CVEs from 2025
Total
12,202
critical
critical 1,301
high
high 1,894
medium
medium 1,908
low
low 193
% Critical
10.7%
% with KEV
1.5%
% with exploit
1.5%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- inventory_management_system 28
- gcp 23
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2025-68121 | critical | 10.0 | 10.0 | 9d ago | Important: osbuild-composer security update | |
| CVE-2025-15036 | critical | 10.0 | 10.0 | 2mo ago | MLFlow path traversal vulnerability | |
| CVE-2025-34291 | high | 8.8 | 10.0 | 6mo ago | Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with al… | |
| CVE-2025-58963 | critical | 10.0 | 10.0 | 7mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a through < 1.1.9. | |
| CVE-2025-54236 | critical | 9.1 | 10.0 | 9mo ago | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API. | |
| CVE-2025-49410 | critical | 10.0 | 10.0 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from n/a through… | |
| CVE-2025-49408 | critical | 10.0 | 10.0 | 9mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7. | |
| CVE-2025-49447 | critical | 10.0 | 10.0 | 11mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0. | |
| CVE-2025-49113 | critical | — | 10.0 | 1y ago | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.ph… | |
| CVE-2025-26776 | critical | 10.0 | 10.0 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3. | |
| CVE-2025-69691 | critical | 9.9 | 9.9 | 20d ago | Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally all… | |
| CVE-2025-62718 | critical | 9.9 | 9.9 | 2mo ago | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback… | |
| CVE-2025-30996 | critical | 9.9 | 9.9 | 5mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify… | |
| CVE-2025-31048 | critical | 9.9 | 9.9 | 5mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4. | |
| CVE-2025-68562 | critical | 9.9 | 9.9 | 5mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.3. | |
| CVE-2025-31100 | critical | 9.9 | 9.9 | 9mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 (02… | |
| CVE-2025-8795 | critical | 9.9 | 9.9 | 10mo ago | A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads… | |
| CVE-2025-47663 | critical | 9.9 | 9.9 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.… | |
| CVE-2025-26892 | critical | 9.9 | 9.9 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2. | |
| CVE-2025-26872 | critical | 9.9 | 9.9 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2. | |
| CVE-2025-1782 | critical | 9.9 | 9.9 | 1y ago | In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an a… | |
| CVE-2025-30841 | critical | 9.9 | 9.9 | 1y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown… | |
| CVE-2025-12686 | critical | 9.8 | 9.8 | 14h ago | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via … | |
| CVE-2025-71211 | critical | 9.8 | 9.8 | 6d ago | A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in … | |
| CVE-2025-71210 | critical | 9.8 | 9.8 | 6d ago | A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vul… | |
| CVE-2025-31973 | critical | 9.8 | 9.8 | 7d ago | HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially i… | |
| CVE-2025-33255 | critical | 9.8 | 9.8 | 8d ago | NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code executio… | |
| CVE-2025-11024 | critical | 9.8 | 9.8 | 14d ago | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. Th… | |
| CVE-2025-65719 | critical | 9.8 | 9.8 | 15d ago | An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page. | |
| CVE-2025-6577 | critical | 9.8 | 9.8 | 16d ago | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This iss… | |
| CVE-2025-14179 | critical | 9.8 | 9.8 | 18d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by… | |
| CVE-2025-69599 | critical | 9.8 | 9.8 | 20d ago | RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to c… | |
| CVE-2025-67887 | critical | 9.8 | 9.8 | 20d ago | 1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess fil… | |
| CVE-2025-63704 | critical | 9.8 | 9.8 | 20d ago | query-parser-string is vulnerable to Prototype Pollution | |
| CVE-2025-63703 | critical | 9.8 | 9.8 | 20d ago | parse-ini is vulnerable to Prototype Pollution in index.js() | |
| CVE-2025-63706 | critical | 9.8 | 9.8 | 20d ago | next-npm-version is vulnerable to Command injection | |
| CVE-2025-1978 | critical | 9.8 | 9.8 | 21d ago | Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Vi… | |
| CVE-2025-9661 | critical | 9.8 | 9.8 | 21d ago | OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform On… | |
| CVE-2025-59851 | critical | 9.8 | 9.8 | 21d ago | HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and … | |
| CVE-2025-13618 | critical | 9.8 | 9.8 | 23d ago | The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can regis… | |
| CVE-2025-70067 | critical | 9.8 | 9.8 | 23d ago | Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file… | |
| CVE-2025-14320 | critical | 9.8 | 9.8 | 24d ago | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allo… | |
| CVE-2025-71284 | critical | 9.8 | 9.8 | 27d ago | Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and in… | |
| CVE-2025-13030 | critical | 9.8 | 9.8 | 28d ago | django-mdeditor is Missing Authentication for Critical Function | |
| CVE-2025-60889 | critical | 9.8 | 9.8 | 29d ago | Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts. | |
| CVE-2025-62373 | critical | 9.8 | 9.8 | 1mo ago | Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer | |
| CVE-2025-65115 | critical | 9.8 | 9.8 | 2mo ago | Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2… | |
| CVE-2025-15379 | critical | 9.8 | 9.8 | 2mo ago | MLflow Command Injection vulnerability | |
| CVE-2025-60237 | critical | 9.8 | 9.8 | 2mo ago | Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0. | |
| CVE-2025-60233 | critical | 9.8 | 9.8 | 2mo ago | Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2. | |
| CVE-2025-70041 | critical | 9.8 | 9.8 | 3mo ago | An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. | |
| CVE-2025-29165 | critical | 9.8 | 9.8 | 3mo ago | An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component | |
| CVE-2025-15503 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. … | |
| CVE-2025-15502 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session.… | |
| CVE-2025-15496 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack m… | |
| CVE-2025-15493 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument… | |
| CVE-2025-47552 | critical | 9.8 | 9.8 | 5mo ago | Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37. | |
| CVE-2025-39477 | critical | 9.8 | 9.8 | 5mo ago | Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8. | |
| CVE-2025-15458 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to… | |
| CVE-2025-15457 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a man… | |
| CVE-2025-15436 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. Such manipulation of the argument Report leads to sql inj… | |
| CVE-2025-15435 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This manipulation of the argument Report causes sql inject… | |
| CVE-2025-15434 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to lau… | |
| CVE-2025-15425 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing a manipulatio… | |
| CVE-2025-15424 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing a manipulat… | |
| CVE-2025-15421 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the… | |
| CVE-2025-15420 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. T… | |
| CVE-2025-15410 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument L_email leads to… | |
| CVE-2025-15409 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Delete_product.php. Executing a manipulation of … | |
| CVE-2025-15408 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing a manipulation of the argument dre_title results … | |
| CVE-2025-15407 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. Such manipulation of the argument dre_Ctitle leads to… | |
| CVE-2025-15391 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi_main of the component SSDP Request Handler. This manipulation causes command injection. The attack can be … | |
| CVE-2025-15357 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The a… | |
| CVE-2025-15354 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/add_admin.php. Executing manipulation of the argument Username can … | |
| CVE-2025-15353 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function edit_admin_query of the file /admin/edit_admin_query.php. Performing manipulation of the argument … | |
| CVE-2025-15263 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. Executing a manipulation of the argument Us… | |
| CVE-2025-15257 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Inte… | |
| CVE-2025-15256 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The mani… | |
| CVE-2025-15247 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424. Affected by this issue is the function snap7_rs::client::S7Client::download of the file client.rs. Su… | |
| CVE-2025-15243 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the argument Username can lead to sql injec… | |
| CVE-2025-15212 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a r… | |
| CVE-2025-15211 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/… | |
| CVE-2025-15210 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the arg… | |
| CVE-2025-15209 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown part of the file /home/editfood.php. This manipulation of the argument a/b/c/d causes sql i… | |
| CVE-2025-15208 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of th… | |
| CVE-2025-15207 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/view_products.php. The manipulation of the argument chkId[] leads to sql… | |
| CVE-2025-15206 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /admin/add_area.php. Executing a manipulation of the argument txtAreaCode can lead to s… | |
| CVE-2025-15198 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing a manipulation of the argument User ca… | |
| CVE-2025-15196 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The att… | |
| CVE-2025-15195 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument li… | |
| CVE-2025-15186 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argum… | |
| CVE-2025-15185 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the ar… | |
| CVE-2025-15184 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in … | |
| CVE-2025-15183 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tf… | |
| CVE-2025-15182 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lea… | |
| CVE-2025-15181 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulatio… | |
| CVE-2025-15168 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection… | |
| CVE-2025-15167 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument ID causes sql inject… | |
| CVE-2025-15166 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in… | |
| CVE-2025-15165 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argume… |