5.3
CVE-2025-14246 - code-projects Simple Shopping Cart settings.php sql injection
A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument user_id results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publicβ¦
6.9
CVE-2025-14245 - IdeaCMS Coupon.php whereRaw sql injection
A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
8.3
CVE-2025-42620 - CSRF vulnerability in CIRCL Vulnerability-Lookup
In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting (XSS). On the backend, the related_vulnerabilities field of bundles accepted arbitrary strings without format validation or proβ¦
7
CVE-2025-42616 - CSRF vulnerability in CIRCL Vulnerability-Lookup
Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged actions) may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Sitβ¦
4.8
CVE-2025-14244 - GreenCMS Menu Management CustomController.class.php cross site scripting
A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomController.class.php of the component Menu Management Page. This manipulation of the argument Link causes cross site scripting. The attack may be initiated remotely. β¦
8.1
CVE-2025-42615 - Improper Restriction of Excessive Authentication Attempts vulnerability in CIRCL Vulnerability-Lookβ¦
In affected versions, vulnerability-lookup did not track or limit failed One-Time Password (OTP) attempts during Two-Factor Authentication (2FA) verification. An attacker who already knew or guessed a valid username and password could submit an arbitrary number of OTP codes without causing the β¦
5.3
CVE-2025-14230 - code-projects Daily Time Recording System add_payroll.php sql injection
A vulnerability was detected in code-projects Daily Time Recording System 4.5.0. The impacted element is an unknown function of the file /admin/add_payroll.php. Performing manipulation of the argument detail_Id results in sql injection. The attack can be initiated remotely. The exploit is now publiβ¦
5.1
CVE-2025-14229 - SourceCodester Inventory Management System SVC Report Export csv injection
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed publicβ¦
5.1
CVE-2025-14228 - Yealink SIP-T21P E2 Local Directory cross site scripting
A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be explβ¦
5.3
CVE-2025-14227 - Philipinho Simple-PHP-Blog edit.php sql injection
A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to thβ¦