CVEs from 2025
Total
8,818
critical
critical 1,314
high
high 1,959
medium
medium 1,968
low
low 200
% Critical
14.9%
% with KEV
2.1%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34291 | high | 8.8 | 10.0 | 6mo ago | Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage… | |||
| CVE-2025-48595 | high | 8.4 | 9.9 | 2d ago | Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation. | |||
| CVE-2025-9140 | high | 8.8 | 9.8 | 10mo ago | A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetail_modul… | |||
| CVE-2025-43529 | high | — | 9.5 | 6mo ago | Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could… | |||
| CVE-2025-14174 | high | — | 9.5 | 6mo ago | Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability co… | |||
| CVE-2025-31277 | high | — | 9.5 | 8mo ago | Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corru… | |||
| CVE-2025-41244 | high | — | 9.5 | 8mo ago | Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with V… | |||
| CVE-2025-38352 | high | — | 9.5 | 9mo ago | Linux kernel contains a time-of-check time-of-use (TOCTOU) race condition vulnerability that has a high impact on confidentiality, integrity, and availability. | |||
| CVE-2025-6558 | high | — | 9.5 | 10mo ago | Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page.… | |||
| CVE-2025-48384 | high | — | 9.5 | 11mo ago | Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files. | |||
| CVE-2025-27363 | high | — | 9.5 | 1y ago | FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution. | |||
| CVE-2025-24201 | high | — | 9.5 | 1y ago | Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vuln… | |||
| CVE-2025-12744 | high | — | 9.0 | 6mo ago | RHSA-2025:22760: abrt security update (Important) | |||
| CVE-2025-55315 | high | — | 9.0 | 7mo ago | RHSA-2025:18150: .NET 9.0 security update (Important) | |||
| CVE-2025-6965 | high | — | 9.0 | 10mo ago | RHSA-2025:14101: mingw-sqlite security update (Important) | |||
| CVE-2025-32023 | high | — | 9.0 | 11mo ago | RHSA-2025:12006: redis:6 security update (Important) | |||
| CVE-2025-31650 | high | — | 9.0 | 11mo ago | Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory … | |||
| CVE-2025-32462 | high | — | 9.0 | 11mo ago | Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. | |||
| CVE-2025-1094 | high | — | 9.0 | 1y ago | RHSA-2025:3082: postgresql:12 security update (Important) | |||
| CVE-2025-40899 | high | 8.9 | 8.9 | 2mo ago | A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges … | |||
| CVE-2025-15656 | high | 8.8 | 8.8 | 18h ago | Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0. | |||
| CVE-2025-14772 | high | 8.8 | 8.8 | 18h ago | Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |||
| CVE-2025-53345 | high | 8.8 | 8.8 | 2d ago | Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3. | |||
| CVE-2025-11993 | high | 8.8 | 8.8 | 6d ago | The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'import_se… | |||
| CVE-2025-41669 | high | 8.8 | 8.8 | 8d ago | The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, … | |||
| CVE-2025-57282 | high | 8.8 | 8.8 | 17d ago | ngrok is Vulnerable to Command Injection | |||
| CVE-2025-15024 | high | 8.8 | 8.8 | 20d ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System … | |||
| CVE-2025-15023 | high | 8.8 | 8.8 | 20d ago | Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Conf… | |||
| CVE-2025-15025 | high | 8.8 | 8.8 | 21d ago | Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Ex… | |||
| CVE-2025-12008 | high | 8.8 | 8.8 | 21d ago | Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs. This i… | |||
| CVE-2025-53844 | high | 8.8 | 8.8 | 22d ago | A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via spe… | |||
| CVE-2025-8325 | high | 8.8 | 8.8 | 24d ago | The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This… | |||
| CVE-2025-43524 | high | 8.8 | 8.8 | 24d ago | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox. | |||
| CVE-2025-63705 | high | 8.8 | 8.8 | 28d ago | node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js | |||
| CVE-2025-52613 | high | 8.8 | 8.8 | 29d ago | HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses… | |||
| CVE-2025-31951 | high | 8.8 | 8.8 | 29d ago | HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized comma… | |||
| CVE-2025-58074 | high | 8.8 | 8.8 | 1mo ago | A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may res… | |||
| CVE-2025-70420 | high | 8.8 | 8.8 | 1mo ago | A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused b… | |||
| CVE-2025-53847 | high | 8.8 | 8.8 | 2mo ago | A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS … | |||
| CVE-2025-15101 | high | 8.8 | 8.8 | 2mo ago | An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted param… | |||
| CVE-2025-67030 | high | 8.8 | 8.8 | 2mo ago | Plexus-Utils has a Directory Traversal vulnerability in its extractFile method | |||
| CVE-2025-15467 | high | 8.8 | 8.8 | 4mo ago | Important: openssl security update | |||
| CVE-2025-15494 | high | 8.8 | 8.8 | 5mo ago | A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to … | |||
| CVE-2025-15492 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of th… | |||
| CVE-2025-31643 | high | 8.8 | 8.8 | 5mo ago | Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0. | |||
| CVE-2025-29004 | high | 8.8 | 8.8 | 5mo ago | Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege… | |||
| CVE-2025-47553 | high | 8.8 | 8.8 | 5mo ago | Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.25. | |||
| CVE-2025-31047 | high | 8.8 | 8.8 | 5mo ago | Deserialization of Untrusted Data vulnerability in Themify Themify Edmin allows Object Injection.This issue affects Themify Edmin: from n/a through 2.0.0. | |||
| CVE-2025-15423 | high | 8.8 | 8.8 | 5mo ago | A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The a… | |||
| CVE-2025-15406 | high | 8.8 | 8.8 | 5mo ago | A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possib… | |||
| CVE-2025-15404 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /save_file.php. The manipulation of the argument Fil… | |||
| CVE-2025-15393 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API… | |||
| CVE-2025-15392 | high | 8.8 | 8.8 | 5mo ago | A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Exe… | |||
| CVE-2025-15390 | high | 8.8 | 8.8 | 5mo ago | A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible t… | |||
| CVE-2025-15375 | high | 8.8 | 8.8 | 5mo ago | A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipu… | |||
| CVE-2025-15254 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injectio… | |||
| CVE-2025-15205 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argum… | |||
| CVE-2025-15199 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argumen… | |||
| CVE-2025-15192 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the arg… | |||
| CVE-2025-15191 | high | 8.8 | 8.8 | 5mo ago | A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_u… | |||
| CVE-2025-15139 | high | 8.8 | 8.8 | 5mo ago | A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command in… | |||
| CVE-2025-15133 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Suc… | |||
| CVE-2025-15132 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This mani… | |||
| CVE-2025-15131 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation r… | |||
| CVE-2025-15050 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of the argument File leads t… | |||
| CVE-2025-15009 | high | 8.8 | 8.8 | 5mo ago | A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Exec… | |||
| CVE-2025-15004 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The manipulation of the argument orderby leads to sql injection. It is possib… | |||
| CVE-2025-14885 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_leads.php of the component Leads Generation Module. Executing manipulatio… | |||
| CVE-2025-14856 | high | 8.8 | 8.8 | 6mo ago | A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment … | |||
| CVE-2025-14834 | high | 8.8 | 8.8 | 6mo ago | A weakness has been identified in code-projects Simple Stock System 1.0. This affects an unknown function of the file /checkuser.php. Executing a manipulation of the argument Username can lead to sql… | |||
| CVE-2025-14749 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to… | |||
| CVE-2025-14589 | high | 8.8 | 8.8 | 6mo ago | A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keynam… | |||
| CVE-2025-14516 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performin… | |||
| CVE-2025-14230 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was detected in code-projects Daily Time Recording System 4.5.0. The impacted element is an unknown function of the file /admin/add_payroll.php. Performing manipulation of the argumen… | |||
| CVE-2025-14225 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead t… | |||
| CVE-2025-14222 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /print_personnel_report.php. This manipulation of the argument per_id causes… | |||
| CVE-2025-14214 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in itsourcecode Student Information System 1.0. This affects an unknown part of the file /section_edit1.php. The manipulation of the argument ID leads to sql injection.… | |||
| CVE-2025-14203 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes … | |||
| CVE-2025-14195 | high | 8.8 | 8.8 | 6mo ago | A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add_file_query.php. The manipulation of the argumen… | |||
| CVE-2025-14193 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file /view_personnel.php. Executing a manipulation of the argume… | |||
| CVE-2025-14126 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The … | |||
| CVE-2025-14086 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function of the file /app-api/v1/members/openid/. The manipulation of the argument openid results in improper a… | |||
| CVE-2025-14085 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper cont… | |||
| CVE-2025-14051 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead … | |||
| CVE-2025-57201 | high | 8.8 | 8.8 | 6mo ago | AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attack… | |||
| CVE-2025-13816 | high | 8.8 | 8.8 | 6mo ago | A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File … | |||
| CVE-2025-13808 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java… | |||
| CVE-2025-13790 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has… | |||
| CVE-2025-13581 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was identified in itsourcecode Student Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /schedule_edit1.php. Such manipulation of the arg… | |||
| CVE-2025-13580 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in code-projects Library System 1.0. Affected is an unknown function of the file /mail.php. This manipulation of the argument ID causes sql injection. The attack may be… | |||
| CVE-2025-13579 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can b… | |||
| CVE-2025-13576 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possi… | |||
| CVE-2025-13575 | high | 8.8 | 8.8 | 6mo ago | A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function category_exists of the file /resources/functions/blog.php of the component Category Handler. Such m… | |||
| CVE-2025-13573 | high | 8.8 | 8.8 | 6mo ago | A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add_book.php. The manipulation of the argument image r… | |||
| CVE-2025-13571 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /listorder.php. Executing manipulation of the argumen… | |||
| CVE-2025-13570 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=state. Performing manipulation of the argument… | |||
| CVE-2025-13569 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/?page=city. Such manipulation of the argument ID leads to sql injection. T… | |||
| CVE-2025-13568 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in itsourcecode COVID Tracking System 1.0. This impacts an unknown function of the file /admin/?page=people. This manipulation of the argument ID causes sql injection. The attac… | |||
| CVE-2025-13567 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This affects an unknown function of the file /admin/?page=establishment. The manipulation of the argument ID results in sql inj… | |||
| CVE-2025-13347 | high | 8.8 | 8.8 | 7mo ago | A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_user. Executing manipulation of the argument User… |