Latest CVE Feed
-
9.8
CRITICALCVE-2025-13272
A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Affected is an unknown function of the file /manage_course.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The ex... Read more
Affected Products : school_fees_payment_management_system- Published: Nov. 17, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13271
A vulnerability was determined in Campcodes School Fees Payment Management System 1.0. This impacts an unknown function of the file /ajax.php?action=login. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack ... Read more
Affected Products : school_fees_payment_management_system- Published: Nov. 17, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-65073
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.... Read more
Affected Products : keystone- Published: Nov. 17, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-13270
A vulnerability was found in Campcodes School Fees Payment Management System 1.0. This affects an unknown function of the file /ajax.php?action=save_course. The manipulation of the argument ID results in sql injection. The attack may be launched remotely.... Read more
Affected Products : school_fees_payment_management_system- Published: Nov. 17, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-13269
A vulnerability has been found in Campcodes School Fees Payment Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_payment. The manipulation of the argument ID leads to sql injection. The attack may be ini... Read more
Affected Products : school_fees_payment_management_system- Published: Nov. 17, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13268
A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulati... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13267
A vulnerability was detected in SourceCodester Dental Clinic Appointment Reservation System 1.0. Impacted is an unknown function of the file /success.php. Performing manipulation of the argument username/password results in sql injection. The attack can b... Read more
- Published: Nov. 17, 2025
- Modified: Nov. 20, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-13165
EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated remote attackers to send specific requests that result in denial of web service.... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Denial of Service
-
6.9
MEDIUMCVE-2025-13164
EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend.... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2025-13163
EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system frontend.... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Information Disclosure