Latest CVE Feed
-
6.5
MEDIUMCVE-2025-54335
An issue was discovered in the GPU driver in Samsung Mobile Processor Exynos 1480, 2400, 1580, 2500. There is a use-after-free in the Xclipse GPU Driver.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-13279
A vulnerability was found in code-projects Nero Social Networking Site 1.0. The affected element is an unknown function of the file /profilefriends.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remot... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13119
A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been published and may be used.... Read more
Affected Products : simple_e-banking_system- Published: Nov. 13, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-11758
The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated user... Read more
Affected Products : all_in_one_time_clock_lite- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-13260
A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/edit_product.php. Such manipulation of the argument cmbProductUnit leads to sql injection. The attack may be launched re... Read more
Affected Products : supplier_management_system- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13273
A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_payment. Performing manipulation of the argument ID results in sql i... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13270
A vulnerability was found in Campcodes School Fees Payment Management System 1.0. This affects an unknown function of the file /ajax.php?action=save_course. The manipulation of the argument ID results in sql injection. The attack may be launched remotely.... Read more
Affected Products : school_fees_payment_management_system- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13269
A vulnerability has been found in Campcodes School Fees Payment Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_payment. The manipulation of the argument ID leads to sql injection. The attack may be ini... Read more
Affected Products : school_fees_payment_management_system- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13264
A security flaw has been discovered in SourceCodester Online Magazine Management System 1.0. This affects an unknown part of the file /view_magazine.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13256
A weakness has been identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrow.php. Executing manipulation of the argument roll_number can lead to sql injection. It is possible to launch the att... Read more
Affected Products : advanced_library_management_system- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13255
A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. This issue affects some unknown processing of the file /book_search.php. Performing manipulation of the argument book_pub/book_title results in sql injection. It ... Read more
Affected Products : advanced_library_management_system- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13254
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /add_member.php. Such manipulation of the argument roll_number leads to sql injection. The attack may be performed ... Read more
Affected Products : advanced_library_management_system- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13253
A vulnerability was determined in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /add_librarian.php. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out ... Read more
Affected Products : advanced_library_management_system- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13265
A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traver... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-12222
A security vulnerability has been detected in Bdtask Flight Booking Software up to 3.1. Affected by this issue is some unknown functionality of the file /admin/transaction/deposit of the component Deposit Handler. The manipulation leads to unrestricted up... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-64283
Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RTMKit: from n/a through <= 1.6.7.... Read more
Affected Products : romethemekit_for_elementor- Published: Oct. 29, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-64220
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReyCommerce Rey Core rey-core allows Stored XSS.This issue affects Rey Core: from n/a through <= 3.1.8.... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-64202
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through < 5.8.6.... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-64204
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeSphere SmartMag smart-mag allows Stored XSS.This issue affects SmartMag: from n/a through <= 10.3.1.... Read more
Affected Products : smartmag- Published: Oct. 29, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-64194
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Eduma eduma allows Stored XSS.This issue affects Eduma: from n/a through <= 5.7.6.... Read more
Affected Products : eduma- Published: Oct. 29, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting