๐จ CVE-2025-9700
A flaw has been found in SourceCodester Online Book Store 1.0. This issue affects some unknown processing of the file /publisher_list.php. This manipulation of the argument pubid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
๐@cveNotify
A flaw has been found in SourceCodester Online Book Store 1.0. This issue affects some unknown processing of the file /publisher_list.php. This manipulation of the argument pubid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
๐@cveNotify
GitHub
# SourceCodester Online Book Store Project V1.0 /publisher_list.php SQL injection ยท Issue #3 ยท 0510green-hand/cve
SourceCodester Online Book Store Project V1.0 /publisher_list.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Book Store Vendor Homepage https://www.sourcecodester.com/php/14550/online-book-st...
๐จ CVE-2025-9701
A vulnerability was determined in SourceCodester Simple Cafe Billing System 1.0. The impacted element is an unknown function of the file /receipt.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
๐@cveNotify
A vulnerability was determined in SourceCodester Simple Cafe Billing System 1.0. The impacted element is an unknown function of the file /receipt.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
๐@cveNotify
GitHub
# SourceCodester Simple Cafe Billing System Project V1.0 /receipt.php SQL injection ยท Issue #4 ยท 0510green-hand/cve
SourceCodester Simple Cafe Billing System Project V1.0 /receipt.php SQL injection NAME OF AFFECTED PRODUCT(S) Simple Cafe Billing System Vendor Homepage https://www.sourcecodester.com/php/14569/sim...
๐จ CVE-2025-9704
A security flaw has been discovered in SourceCodester Water Billing System 1.0. This impacts an unknown function of the file /viewbill.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
๐@cveNotify
A security flaw has been discovered in SourceCodester Water Billing System 1.0. This impacts an unknown function of the file /viewbill.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
๐@cveNotify
GitHub
# SourceCodester Water Billing System Project V1.0 /viewbill.php SQL injection ยท Issue #6 ยท 0510green-hand/cve
SourceCodester Water Billing System Project V1.0 /viewbill.php SQL injection NAME OF AFFECTED PRODUCT(S) Water Billing System Vendor Homepage https://www.sourcecodester.com/php/14560/water-billing-...
๐จ CVE-2025-5083
The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
๐@cveNotify
The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
๐@cveNotify
GitHub
amministrazione-trasparente/settings.php at 31e69c2ef42f36bca0b66d0550794d18292f5a23 ยท WPGov/amministrazione-trasparente
Plugin WordPress per la gestione documentale di Amministrazione Trasparente - D.Lgs 33/2013 - WPGov/amministrazione-trasparente
๐จ CVE-2025-9716
A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
GitHub
Stored XSS in /x_processplatform_assemble_designer/jaxrs/form in o2oa โค 10.0-410-g3d5e0d2 ยท Issue #182 ยท o2oa/o2oa
Stored XSS in /x_processplatform_assemble_designer/jaxrs/form in o2oa โค 10.0-410-g3d5e0d2 Summary In o2oa versions up to 10.0-410-g3d5e0d2, the endpoint /x_processplatform_assemble_designer/jaxrs/f...
๐จ CVE-2025-9717
A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelName leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used.
๐@cveNotify
A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelName leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used.
๐@cveNotify
GitHub
Stored XSS in /x_organization_assemble_control/jaxrs/unit/{flag} in o2oa โค 10.0-410-g3d5e0d2 ยท Issue #183 ยท o2oa/o2oa
Stored XSS in /x_organization_assemble_control/jaxrs/unit/{flag} in o2oa โค 10.0-410-g3d5e0d2 Summary In o2oa versions up to 10.0-410-g3d5e0d2, the endpoint /x_organization_assemble_control/jaxrs/un...
โค1
๐จ CVE-2025-9405
A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The patch is identified as 8e5fed16114f2f5e40bee1b161914b592b2b7b8f. Applying a patch is advised to resolve this issue.
๐@cveNotify
A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The patch is identified as 8e5fed16114f2f5e40bee1b161914b592b2b7b8f. Applying a patch is advised to resolve this issue.
๐@cveNotify
GitHub
BugReport/CVE-2025-9405 at main ยท ZHENGHAOHELLO/BugReport
Contribute to ZHENGHAOHELLO/BugReport development by creating an account on GitHub.
๐จ CVE-2025-9721
A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used.
๐@cveNotify
A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used.
๐@cveNotify
๐จ CVE-2025-9722
A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_tipo_ocorrencia_disciplinar_cad.php. Such manipulation of the argument nm_tipo/descricao leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_tipo_ocorrencia_disciplinar_cad.php. Such manipulation of the argument nm_tipo/descricao leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
KGSec/CVEs/i-educar/17.md at main ยท KarinaGante/KGSec
๐ This repository was created to store and share practical projects related to cybersecurity. - KarinaGante/KGSec
โค1
๐จ CVE-2025-9723
A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_regime_cad.php. Performing manipulation of the argument nm_tipo results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used.
๐@cveNotify
A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_regime_cad.php. Performing manipulation of the argument nm_tipo results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used.
๐@cveNotify
GitHub
KGSec/CVEs/i-educar/18.md at main ยท KarinaGante/KGSec
๐ This repository was created to store and share practical projects related to cybersecurity. - KarinaGante/KGSec
๐จ CVE-2025-9729
A vulnerability was detected in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /admin/student-registration.php. Performing manipulation of the argument studentname results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
๐@cveNotify
A vulnerability was detected in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /admin/student-registration.php. Performing manipulation of the argument studentname results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
๐@cveNotify
GitHub
phpgurukul Online Course Registration Project V3.1 /admin/student-registration.php SQL injection ยท Issue #10 ยท shiqumeng/myCVE
phpgurukul Online Course Registration Project V3.1 /admin/student-registration.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Course Registration Vendor Homepage https://phpgurukul.com/online...
๐จ CVE-2025-9730
A vulnerability was found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /ajax/updateProfile.php. The manipulation of the argument user_id results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
๐@cveNotify
A vulnerability was found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /ajax/updateProfile.php. The manipulation of the argument user_id results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
๐@cveNotify
GitHub
itsourcecode Apartment Management System Project V1.0 /ajax/updateProfile.php SQL injection ยท Issue #1 ยท mybonn/CVE
NAME OF AFFECTED PRODUCT(S) Apartment Management System Vendor Homepage https://itsourcecode.com/free-projects/php-project/apartment-management-system-project-in-php-with-source-code/ AFFECTED AND/...
๐จ CVE-2025-9733
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. This impacts an unknown function of the file /login_timeee.php. Performing manipulation of the argument emp_id results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
๐@cveNotify
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. This impacts an unknown function of the file /login_timeee.php. Performing manipulation of the argument emp_id results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
๐@cveNotify
๐จ CVE-2025-9734
A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /x_query_assemble_designer/jaxrs/stat of the component Personal Profile Page. The manipulation of the argument name/alias/description/applicationName results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /x_query_assemble_designer/jaxrs/stat of the component Personal Profile Page. The manipulation of the argument name/alias/description/applicationName results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
GitHub
Stored XSS in /x_query_assemble_designer/jaxrs/stat in o2oa โค 10.0-410-g3d5e0d2 ยท Issue #186 ยท o2oa/o2oa
Stored XSS in /x_query_assemble_designer/jaxrs/stat in o2oa โค 10.0-410-g3d5e0d2 Summary In o2oa versions up to 10.0-410-g3d5e0d2, the endpoint /x_query_assemble_designer/jaxrs/stat is vulnerable to...
๐ฅ1
๐จ CVE-2025-9735
A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /x_query_assemble_designer/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /x_query_assemble_designer/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
GitHub
Stored XSS in /x_query_assemble_designer/jaxrs/table in o2oa โค 10.0-410-g3d5e0d2 ยท Issue #187 ยท o2oa/o2oa
Stored XSS in /x_query_assemble_designer/jaxrs/table in o2oa โค 10.0-410-g3d5e0d2 Summary In o2oa versions up to 10.0-410-g3d5e0d2, the endpoint /x_query_assemble_designer/jaxrs/table is vulnerable ...
๐จ CVE-2025-9736
A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_designer/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_designer/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
GitHub
Stored XSS in /x_query_assemble_designer/jaxrs/statement in o2oa โค 10.0-410-g3d5e0d2 ยท Issue #188 ยท o2oa/o2oa
Stored XSS in /x_query_assemble_designer/jaxrs/statement in o2oa โค 10.0-410-g3d5e0d2 Summary In o2oa versions up to 10.0-410-g3d5e0d2, the endpoint /x_query_assemble_designer/jaxrs/statement is vul...
โค1
๐จ CVE-2025-9739
A vulnerability has been found in Campcodes Online Water Billing System 1.0. Affected by this issue is some unknown functionality of the file /process.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability has been found in Campcodes Online Water Billing System 1.0. Affected by this issue is some unknown functionality of the file /process.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
Campcodes Online Water Billing System V1.0 /Water_Billing_System/process.php SQL injection ยท Issue #1 ยท heling-520/CVE
Campcodes Online Water Billing System V1.0 /Water_Billing_System/process.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Water Billing System Vendor Homepage https://www.campcodes.com/projects...
๐จ CVE-2025-9740
A vulnerability was found in code-projects Human Resource Integrated System 1.0. This affects an unknown part of the file /log_query.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
๐@cveNotify
A vulnerability was found in code-projects Human Resource Integrated System 1.0. This affects an unknown part of the file /log_query.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
๐@cveNotify
โค1
๐จ CVE-2025-9745
A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /version_upgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /version_upgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
GitHub
Routers/tmp/01/poc.py at main ยท physicszq/Routers
Contribute to physicszq/Routers development by creating an account on GitHub.
๐จ CVE-2025-9746
A vulnerability was detected in Campcodes Hospital Management System 1.0. This affects an unknown function of the file /admin/edit-doctor-specialization.php of the component Edit Doctor Specialization Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
๐@cveNotify
A vulnerability was detected in Campcodes Hospital Management System 1.0. This affects an unknown function of the file /admin/edit-doctor-specialization.php of the component Edit Doctor Specialization Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
๐@cveNotify
GitHub
zero-day-research/HMS_Stored_Cross-site_Scripting.docx at main ยท Yashh-G/zero-day-research
This repository serves as my dedicated research hub for zero-day vulnerabilities. It contains my personal findings, proof-of-concepts (PoCs), and ongoing security research on undisclosed vulnerabil...
โค1
๐จ CVE-2025-9751
A weakness has been identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /login.php. This manipulation of the argument Username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
A weakness has been identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /login.php. This manipulation of the argument Username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
GitHub
Campcodes Online Learning Management System V1.0 /lms/login.php SQL injection ยท Issue #1 ยท HAO-RAY/HCR-CVE
Campcodes Online Learning Management System V1.0 /lms/login.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Learning Management System Vendor Homepage https://www.campcodes.com/projects/php/on...
๐ฅ1