Latest CVE Feed
-
9.8
CRITICALCVE-2025-15186
A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch t... Read more
Affected Products : refugee_food_management_system- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-15168
A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is pu... Read more
Affected Products : student_management_system- Published: Dec. 29, 2025
- Modified: Jan. 09, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-15012
A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out ... Read more
Affected Products : refugee_food_management_system- Published: Dec. 22, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2022-50794
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'u... Read more
Affected Products : stream first_firmware first impact_firmware impact pulse_firmware pulse impact_eco_firmware impact_eco pulse_eco_firmware +8 more products- Published: Dec. 30, 2025
- Modified: Jan. 13, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-0607
A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remote... Read more
Affected Products : online_music_site- Published: Jan. 06, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-0544
A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The ... Read more
Affected Products : school_management_system- Published: Jan. 01, 2026
- Modified: Jan. 06, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-15182
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely.... Read more
Affected Products : refugee_food_management_system- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2022-50695
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generat... Read more
Affected Products : stream first_firmware first impact_firmware impact pulse_firmware pulse impact_eco_firmware impact_eco pulse_eco_firmware +8 more products- Published: Dec. 30, 2025
- Modified: Jan. 16, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-68860
Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder allows Authentication Abuse.This issue affects Mobile builder: from n/a through 1.4.2.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-15435
A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit h... Read more
Affected Products : ksoa- Published: Jan. 02, 2026
- Modified: Jan. 07, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2023-53948
Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmap_binary parameter to execute a rev... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-33222
NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.... Read more
Affected Products : isaac_launchable- Published: Dec. 23, 2025
- Modified: Jan. 15, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-15078
A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The ex... Read more
Affected Products : student_management_system- Published: Dec. 25, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-15167
A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The ... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2018-25135
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to tri... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14960
A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the at... Read more
Affected Products : simple_blood_donor_management_system- Published: Dec. 19, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-15408
A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing manipulation of the argument dre_title results in sql injection. The attack is possible to be carried out... Read more
Affected Products : online_guitar_store- Published: Jan. 01, 2026
- Modified: Jan. 06, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2018-25134
Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-14359
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in brandexponents Oshine oshin allows PHP Local File Inclusion.This issue affects Oshine: from n/a through <= 7.2.7.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-67418
ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default cred... Read more
Affected Products : clipbucket- Published: Dec. 22, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Authentication