Latest CVE Feed
-
7.5
HIGHCVE-2025-14647
A weakness has been identified in code-projects Computer Book Store 1.0. Affected is an unknown function of the file /admin_delete.php. This manipulation of the argument bookisbn causes sql injection. It is possible to initiate the attack remotely. The ex... Read more
Affected Products :- Published: Dec. 14, 2025
- Modified: Dec. 14, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-14646
A security flaw has been discovered in code-projects Student File Management System 1.0. This impacts an unknown function of the file /admin/delete_student.php. The manipulation of the argument stud_id results in sql injection. The attack may be performed... Read more
Affected Products :- Published: Dec. 14, 2025
- Modified: Dec. 14, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-14645
A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown function of the file /admin/delete_user.php. The manipulation of the argument user_id leads to sql injection. The attack is possible to be carried ... Read more
Affected Products :- Published: Dec. 14, 2025
- Modified: Dec. 14, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-12696
The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them... Read more
Affected Products :- Published: Dec. 14, 2025
- Modified: Dec. 14, 2025
- Vuln Type: Authentication
-
6.4
MEDIUMCVE-2025-12537
The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes i... Read more
Affected Products :- Published: Dec. 14, 2025
- Modified: Dec. 14, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-67897
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.... Read more
Affected Products : sequoia-openpgp- Published: Dec. 14, 2025
- Modified: Dec. 14, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-13126
The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the `post_args` and `topic_args` parameters in all versions up to, and including, 2.4.12 due to insufficient escaping on the user supplied parameter and lack of sufficient pr... Read more
Affected Products : wpforo_forum- Published: Dec. 14, 2025
- Modified: Dec. 14, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-14644
A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /update_subject.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be executed remo... Read more
Affected Products : student_management_system- Published: Dec. 14, 2025
- Modified: Dec. 14, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-14643
A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student results in sql injection. Remote exploitation of the attack... Read more
Affected Products :- Published: Dec. 14, 2025
- Modified: Dec. 14, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2025-14642
A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technical_staff_pic.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely.... Read more
Affected Products :- Published: Dec. 14, 2025
- Modified: Dec. 14, 2025
- Vuln Type: Misconfiguration
-
5.8
MEDIUMCVE-2025-14641
A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/admin_pic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. Th... Read more
Affected Products :- Published: Dec. 14, 2025
- Modified: Dec. 14, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-14640
A flaw has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /admin/save_student.php. Executing manipulation of the argument stud_no can lead to sql injection. The attack may be launche... Read more
Affected Products :- Published: Dec. 14, 2025
- Modified: Dec. 14, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-14639
A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is n... Read more
Affected Products : student_management_system- Published: Dec. 14, 2025
- Modified: Dec. 14, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-14638
A security vulnerability has been detected in itsourcecode Online Pet Shop Management System 1.0. This issue affects some unknown processing of the file /pet1/update_cnp.php. Such manipulation of the argument ID leads to sql injection. The attack can be l... Read more
Affected Products :- Published: Dec. 14, 2025
- Modified: Dec. 14, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2025-9116
The WPS Visitor Counter Plugin WordPress plugin through 1.4.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.... Read more
Affected Products :- Published: Dec. 13, 2025
- Modified: Dec. 13, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-43527
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3. An app may be able to gain root privileges.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 13, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-43511
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more
- Published: Dec. 12, 2025
- Modified: Dec. 13, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-43467
This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to gain root privileges.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 13, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-43464
A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.1. Visiting a website may lead to an app denial-of-service.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 13, 2025
- Vuln Type: Denial of Service
-
2.4
LOWCVE-2025-43410
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2. An attacker with physical access may be able to view deleted notes.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 13, 2025