Latest CVE Feed
-
9.8
CRITICALCVE-2025-15049
A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is pub... Read more
Affected Products : online_farm_system- Published: Dec. 23, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-15407
A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. Such manipulation of the argument dre_Ctitle leads to sql injection. The attack can be executed remotely. The... Read more
Affected Products : online_guitar_store- Published: Jan. 01, 2026
- Modified: Jan. 06, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-0591
A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument id/qty leads to... Read more
Affected Products : online_product_reservation_system- Published: Jan. 05, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-0585
A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /order_view.php of the component GET Parameter Handler. Such manipulation of the argument transaction_id leads t... Read more
Affected Products : online_product_reservation_system- Published: Jan. 05, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-68985
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through <= 1.3.15.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14951
A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument post_content leads to sql injection. The attack can be executed ... Read more
Affected Products : scholars_tracking_system- Published: Dec. 19, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14952
A vulnerability was detected in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_category.php. Performing manipulation of the argument txtCategoryName results in sql injection. The attack is possible to be ... Read more
Affected Products : supplier_management_system- Published: Dec. 19, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13773
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update' function. This is due to missing capability check in th... Read more
Affected Products : print_invoice_\&_delivery_notes_for_woocommerce- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-14940
A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack ... Read more
Affected Products : scholars_tracking_system- Published: Dec. 19, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14950
A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possibl... Read more
Affected Products : scholars_tracking_system- Published: Dec. 19, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-67924
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows Upload a Web Shell to a Web Server.This issue affects Corpkit: from n/a through <= 2.0.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-68615
net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 ... Read more
Affected Products : net-snmp- Published: Dec. 23, 2025
- Modified: Jan. 09, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-15011
A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attack can be executed remotely. The exploit has been made pu... Read more
Affected Products : simple_stock_system- Published: Dec. 22, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-15034
A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has bee... Read more
Affected Products : student_management_system- Published: Dec. 23, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2022-50696
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the dev... Read more
Affected Products : stream first_firmware first impact_firmware impact pulse_firmware pulse impact_eco_firmware impact_eco pulse_eco_firmware +8 more products- Published: Dec. 30, 2025
- Modified: Jan. 16, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-56333
An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component... Read more
Affected Products : pangolin- Published: Dec. 29, 2025
- Modified: Jan. 07, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-68990
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-65212
An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core c... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2019-25282
V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting ... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2023-53963
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts ... Read more
Affected Products : stream first_firmware first impact_firmware impact pulse_firmware pulse impact_eco_firmware impact_eco pulse_eco_firmware +8 more products- Published: Dec. 22, 2025
- Modified: Jan. 13, 2026
- Vuln Type: Injection