Latest CVE Feed
-
9.8
CRITICALCVE-2025-13302
A vulnerability was identified in code-projects Courier Management System 1.0. This affects an unknown part of the file /add-new-officer.php. Such manipulation of the argument ManagerName leads to sql injection. The attack can be launched remotely. The ex... Read more
Affected Products : courier_management_system- Published: Nov. 17, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13298
A vulnerability was detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. This affects an unknown function of the file /enrollment/controller.php. Performing manipulation results in sql injection. The attack is possible to be carri... Read more
Affected Products : web-based_internet_laboratory_management_system- Published: Nov. 17, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-63217
The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device... Read more
Affected Products :- Published: Nov. 18, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-41734
An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.... Read more
Affected Products :- Published: Nov. 18, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2024-44659
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php.... Read more
Affected Products : online_shopping_portal- Published: Nov. 17, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13234
A vulnerability was found in itsourcecode Inventory Management System 1.0. The impacted element is an unknown function of the file /index.php?q=product. Performing manipulation of the argument PROID results in sql injection. It is possible to initiate the... Read more
Affected Products : inventory_management_system- Published: Nov. 16, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13235
A vulnerability was determined in itsourcecode Inventory Management System 1.0. This affects an unknown function of the file /admin/login.php. Executing manipulation of the argument user_email can lead to sql injection. It is possible to launch the attack... Read more
Affected Products : inventory_management_system- Published: Nov. 16, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13233
A vulnerability has been found in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /index.php?q=single-item. Such manipulation of the argument ID leads to sql injection. The attack may be performed from... Read more
Affected Products : inventory_management_system- Published: Nov. 16, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13236
A vulnerability was identified in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remot... Read more
Affected Products : inventory_management_system- Published: Nov. 16, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13237
A security flaw has been discovered in itsourcecode Inventory Management System 1.0. Affected is an unknown function of the file /LogSignModal.PHP. The manipulation of the argument U_USERNAME results in sql injection. The attack can be launched remotely. ... Read more
Affected Products : inventory_management_system- Published: Nov. 16, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-12853
A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. This affects the function delete_house of the file /admin_class.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed... Read more
Affected Products : best_house_rental_management_system- Published: Nov. 07, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-54321
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests.... Read more
Affected Products :- Published: Nov. 18, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-63694
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage.... Read more
Affected Products :- Published: Nov. 18, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13210
A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=add. Such manipulation of the argument PROMODEL leads to sql injection. The attack may ... Read more
Affected Products : inventory_management_system- Published: Nov. 15, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-41733
The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.... Read more
Affected Products :- Published: Nov. 18, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-13323
A security flaw has been discovered in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /listorder.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. T... Read more
Affected Products : simple_pizza_ordering_system- Published: Nov. 18, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-63666
Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browse... Read more
- Published: Nov. 12, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-41348
SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/j... Read more
Affected Products : winplus- Published: Nov. 18, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13300
A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads to sql injection. It is possible to initiate the attack remote... Read more
Affected Products : web-based_internet_laboratory_management_system- Published: Nov. 17, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-63747
QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an at... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Authentication