Latest CVE Feed
-
7.3
CVSS31CVE-2025-7513
A vulnerability was found in code-projects Modern Bag 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/slideupdate.php. The manipulation of the argument idSlide leads to sql injection. Th... Read more
Affected Products : modern_bag- Published: Jul. 13, 2025
- Modified: Jul. 14, 2025
-
7.3
CVSS31CVE-2025-7514
A vulnerability was found in code-projects Modern Bag 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/contact-list.php. The manipulation of the argument idStatus leads to sql injection. The attac... Read more
Affected Products : modern_bag- Published: Jul. 13, 2025
- Modified: Jul. 14, 2025
-
7.3
CVSS31CVE-2025-7605
A vulnerability was found in code-projects AVL Rooms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument first_name leads to sql injection. The attack may be l... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
7.3
CVSS31CVE-2025-7515
A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. This affects an unknown part of the file /ulocateus.php. The manipulation of the argument doctorname leads to sql injection. It is possible to in... Read more
Affected Products :- Published: Jul. 13, 2025
- Modified: Jul. 14, 2025
-
7.3
CVSS31CVE-2025-7516
A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. This vulnerability affects unknown code of the file /cancelbookingpatient.php. The manipulation of the argument appointment leads to sql injection. Th... Read more
Affected Products :- Published: Jul. 13, 2025
- Modified: Jul. 14, 2025
-
7.3
CVSS31CVE-2025-7595
A vulnerability was found in code-projects Job Diary 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view-cad.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
7.3
CVSS31CVE-2025-7521
A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possib... Read more
Affected Products : vehicle_parking_management_system- Published: Jul. 13, 2025
- Modified: Jul. 13, 2025
-
7.3
CVSS31CVE-2025-7512
A vulnerability was found in code-projects Modern Bag 1.0. It has been classified as critical. Affected is an unknown function of the file /contact-back.php. The manipulation of the argument contact-name leads to sql injection. It is possible to launch th... Read more
Affected Products : modern_bag- Published: Jul. 13, 2025
- Modified: Jul. 14, 2025
-
7.3
CVSS31CVE-2025-7547
A vulnerability, which was classified as critical, was found in Campcodes Online Movie Theater Seat Reservation System 1.0. This affects the function save_movie of the file /admin/admin_class.php. The manipulation of the argument cover leads to unrestrict... Read more
Affected Products :- Published: Jul. 13, 2025
- Modified: Jul. 14, 2025
-
7.2
CVSS31CVE-2024-58258
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur.... Read more
Affected Products : sugarcrm- Published: Jul. 13, 2025
- Modified: Jul. 13, 2025
-
7.2
CVSS31CVE-2025-7603
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. Affected is an unknown function of the file /jingx.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. It is possible... Read more
Affected Products : di-8100_firmware- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
7.2
CVSS31CVE-2025-7602
A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arp_sys.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack... Read more
Affected Products : di-8100_firmware- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
7.0
CVSS31CVE-2025-1384
Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to exe... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
6.8
CVSS31CVE-2025-52363
Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
6.7
CVSS31CVE-2025-7519
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exp... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
6.5
CVSS31CVE-2025-53889
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the it... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025
-
6.5
CVSS31CVE-2025-53822
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `relatorio_geracao.php` endpoint of the WeGIA application prior to version ... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
6.5
CVSS31CVE-2025-53820
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `index.php` endpoint of the WeGIA application prior to version 3.4.5. This ... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
6.4
CVSS31CVE-2025-53865
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).... Read more
Affected Products : roundup- Published: Jul. 13, 2025
- Modified: Jul. 13, 2025
-
6.3
CVSS31CVE-2025-7568
A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function batchCope of the file app/admin/controller/Video.php. The manipulation of the argument ids leads to sql injection. It is possible to laun... Read more
Affected Products : foxcms- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025