Latest CVE Feed
-
5.3
MEDIUMCVE-2025-10073
A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been ... Read more
Affected Products : i-educar- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-10072
A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remot... Read more
Affected Products : i-educar- Published: Sep. 07, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-10071
A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit ... Read more
Affected Products : i-educar- Published: Sep. 07, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-10070
A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published an... Read more
Affected Products : i-educar- Published: Sep. 07, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-10062
A vulnerability was determined in itsourcecode Student Information Management System 1.0. This affects an unknown part of the file /admin/login.php. Executing manipulation of the argument uname can lead to sql injection. The attack may be launched remotel... Read more
Affected Products : student_information_management_system- Published: Sep. 06, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2025-9922
A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Such manipulation of the argument page leads to cross site scripting. The attack can... Read more
Affected Products : sales_and_inventory_system- Published: Sep. 03, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-9921
A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown function of the file /main/products.php. This manipulation of the argument product_code/gen_name/product_name/supplier causes cross site scripting. The attack ... Read more
Affected Products : pos_pharmacy_system- Published: Sep. 03, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-9920
A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results in file inclusion. It is possible to launch the attack remote... Read more
Affected Products : recruitment_management_system- Published: Sep. 03, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-9610
A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /create_account.php. This manipulation of the argument fname causes sql injection. The attack is possible to be carried... Read more
Affected Products : online_event_judging_system- Published: Aug. 29, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Injection
-
8.1
HIGHCVE-2024-46916
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fsta... Read more
Affected Products : vynamic_security_suite- Published: Aug. 29, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2024-46917
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition,... Read more
Affected Products : vynamic_security_suite- Published: Aug. 29, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-55579
SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8.... Read more
Affected Products : solidinvoice- Published: Aug. 29, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-55580
SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting (XSS) issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed... Read more
Affected Products : solidinvoice- Published: Aug. 29, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-55763
Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt h... Read more
Affected Products : civetweb- Published: Aug. 29, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-44033
SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java... Read more
- Published: Aug. 29, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-9665
A weakness has been identified in code-projects Simple Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_student.php of the component Admin Panel. This manipulation of the argument ID causes sql injection. Th... Read more
Affected Products : simple_grading_system- Published: Aug. 29, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2023-41471
Cross Site Scripting vulnerability in copyparty v.1.9.1 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function.... Read more
Affected Products : copyparty- Published: Aug. 29, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-9375
XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.15.1.... Read more
Affected Products : xmltodict- Published: Sep. 01, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-58780
index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."... Read more
Affected Products : sl1- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-10083
A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed... Read more
- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration