CVEs from 2025
Total
12,202
critical
critical 1,301
high
high 1,894
medium
medium 1,908
low
low 193
% Critical
10.7%
% with KEV
1.5%
% with exploit
1.5%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- inventory_management_system 28
- gcp 23
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2025-34291 | high | 8.8 | 10.0 | 6mo ago | Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with al… | |
| CVE-2025-43529 | high | — | 9.5 | 5mo ago | Important: webkit2gtk3 security update | |
| CVE-2025-14174 | high | — | 9.5 | 5mo ago | Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability co… | |
| CVE-2025-31277 | high | — | 9.5 | 8mo ago | Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corru… | |
| CVE-2025-41244 | high | — | 9.5 | 8mo ago | Important: open-vm-tools security update | |
| CVE-2025-38352 | high | — | 9.5 | 9mo ago | Important: kernel security update | |
| CVE-2025-6558 | high | — | 9.5 | 10mo ago | Important: webkit2gtk3 security update | |
| CVE-2025-48384 | high | — | 9.5 | 10mo ago | Important: git security update | |
| CVE-2025-27363 | high | — | 9.5 | 1y ago | Important: freetype security update | |
| CVE-2025-24201 | high | — | 9.5 | 1y ago | Important: webkit2gtk3 security update | |
| CVE-2025-40899 | high | 8.9 | 8.9 | 1mo ago | A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges … | |
| CVE-2025-41669 | high | 8.8 | 8.8 | 16h ago | The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, … | |
| CVE-2025-57282 | high | 8.8 | 8.8 | 9d ago | ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection. | |
| CVE-2025-15024 | high | 8.8 | 8.8 | 13d ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System … | |
| CVE-2025-15023 | high | 8.8 | 8.8 | 13d ago | Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Conf… | |
| CVE-2025-15025 | high | 8.8 | 8.8 | 13d ago | Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Ex… | |
| CVE-2025-12008 | high | 8.8 | 8.8 | 13d ago | Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs. This i… | |
| CVE-2025-53844 | high | 8.8 | 8.8 | 15d ago | A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via spe… | |
| CVE-2025-8325 | high | 8.8 | 8.8 | 17d ago | The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This… | |
| CVE-2025-43524 | high | 8.8 | 8.8 | 17d ago | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox. | |
| CVE-2025-63705 | high | 8.8 | 8.8 | 20d ago | node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js | |
| CVE-2025-52613 | high | 8.8 | 8.8 | 21d ago | HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses… | |
| CVE-2025-31951 | high | 8.8 | 8.8 | 21d ago | HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized comma… | |
| CVE-2025-58074 | high | 8.8 | 8.8 | 23d ago | A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may res… | |
| CVE-2025-70420 | high | 8.8 | 8.8 | 1mo ago | A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused b… | |
| CVE-2025-53847 | high | 8.8 | 8.8 | 1mo ago | A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS … | |
| CVE-2025-15101 | high | 8.8 | 8.8 | 2mo ago | An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted param… | |
| CVE-2025-67030 | high | 8.8 | 8.8 | 2mo ago | Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbi… | |
| CVE-2025-15467 | high | 8.8 | 8.8 | 4mo ago | Important: openssl security update | |
| CVE-2025-15494 | high | 8.8 | 8.8 | 5mo ago | A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to … | |
| CVE-2025-15492 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of th… | |
| CVE-2025-31643 | high | 8.8 | 8.8 | 5mo ago | Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0. | |
| CVE-2025-29004 | high | 8.8 | 8.8 | 5mo ago | Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege… | |
| CVE-2025-47553 | high | 8.8 | 8.8 | 5mo ago | Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.25. | |
| CVE-2025-31047 | high | 8.8 | 8.8 | 5mo ago | Deserialization of Untrusted Data vulnerability in Themify Themify Edmin allows Object Injection.This issue affects Themify Edmin: from n/a through 2.0.0. | |
| CVE-2025-15423 | high | 8.8 | 8.8 | 5mo ago | A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The a… | |
| CVE-2025-15406 | high | 8.8 | 8.8 | 5mo ago | A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possib… | |
| CVE-2025-15404 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /save_file.php. The manipulation of the argument Fil… | |
| CVE-2025-15393 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API… | |
| CVE-2025-15392 | high | 8.8 | 8.8 | 5mo ago | A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Exe… | |
| CVE-2025-15390 | high | 8.8 | 8.8 | 5mo ago | A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible t… | |
| CVE-2025-15375 | high | 8.8 | 8.8 | 5mo ago | A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipu… | |
| CVE-2025-15254 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injectio… | |
| CVE-2025-15205 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argum… | |
| CVE-2025-15199 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argumen… | |
| CVE-2025-15192 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the arg… | |
| CVE-2025-15191 | high | 8.8 | 8.8 | 5mo ago | A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_u… | |
| CVE-2025-15139 | high | 8.8 | 8.8 | 5mo ago | A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command in… | |
| CVE-2025-15133 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Suc… | |
| CVE-2025-15132 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This mani… | |
| CVE-2025-15131 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation r… | |
| CVE-2025-15050 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of the argument File leads t… | |
| CVE-2025-15009 | high | 8.8 | 8.8 | 5mo ago | A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Exec… | |
| CVE-2025-15004 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The manipulation of the argument orderby leads to sql injection. It is possib… | |
| CVE-2025-14885 | high | 8.8 | 8.8 | 5mo ago | A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_leads.php of the component Leads Generation Module. Executing manipulatio… | |
| CVE-2025-14856 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment … | |
| CVE-2025-14834 | high | 8.8 | 8.8 | 5mo ago | A weakness has been identified in code-projects Simple Stock System 1.0. This affects an unknown function of the file /checkuser.php. Executing a manipulation of the argument Username can lead to sql… | |
| CVE-2025-14749 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to… | |
| CVE-2025-14589 | high | 8.8 | 8.8 | 6mo ago | A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keynam… | |
| CVE-2025-14516 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performin… | |
| CVE-2025-14230 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was detected in code-projects Daily Time Recording System 4.5.0. The impacted element is an unknown function of the file /admin/add_payroll.php. Performing manipulation of the argumen… | |
| CVE-2025-14225 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead t… | |
| CVE-2025-14222 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /print_personnel_report.php. This manipulation of the argument per_id causes… | |
| CVE-2025-14214 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in itsourcecode Student Information System 1.0. This affects an unknown part of the file /section_edit1.php. The manipulation of the argument ID leads to sql injection.… | |
| CVE-2025-14203 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes … | |
| CVE-2025-14195 | high | 8.8 | 8.8 | 6mo ago | A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add_file_query.php. The manipulation of the argumen… | |
| CVE-2025-14193 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file /view_personnel.php. Executing a manipulation of the argume… | |
| CVE-2025-14126 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The … | |
| CVE-2025-14086 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function of the file /app-api/v1/members/openid/. The manipulation of the argument openid results in improper a… | |
| CVE-2025-14085 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper cont… | |
| CVE-2025-14051 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead … | |
| CVE-2025-13816 | high | 8.8 | 8.8 | 6mo ago | A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File … | |
| CVE-2025-13808 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java… | |
| CVE-2025-13790 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has… | |
| CVE-2025-13581 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was identified in itsourcecode Student Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /schedule_edit1.php. Such manipulation of the arg… | |
| CVE-2025-13580 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in code-projects Library System 1.0. Affected is an unknown function of the file /mail.php. This manipulation of the argument ID causes sql injection. The attack may be… | |
| CVE-2025-13579 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can b… | |
| CVE-2025-13576 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possi… | |
| CVE-2025-13575 | high | 8.8 | 8.8 | 6mo ago | A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function category_exists of the file /resources/functions/blog.php of the component Category Handler. Such m… | |
| CVE-2025-13573 | high | 8.8 | 8.8 | 6mo ago | A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add_book.php. The manipulation of the argument image r… | |
| CVE-2025-13571 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /listorder.php. Executing manipulation of the argumen… | |
| CVE-2025-13570 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=state. Performing manipulation of the argument… | |
| CVE-2025-13569 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/?page=city. Such manipulation of the argument ID leads to sql injection. T… | |
| CVE-2025-13568 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in itsourcecode COVID Tracking System 1.0. This impacts an unknown function of the file /admin/?page=people. This manipulation of the argument ID causes sql injection. The attac… | |
| CVE-2025-13567 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This affects an unknown function of the file /admin/?page=establishment. The manipulation of the argument ID results in sql inj… | |
| CVE-2025-13347 | high | 8.8 | 8.8 | 6mo ago | A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_user. Executing manipulation of the argument User… | |
| CVE-2025-13346 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was detected in SourceCodester Train Station Ticketing System 1.0. This affects an unknown part of the file /ajax.php?action=save_station. Performing manipulation of the argument id/s… | |
| CVE-2025-13345 | high | 8.8 | 8.8 | 6mo ago | A security vulnerability has been detected in SourceCodester Train Station Ticketing System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_ticket. Such ma… | |
| CVE-2025-13325 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was determined in itsourcecode Student Information System 1.0. The affected element is an unknown function of the file /enrollment_edit1.php. Executing manipulation of the argument en… | |
| CVE-2025-13306 | high | 8.8 | 8.8 | 6mo ago | A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of t… | |
| CVE-2025-13290 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /saveorder.php. Such manipulation of the argument ID … | |
| CVE-2025-13289 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Affected is an unknown function of the file /TeacherLogin/Academics/SubjectDetails.php. Th… | |
| CVE-2025-13287 | high | 8.8 | 8.8 | 6mo ago | A weakness has been identified in itsourcecode Online Voting System 1.0. This affects an unknown function of the file /index.php?page=categories. Executing manipulation of the argument id/category ca… | |
| CVE-2025-13286 | high | 8.8 | 8.8 | 6mo ago | A security flaw has been discovered in itsourcecode Online Voting System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_user. Performing manipulation of the argume… | |
| CVE-2025-13279 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was found in code-projects Nero Social Networking Site 1.0. The affected element is an unknown function of the file /profilefriends.php. Performing manipulation of the argument ID res… | |
| CVE-2025-13278 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrowed_book_search.php. Such manipulation of the argument datefr… | |
| CVE-2025-13274 | high | 8.8 | 8.8 | 6mo ago | A weakness has been identified in Campcodes School Fees Payment Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_fees. Executing a manip… | |
| CVE-2025-13273 | high | 8.8 | 8.8 | 6mo ago | A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_payment. Per… | |
| CVE-2025-13270 | high | 8.8 | 8.8 | 6mo ago | A vulnerability was found in Campcodes School Fees Payment Management System 1.0. This affects an unknown function of the file /ajax.php?action=save_course. The manipulation of the argument ID result… | |
| CVE-2025-13269 | high | 8.8 | 8.8 | 6mo ago | A vulnerability has been found in Campcodes School Fees Payment Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_payment. The manipulation of the a… |