CVE-2025-14959 - code-projects Simple Stock System signup.php sql injection
CVE ID : CVE-2025-14959
Published : Dec. 19, 2025, 6:02 p.m. | 22 minutes ago
Description : A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14959
Published : Dec. 19, 2025, 6:02 p.m. | 22 minutes ago
Description : A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14960 - code-projects Simple Blood Donor Management System editeddonor.php sql injection
CVE ID : CVE-2025-14960
Published : Dec. 19, 2025, 6:02 p.m. | 22 minutes ago
Description : A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14960
Published : Dec. 19, 2025, 6:02 p.m. | 22 minutes ago
Description : A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14961 - code-projects Simple Blood Donor Management System editedcampaign.php sql injection
CVE ID : CVE-2025-14961
Published : Dec. 19, 2025, 7:15 p.m. | 1 hour, 10 minutes ago
Description : A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation of the argument campaignname results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14961
Published : Dec. 19, 2025, 7:15 p.m. | 1 hour, 10 minutes ago
Description : A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation of the argument campaignname results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14962 - code-projects Simple Stock System chatuser.php cross site scripting
CVE ID : CVE-2025-14962
Published : Dec. 19, 2025, 7:15 p.m. | 1 hour, 10 minutes ago
Description : A flaw has been found in code-projects Simple Stock System 1.0. The impacted element is an unknown function of the file /market/chatuser.php. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14962
Published : Dec. 19, 2025, 7:15 p.m. | 1 hour, 10 minutes ago
Description : A flaw has been found in code-projects Simple Stock System 1.0. The impacted element is an unknown function of the file /market/chatuser.php. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14964 - TOTOLINK T10 cstecgi.cgi sprintf stack-based overflow
CVE ID : CVE-2025-14964
Published : Dec. 19, 2025, 7:15 p.m. | 1 hour, 10 minutes ago
Description : A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14964
Published : Dec. 19, 2025, 7:15 p.m. | 1 hour, 10 minutes ago
Description : A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14965 - 1541492390c yougou-mall ResourceController.java upload path traversal
CVE ID : CVE-2025-14965
Published : Dec. 19, 2025, 7:15 p.m. | 1 hour, 10 minutes ago
Description : A vulnerability was found in 1541492390c yougou-mall up to 0a771fa817c924efe52c8fe0a9a6658eee675f9f. This impacts the function Upload of the file src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java. Performing manipulation results in path traversal. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14965
Published : Dec. 19, 2025, 7:15 p.m. | 1 hour, 10 minutes ago
Description : A vulnerability was found in 1541492390c yougou-mall up to 0a771fa817c924efe52c8fe0a9a6658eee675f9f. This impacts the function Upload of the file src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java. Performing manipulation results in path traversal. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14966 - FastAdmin Backend Controller Backend.php selectpage sql injection
CVE ID : CVE-2025-14966
Published : Dec. 19, 2025, 7:32 p.m. | 53 minutes ago
Description : A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing manipulation of the argument custom/searchField can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14966
Published : Dec. 19, 2025, 7:32 p.m. | 53 minutes ago
Description : A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing manipulation of the argument custom/searchField can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14967 - itsourcecode Student Management System candidates_report.php sql injection
CVE ID : CVE-2025-14967
Published : Dec. 19, 2025, 7:32 p.m. | 53 minutes ago
Description : A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidates_report.php. The manipulation of the argument school_year leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14967
Published : Dec. 19, 2025, 7:32 p.m. | 53 minutes ago
Description : A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidates_report.php. The manipulation of the argument school_year leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12874 - HTTP Request Smuggling in Quest Coexistence Manager for Notes
CVE ID : CVE-2025-12874
Published : Dec. 19, 2025, 7:36 p.m. | 49 minutes ago
Description : Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Quest Coexistence Manager for Notes (Free/Busy Connector modules) allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding (CL.TE) attack vector. This could allow an attacker to bypass access controls, poison web caches, hijack sessions, or trigger unintended internal requests. This issue affects Coexistence Manager for Notes 3.8.2045. Other versions may also be affected.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12874
Published : Dec. 19, 2025, 7:36 p.m. | 49 minutes ago
Description : Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Quest Coexistence Manager for Notes (Free/Busy Connector modules) allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding (CL.TE) attack vector. This could allow an attacker to bypass access controls, poison web caches, hijack sessions, or trigger unintended internal requests. This issue affects Coexistence Manager for Notes 3.8.2045. Other versions may also be affected.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14968 - code-projects Simple Stock System update.php sql injection
CVE ID : CVE-2025-14968
Published : Dec. 19, 2025, 8:02 p.m. | 23 minutes ago
Description : A security flaw has been discovered in code-projects Simple Stock System 1.0. Affected by this issue is some unknown functionality of the file /market/update.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14968
Published : Dec. 19, 2025, 8:02 p.m. | 23 minutes ago
Description : A security flaw has been discovered in code-projects Simple Stock System 1.0. Affected by this issue is some unknown functionality of the file /market/update.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67712 - HTML injection issue in ArcGIS Web App Builder
CVE ID : CVE-2025-67712
Published : Dec. 19, 2025, 8:05 p.m. | 20 minutes ago
Description : There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript execution, which limits the impact. At the time of submission, ArcGIS Web App Builder developer edition is retired and unsupported. ArcGIS Web App Builder 2.30 is not susceptible to this vulnerability.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67712
Published : Dec. 19, 2025, 8:05 p.m. | 20 minutes ago
Description : There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript execution, which limits the impact. At the time of submission, ArcGIS Web App Builder developer edition is retired and unsupported. ArcGIS Web App Builder 2.30 is not susceptible to this vulnerability.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-53945 - BrainyCP 1.0 Remote Code Execution via Authenticated Crontab Manipulation
CVE ID : CVE-2023-53945
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP and port.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-53945
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP and port.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-53946 - Arcsoft PhotoStudio 6.0.0.172 Unquoted Service Path Privilege Escalation
CVE ID : CVE-2023-53946
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-53946
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-53947 - OCS Inventory NG 2.3.0.0 Unquoted Service Path Privilege Escalation
CVE ID : CVE-2023-53947
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-53947
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-53948 - Lilac-Reloaded for Nagios 2.0.8 Remote Code Execution via Autodiscovery
CVE ID : CVE-2023-53948
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmap_binary parameter to execute a reverse shell by sending a crafted POST request to the autodiscovery endpoint.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-53948
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmap_binary parameter to execute a reverse shell by sending a crafted POST request to the autodiscovery endpoint.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-53949 - AspEmail 5.6.0.2 Local Privilege Escalation via Binary Permission Vulnerability
CVE ID : CVE-2023-53949
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-53949
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-53950 - InnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename Manipulation
CVE ID : CVE-2023-53950
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload controls in the asset manager.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-53950
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload controls in the asset manager.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-53951 - Ever Gauzy v0.281.9 JWT Authentication Weakness via HMAC Secret
CVE ID : CVE-2023-53951
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-53951
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-53952 - Dotclear 2.25.3 Authenticated Remote Code Execution via File Upload
CVE ID : CVE-2023-53952
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed, enabling arbitrary code execution on the server.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-53952
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed, enabling arbitrary code execution on the server.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-53953 - WebsiteBaker 2.13.3 Stored Cross-Site Scripting via Page Creation
CVE ID : CVE-2023-53953
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-53953
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-53954 - ActFax 10.10 Unquoted Path Services Privilege Escalation Vulnerability
CVE ID : CVE-2023-53954
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to gain elevated system access when the service restarts.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-53954
Published : Dec. 19, 2025, 9:15 p.m. | 3 hours, 10 minutes ago
Description : ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to gain elevated system access when the service restarts.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...