CVE-2024-44654 - PHPGurukul Complaint Management System SQL Injection Vulnerability
CVE ID : CVE-2024-44654
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the email and mobileno parameters in reset-password.php.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-44654
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the email and mobileno parameters in reset-password.php.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-44655 - PHPGurukul Complaint Management System Cross Site Scripting (XSS)
CVE ID : CVE-2024-44655
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) via the search parameter in user-search.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-44655
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) via the search parameter in user-search.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-44658 - PHPGurukul Complaint Management System SQL Injection
CVE ID : CVE-2024-44658
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the subcategory and category parameters in subcategory.php.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-44658
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the subcategory and category parameters in subcategory.php.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-44660 - PHPGurukul Online Shopping Portal SQL Injection
CVE ID : CVE-2024-44660
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-44660
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-44662 - PHPGurukul Online Shopping Portal SQL Injection
CVE ID : CVE-2024-44662
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in the admin page.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-44662
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in the admin page.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-44663 - PHPGurukul Online Shopping Portal SQL Injection
CVE ID : CVE-2024-44663
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-44663
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-46335 - PHPGurukul Complaint Management System Cross Site Scripting (XSS)
CVE ID : CVE-2024-46335
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-46335
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13216 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-13216
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13216
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63292 - Freebox Exposes Subscribers' IMSI Identifiers in Plaintext
CVE ID : CVE-2025-63292
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 Révolution r1–r3 (firmware = 4.7.x), Freebox Mini 4K (firmware = 4.7.x), and Freebox One (firmware = 4.7.x) were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM authentication over the `FreeWifi_secure` network. During the EAP-Response/Identity exchange, the subscriber's full Network Access Identifier (NAI), which embeds the raw IMSI, is transmitted without encryption, tunneling, or pseudonymization. An attacker located within Wi-Fi range (~100 meters) can passively capture these frames without requiring user interaction or elevated privileges. The disclosed IMSI enables device tracking, subscriber correlation, and long-term monitoring of user presence near any broadcasting Freebox device. The vendor acknowledged the vulnerability, and the `FreeWifi_secure` service is planned for full deactivation by 1 October 2025.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63292
Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago
Description : Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 Révolution r1–r3 (firmware = 4.7.x), Freebox Mini 4K (firmware = 4.7.x), and Freebox One (firmware = 4.7.x) were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM authentication over the `FreeWifi_secure` network. During the EAP-Response/Identity exchange, the subscriber's full Network Access Identifier (NAI), which embeds the raw IMSI, is transmitted without encryption, tunneling, or pseudonymization. An attacker located within Wi-Fi range (~100 meters) can passively capture these frames without requiring user interaction or elevated privileges. The disclosed IMSI enables device tracking, subscriber correlation, and long-term monitoring of user presence near any broadcasting Freebox device. The vendor acknowledged the vulnerability, and the `FreeWifi_secure` service is planned for full deactivation by 1 October 2025.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-44659 - PHPGurukul Online Shopping Portal SQL Injection
CVE ID : CVE-2024-44659
Published : Nov. 17, 2025, 8:15 p.m. | 1 hour, 24 minutes ago
Description : PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-44659
Published : Nov. 17, 2025, 8:15 p.m. | 1 hour, 24 minutes ago
Description : PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-44661 - PHPGurukul Online Shopping Portal Cross Site Scripting (XSS)
CVE ID : CVE-2024-44661
Published : Nov. 17, 2025, 8:15 p.m. | 1 hour, 24 minutes ago
Description : PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity parameter in my-cart.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-44661
Published : Nov. 17, 2025, 8:15 p.m. | 1 hour, 24 minutes ago
Description : PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity parameter in my-cart.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-44664 - PHPGurukul Online Shopping Portal SQL Injection Vulnerability
CVE ID : CVE-2024-44664
Published : Nov. 17, 2025, 8:15 p.m. | 1 hour, 24 minutes ago
Description : PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-44664
Published : Nov. 17, 2025, 8:15 p.m. | 1 hour, 24 minutes ago
Description : PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13298 - itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection
CVE ID : CVE-2025-13298
Published : Nov. 17, 2025, 8:15 p.m. | 1 hour, 24 minutes ago
Description : A vulnerability was detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. This affects an unknown function of the file /enrollment/controller.php. Performing manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13298
Published : Nov. 17, 2025, 8:15 p.m. | 1 hour, 24 minutes ago
Description : A vulnerability was detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. This affects an unknown function of the file /enrollment/controller.php. Performing manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13299 - itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection
CVE ID : CVE-2025-13299
Published : Nov. 17, 2025, 8:15 p.m. | 1 hour, 24 minutes ago
Description : A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing manipulation can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13299
Published : Nov. 17, 2025, 8:15 p.m. | 1 hour, 24 minutes ago
Description : A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing manipulation can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36299 - IBM Planning Analytics Information Disclosure
CVE ID : CVE-2025-36299
Published : Nov. 17, 2025, 8:15 p.m. | 1 hour, 24 minutes ago
Description : IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36299
Published : Nov. 17, 2025, 8:15 p.m. | 1 hour, 24 minutes ago
Description : IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36357 - IBM Planning Analytics Local Directory Traversal
CVE ID : CVE-2025-36357
Published : Nov. 17, 2025, 8:15 p.m. | 1 hour, 24 minutes ago
Description : IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36357
Published : Nov. 17, 2025, 8:15 p.m. | 1 hour, 24 minutes ago
Description : IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13300 - itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection
CVE ID : CVE-2025-13300
Published : Nov. 17, 2025, 9:15 p.m. | 24 minutes ago
Description : A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13300
Published : Nov. 17, 2025, 9:15 p.m. | 24 minutes ago
Description : A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13301 - itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection
CVE ID : CVE-2025-13301
Published : Nov. 17, 2025, 9:15 p.m. | 24 minutes ago
Description : A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /subject/controller.php. The manipulation results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13301
Published : Nov. 17, 2025, 9:15 p.m. | 24 minutes ago
Description : A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /subject/controller.php. The manipulation results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36118 - IBM Storage Virtualize Information Disclosure
CVE ID : CVE-2025-36118
Published : Nov. 17, 2025, 9:15 p.m. | 24 minutes ago
Description : IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36118
Published : Nov. 17, 2025, 9:15 p.m. | 24 minutes ago
Description : IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13302 - code-projects Courier Management System add-new-officer.php sql injection
CVE ID : CVE-2025-13302
Published : Nov. 17, 2025, 10:15 p.m. | 3 hours, 25 minutes ago
Description : A vulnerability was identified in code-projects Courier Management System 1.0. This affects an unknown part of the file /add-new-officer.php. Such manipulation of the argument ManagerName leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13302
Published : Nov. 17, 2025, 10:15 p.m. | 3 hours, 25 minutes ago
Description : A vulnerability was identified in code-projects Courier Management System 1.0. This affects an unknown part of the file /add-new-officer.php. Such manipulation of the argument ManagerName leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13303 - code-projects Courier Management System search-edit.php sql injection
CVE ID : CVE-2025-13303
Published : Nov. 17, 2025, 10:15 p.m. | 3 hours, 25 minutes ago
Description : A vulnerability was determined in code-projects Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /search-edit.php. This manipulation of the argument Consignment causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13303
Published : Nov. 17, 2025, 10:15 p.m. | 3 hours, 25 minutes ago
Description : A vulnerability was determined in code-projects Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /search-edit.php. This manipulation of the argument Consignment causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...