π¨ CVE-2025-10410
A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
GitHub
GitHub - drew-byte/Link_Status_Checker_PoC: SSRF Vulnerability on Website Link Extractor
SSRF Vulnerability on Website Link Extractor. Contribute to drew-byte/Link_Status_Checker_PoC development by creating an account on GitHub.
π¨ CVE-2025-10411
A vulnerability was detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /stc-log-keeper/check_profile.php of the component POST Request Handler. The manipulation of the argument profile_id results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
π@cveNotify
A vulnerability was detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /stc-log-keeper/check_profile.php of the component POST Request Handler. The manipulation of the argument profile_id results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
π@cveNotify
GitHub
E-Logbook with Health Monitoring System for COVID-19 V1.0 /stc-log-keeper/check_profile.php Reflected Cross-Site Scripting (Reflectedβ¦
E-Logbook with Health Monitoring System for COVID-19 V1.0 /stc-log-keeper/check_profile.php Reflected Cross-Site Scripting (Reflected XSS) NAME OF AFFECTED PRODUCT(S) E-Logbook with Health Monitori...
π¨ CVE-2025-10413
A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_customer. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_customer. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=delete_customer SQL injection Β· Issue #82 Β· zzb1388/cve
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=delete_customer SQL injection NAME OF AFFECTED PRODUCT(S) Grocery Sales and Inventory System Vendor Homepage https://www.c...
π₯1
π¨ CVE-2025-10414
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_customer. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
π@cveNotify
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_customer. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
π@cveNotify
GitHub
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=save_customer SQL injection Β· Issue #81 Β· zzb1388/cve
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=save_customer SQL injection NAME OF AFFECTED PRODUCT(S) Grocery Sales and Inventory System Vendor Homepage https://www.cam...
π¨ CVE-2025-10415
A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=save_supplier. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=save_supplier. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=save_supplier SQL injection Β· Issue #80 Β· zzb1388/cve
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=save_supplier SQL injection NAME OF AFFECTED PRODUCT(S) Grocery Sales and Inventory System Vendor Homepage https://www.cam...
π¨ CVE-2025-59364
The express-xss-sanitizer (aka Express XSS Sanitizer) package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body.
π@cveNotify
The express-xss-sanitizer (aka Express XSS Sanitizer) package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body.
π@cveNotify
Gist
CVE-2025-59364
CVE-2025-59364. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2025-10416
A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_supplier. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
π@cveNotify
A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_supplier. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
π@cveNotify
GitHub
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=delete_supplier SQL injection Β· Issue #79 Β· zzb1388/cve
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=delete_supplier SQL injection NAME OF AFFECTED PRODUCT(S) Grocery Sales and Inventory System Vendor Homepage https://www.c...
π₯1
π¨ CVE-2025-10417
A security flaw has been discovered in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=delete_product. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
A security flaw has been discovered in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=delete_product. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
GitHub
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=delete_product SQL injection Β· Issue #78 Β· zzb1388/cve
campcodes Grocery Sales and Inventory System Project V1.0 /ajax.php?action=delete_product SQL injection NAME OF AFFECTED PRODUCT(S) Grocery Sales and Inventory System Vendor Homepage https://www.ca...
π¨ CVE-2025-10418
A weakness has been identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_students.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_students.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
GitHub
sourcecodester Student Grading System using PHP/MySQL Project V1.0 /view_students.php SQL injection Β· Issue #6 Β· qcycop0101-hash/CVE
sourcecodester Student Grading System using PHP/MySQL Project V1.0 /view_students.php SQL injection NAME OF AFFECTED PRODUCT(S) Student Grading System using PHP/MySQL Vendor Homepage https://www.so...
β€1
π¨ CVE-2025-10419
A security vulnerability has been detected in SourceCodester Student Grading System 1.0. Affected by this issue is some unknown functionality of the file /del_promote.php. Such manipulation of the argument sy leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
A security vulnerability has been detected in SourceCodester Student Grading System 1.0. Affected by this issue is some unknown functionality of the file /del_promote.php. Such manipulation of the argument sy leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
GitHub
sourcecodester Student Grading System using PHP/MySQL Project V1.0 /del_promote.php SQL injection Β· Issue #7 Β· qcycop0101-hash/CVE
sourcecodester Student Grading System using PHP/MySQL Project V1.0 /del_promote.php SQL injection NAME OF AFFECTED PRODUCT(S) Student Grading System using PHP/MySQL Vendor Homepage https://www.sour...
π¨ CVE-2025-10420
A vulnerability was detected in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /form137.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
π@cveNotify
A vulnerability was detected in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /form137.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
π@cveNotify
GitHub
sourcecodester Student Grading System using PHP/MySQL Project V1.0 /form137.php SQL injection Β· Issue #8 Β· qcycop0101-hash/CVE
sourcecodester Student Grading System using PHP/MySQL Project V1.0 /form137.php SQL injection NAME OF AFFECTED PRODUCT(S) Student Grading System using PHP/MySQL Vendor Homepage https://www.sourceco...
π¨ CVE-2025-10421
A flaw has been found in SourceCodester Student Grading System 1.0. This vulnerability affects unknown code of the file /update_account.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in SourceCodester Student Grading System 1.0. This vulnerability affects unknown code of the file /update_account.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
π@cveNotify
GitHub
sourcecodester Student Grading System using PHP/MySQL Project V1.0 /update_account.php SQL injection Β· Issue #9 Β· qcycop0101-hash/CVE
sourcecodester Student Grading System using PHP/MySQL Project V1.0 /update_account.php SQL injection NAME OF AFFECTED PRODUCT(S) Student Grading System using PHP/MySQL Vendor Homepage https://www.s...
π¨ CVE-2025-10422
A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
π@cveNotify
A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
π@cveNotify
GitHub
Critical Payment Vulnerability (IDOR) in /paySuccess of newbee-mall Β· Issue #100 Β· newbee-ltd/newbee-mall
Critical Payment Vulnerability (IDOR) in /paySuccess of newbee-mall Summary In newbee-mall, the /paySuccess endpoint contains a critical payment vulnerability. This endpoint directly updates the or...
π¨ CVE-2025-10452
Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges.
π@cveNotify
Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges.
π@cveNotify
π¨ CVE-2025-59375
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
π@cveNotify
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
π@cveNotify
GitHub
libexpat/expat/Changes at 676a4c531ec768732fac215da9730b5f50fbd2bf Β· libexpat/libexpat
:herb: Fast streaming XML parser written in C99 with >90% test coverage; moved from SourceForge to GitHub - libexpat/libexpat
π¨ CVE-2025-10265
Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
π@cveNotify
Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
π@cveNotify
π¨ CVE-2025-10423
A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been made public and could be used.
π@cveNotify
A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been made public and could be used.
π@cveNotify
GitHub
Guessable CAPTCHA in /common/mall/kaptcha of newbee-mall (CWE-804) Β· Issue #101 Β· newbee-ltd/newbee-mall
Guessable CAPTCHA in /common/mall/kaptcha of newbee-mall (CWE-804) Summary In newbee-mall, the CAPTCHA mechanism relies on the client explicitly requesting /common/mall/kaptcha to obtain a code. Th...
π¨ CVE-2025-10424
A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file /admin/controller/faculty_controller.php. This manipulation of the argument new_image causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file /admin/controller/faculty_controller.php. This manipulation of the argument new_image causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
#1000projects.org Online Project Report Submission and Evaluation System Project V1.0 /rse/admin/controller/faculty_controller.phpβ¦
#1000projects.org Online Project Report Submission and Evaluation System Project V1.0 /rse/admin/controller/faculty_controller.php File unrestricted upload NAME OF AFFECTED PRODUCT(S) Online Projec...
π¨ CVE-2025-10425
A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/student_controller.php. Such manipulation of the argument new_image leads to unrestricted upload. The attack may be performed from remote. The exploit is publicly available and might be used.
π@cveNotify
A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/student_controller.php. Such manipulation of the argument new_image leads to unrestricted upload. The attack may be performed from remote. The exploit is publicly available and might be used.
π@cveNotify
GitHub
# 1000projects.org Online Project Report Submission and Evaluation System Project V1.0 /rse/admin/controller/student_controller.phpβ¦
1000projects.org Online Project Report Submission and Evaluation System Project V1.0 /rse/admin/controller/student_controller.php File unrestricted upload NAME OF AFFECTED PRODUCT(S) Online Project...
π¨ CVE-2025-10426
A security flaw has been discovered in itsourcecode Online Laundry Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
A security flaw has been discovered in itsourcecode Online Laundry Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
GitHub
Online Laundry Management System V1.0 /Laundry_Management_System/login.php SQL injection Β· Issue #3 Β· HAO-RAY/HCR-CVE
Online Laundry Management System V1.0 /Laundry_Management_System/login.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Laundry Management System Vendor Homepage https://www.campcodes.com/proje...
π¨ CVE-2025-10427
A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/operation/user.php. Executing manipulation of the argument website_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/operation/user.php. Executing manipulation of the argument website_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
GitHub
webray.com.cn/Pet-grooming-management-software/petgrooming-upload-user.md at main Β· joinia/webray.com.cn
Contribute to joinia/webray.com.cn development by creating an account on GitHub.