5.3
CVE-2025-67897 - Sequoia: Sequoia: Application crash via crafted encrypted message
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.
7.5
CVE-2025-13126 - wpForo Forum <= 2.4.12 - Unauthenticated SQL Injection
The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the `post_args` and `topic_args` parameters in all versions up to, and including, 2.4.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mβ¦
7
CVE-2025-67896 - exim: Exim: Remote heap corruption vulnerability
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
6.9
CVE-2025-14644 - itsourcecode Student Management System update_subject.php sql injection
A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /update_subject.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly discloseβ¦
6.9
CVE-2025-14643 - code-projects Simple Attendance Record System check.php sql injection
A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publβ¦
5.1
CVE-2025-14642 - code-projects Computer Laboratory System technical_staff_pic.php unrestricted upload
A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technical_staff_pic.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the publiβ¦
5.1
CVE-2025-14641 - code-projects Computer Laboratory System admin_pic.php unrestricted upload
A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/admin_pic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be used.
6.9
CVE-2025-14640 - code-projects Student File Management System save_student.php sql injection
A flaw has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /admin/save_student.php. Executing manipulation of the argument stud_no can lead to sql injection. The attack may be launched remotely. The exploit has been published aβ¦
6.9
CVE-2025-14639 - itsourcecode Student Management System uprec.php sql injection
A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
6.9
CVE-2025-14638 - itsourcecode Online Pet Shop Management System update_cnp.php sql injection
A security vulnerability has been detected in itsourcecode Online Pet Shop Management System 1.0. This issue affects some unknown processing of the file /pet1/update_cnp.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclβ¦