CVE-2025-14211 - projectworlds Advanced Library Management System delete_book.php sql injection
CVE ID : CVE-2025-14211
Published : Dec. 8, 2025, 3:16 a.m. | 3 hours, 33 minutes ago
Description : A vulnerability was detected in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /delete_book.php. Performing manipulation of the argument book_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14211
Published : Dec. 8, 2025, 3:16 a.m. | 3 hours, 33 minutes ago
Description : A vulnerability was detected in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /delete_book.php. Performing manipulation of the argument book_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14212 - projectworlds Advanced Library Management System member_search.php sql injection
CVE ID : CVE-2025-14212
Published : Dec. 8, 2025, 3:16 a.m. | 3 hours, 33 minutes ago
Description : A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /member_search.php. Executing manipulation of the argument roll_number can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14212
Published : Dec. 8, 2025, 3:16 a.m. | 3 hours, 33 minutes ago
Description : A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /member_search.php. Executing manipulation of the argument roll_number can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14214 - itsourcecode Student Information System section_edit1.php sql injection
CVE ID : CVE-2025-14214
Published : Dec. 8, 2025, 4:15 a.m. | 2 hours, 33 minutes ago
Description : A vulnerability has been found in itsourcecode Student Information System 1.0. This affects an unknown part of the file /section_edit1.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14214
Published : Dec. 8, 2025, 4:15 a.m. | 2 hours, 33 minutes ago
Description : A vulnerability has been found in itsourcecode Student Information System 1.0. This affects an unknown part of the file /section_edit1.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14215 - code-projects Currency Exchange System edit.php sql injection
CVE ID : CVE-2025-14215
Published : Dec. 8, 2025, 5:16 a.m. | 1 hour, 33 minutes ago
Description : A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14215
Published : Dec. 8, 2025, 5:16 a.m. | 1 hour, 33 minutes ago
Description : A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14216 - code-projects Currency Exchange System viewserial.php sql injection
CVE ID : CVE-2025-14216
Published : Dec. 8, 2025, 5:16 a.m. | 1 hour, 33 minutes ago
Description : A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14216
Published : Dec. 8, 2025, 5:16 a.m. | 1 hour, 33 minutes ago
Description : A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14217 - code-projects Currency Exchange System edittrns.php sql injection
CVE ID : CVE-2025-14217
Published : Dec. 8, 2025, 5:16 a.m. | 1 hour, 33 minutes ago
Description : A vulnerability was identified in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14217
Published : Dec. 8, 2025, 5:16 a.m. | 1 hour, 33 minutes ago
Description : A vulnerability was identified in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14218 - code-projects Currency Exchange System editotheraccount.php sql injection
CVE ID : CVE-2025-14218
Published : Dec. 8, 2025, 6:15 a.m. | 33 minutes ago
Description : A security flaw has been discovered in code-projects Currency Exchange System 1.0. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14218
Published : Dec. 8, 2025, 6:15 a.m. | 33 minutes ago
Description : A security flaw has been discovered in code-projects Currency Exchange System 1.0. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14219 - Campcodes Retro Basketball Shoes Online Store admin_running.php unrestricted upload
CVE ID : CVE-2025-14219
Published : Dec. 8, 2025, 6:15 a.m. | 33 minutes ago
Description : A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing manipulation of the argument product_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14219
Published : Dec. 8, 2025, 6:15 a.m. | 33 minutes ago
Description : A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing manipulation of the argument product_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14220 - ORICO CD3510 File Upload path traversal
CVE ID : CVE-2025-14220
Published : Dec. 8, 2025, 6:32 a.m. | 17 minutes ago
Description : A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14220
Published : Dec. 8, 2025, 6:32 a.m. | 17 minutes ago
Description : A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66324 - Apache App Data Integrity Verification Flaw
CVE ID : CVE-2025-66324
Published : Dec. 8, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66324
Published : Dec. 8, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66326 - Cisco Audio Race Condition Vulnerability
CVE ID : CVE-2025-66326
Published : Dec. 8, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66326
Published : Dec. 8, 2025, 8:15 a.m. | 2 hours, 34 minutes ago
Description : Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12956 - Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
CVE ID : CVE-2025-12956
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12956
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14224 - Yottamaster DM2/DM3/DM200 File Upload path traversal
CVE ID : CVE-2025-14224
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14224
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26487 - Server Side Request Forgery (SSRF) in the web server of Infinera MTC-9
CVE ID : CVE-2025-26487
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows Server Side Request Forgery.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26487
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows Server Side Request Forgery.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26488 - Improper input validation in XML Management service in Infinera MTC-9
CVE ID : CVE-2025-26488
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26488
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26489 - Improper input validation in Netconf service in Infinera MTC-9
CVE ID : CVE-2025-26489
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Improper Input Validation vulnerability in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26489
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Improper Input Validation vulnerability in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58279 - Apache Media Library Path Traversal Vulnerability
CVE ID : CVE-2025-58279
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58279
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66325 - Apache Package Manager Weak Permission Control
CVE ID : CVE-2025-66325
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66325
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66327 - Cisco Network Module Information Disclosure
CVE ID : CVE-2025-66327
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66327
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66328 - Cisco Network Management Module Race Condition Vulnerability
CVE ID : CVE-2025-66328
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66328
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66329 - Windows Window Management Module Permission Control Vulnerability
CVE ID : CVE-2025-66329
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66329
Published : Dec. 8, 2025, 9:15 a.m. | 1 hour, 34 minutes ago
Description : Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...