8.7
CVE-2025-14654 - Tenda AC20 httpd setPptpUserList formSetPPTPUserList stack-based overflow
A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploiβ¦
6.9
CVE-2025-14653 - itsourcecode Student Management System addrecord.php sql injection
A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilβ¦
6.9
CVE-2025-14652 - itsourcecode Online Cake Ordering System admindetail.php sql injection
A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and couβ¦
6.3
CVE-2025-14651 - MartialBE one-hub docker-compose.yml hard-coded key
A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSION_SECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attacβ¦
6.9
CVE-2025-14650 - itsourcecode Online Cake Ordering System product.php sql injection
A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the argument Product can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
6.9
CVE-2025-14649 - itsourcecode Online Cake Ordering System supplier.php sql injection
A vulnerability was detected in itsourcecode Online Cake Ordering System 1.0. Affected by this issue is some unknown functionality of the file /cakeshop/supplier.php. Performing manipulation of the argument supplier results in sql injection. The attack can be initiated remotely. The exploit is now β¦
5.1
CVE-2025-14648 - DedeBIZ catalog_add.php command injection
A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalog_add.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly aβ¦
6.9
CVE-2025-14647 - code-projects Computer Book Store admin_delete.php sql injection
A weakness has been identified in code-projects Computer Book Store 1.0. Affected is an unknown function of the file /admin_delete.php. This manipulation of the argument bookisbn causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public β¦
6.9
CVE-2025-14646 - code-projects Student File Management System delete_student.php sql injection
A security flaw has been discovered in code-projects Student File Management System 1.0. This impacts an unknown function of the file /admin/delete_student.php. The manipulation of the argument stud_id results in sql injection. The attack may be performed from remote. The exploit has been released β¦
5.3
CVE-2025-12696 - HelloLeads CRM Form Shortcode <= 1.0 - Unauthenticated Settings Reset
The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them