnerability was found in code-projects Student Information System 2.0. Impacted is an unknown function of the file /editprofile.php. The manipulation results in sql injection. The attack may be p… | |||
| CVE-2025-13238 | high | 8.8 | 8.8 | 7mo ago | A weakness has been identified in Bdtask Flight Booking Software 4. Affected by this vulnerability is an unknown functionality of the file /agent/profile/edit of the component Edit Profile Page. This… | |||
| CVE-2025-13177 | high | 8.8 | 8.8 | 7mo ago | A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. T… | |||
| CVE-2025-13172 | high | 8.8 | 8.8 | 7mo ago | A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/view-member-report.php. Performing a manipulation of the argument ID res… | |||
| CVE-2025-13171 | high | 8.8 | 8.8 | 7mo ago | A vulnerability was identified in ZZCMS 2023. This impacts an unknown function of the file /admin/wangkan_list.php. Such manipulation of the argument keyword leads to sql injection. The attack can be… | |||
| CVE-2025-13061 | high | 8.8 | 8.8 | 7mo ago | A vulnerability was detected in itsourcecode Online Voting System 1.0. This impacts an unknown function of the file /index.php?page=manage_voting. Performing manipulation results in unrestricted uplo… |