Latest CVE Feed
-
9.8
CRITICALCVE-2025-54875
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page,... Read more
Affected Products : freshrss- Published: Sep. 29, 2025
- Modified: Oct. 03, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-11522
The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the search_and_go_elated_check_facebook_u... Read more
Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-10832
A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. The affected element is an unknown function of the file /admin/fetch_product_details.php. The manipulation of the argument barcode results in sql injection. The attack may b... Read more
Affected Products : pet_grooming_management_software- Published: Sep. 23, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-11139
A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUpdater. This manipulation of the argument filepath causes path traversal. Remote exploitation of... Read more
Affected Products : zhiyou_erp- Published: Sep. 29, 2025
- Modified: Oct. 03, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-10831
A vulnerability has been found in Campcodes Computer Sales and Inventory System 1.0. Impacted is an unknown function of the file /pages/pro_edit1.php. The manipulation of the argument prodcode leads to sql injection. The attack is possible to be carried o... Read more
Affected Products : computer_sales_and_inventory_system- Published: Sep. 23, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-59735
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a... Read more
Affected Products : e-tms- Published: Oct. 02, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10781
A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_class.php. Such manipulation of the argument class_name leads to sql injection. The attack can be executed remotely... Read more
Affected Products : online_learning_management_system- Published: Sep. 22, 2025
- Modified: Sep. 23, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10782
A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/class.php. Performing manipulation of the argument class_name results in sql injection. The attack is possible to be... Read more
Affected Products : online_learning_management_system- Published: Sep. 22, 2025
- Modified: Sep. 23, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10812
A vulnerability has been found in code-projects Hostel Management System 1.0. This impacts an unknown function of the file /justines/admin/mod_amenities/index.php?view=view. The manipulation of the argument ID leads to sql injection. It is possible to ini... Read more
- Published: Sep. 22, 2025
- Modified: Sep. 23, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10833
A vulnerability was determined in 1000projects Bookstore Management System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument unm causes sql injection. It is possible to initiate the attack remotely.... Read more
Affected Products : bookstore_management_system- Published: Sep. 23, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10783
A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_subject.php. Executing manipulation of the argument subject_code can lead to sql injection... Read more
Affected Products : online_learning_management_system- Published: Sep. 22, 2025
- Modified: Sep. 23, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10857
A security flaw has been discovered in Campcodes Point of Sale System POS 1.0. Affected by this issue is some unknown functionality of the file /login.php. Performing manipulation of the argument Username results in sql injection. The attack is possible t... Read more
Affected Products : point_of_sale_system- Published: Sep. 23, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10843
A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The a... Read more
Affected Products : online_hotel_reservation_system- Published: Sep. 23, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10817
A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be lau... Read more
Affected Products : online_learning_management_system- Published: Sep. 22, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10779
A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remot... Read more
- Published: Sep. 22, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-11062
A vulnerability was determined in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/save_student.php. Executing manipulation of the argument class_id can lead to sql injection. The attack may be pe... Read more
Affected Products : online_learning_management_system- Published: Sep. 27, 2025
- Modified: Oct. 03, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10795
A vulnerability has been found in code-projects Online Bidding System 1.0. This affects an unknown part of the file /administrator/bidupdate.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit... Read more
Affected Products : online_bidding_system- Published: Sep. 22, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-59737
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a... Read more
Affected Products : e-tms- Published: Oct. 02, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-59743
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cook... Read more
Affected Products : e-tms- Published: Oct. 02, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-11039
A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/us_edit1.php. The manipulation of the argument ID leads to sql injection. Remote... Read more
Affected Products : computer_sales_and_inventory_system- Published: Sep. 26, 2025
- Modified: Oct. 03, 2025
- Vuln Type: Injection