6.5
CVE-2025-60834 -
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input.
6.5
CVE-2025-60833 -
An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data.
8.8
CVE-2025-60311 -
ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page
5.3
CVE-2025-11417 - Campcodes Advanced Online Voting Management System voters_add.php unrestricted upload
A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This vulnerability affects unknown code of the file /admin/voters_add.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has beeβ¦
4.8
CVE-2025-61999 - OPEXUS FOIAXpress stored XSS via logo image
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other content embedded in an SVG image used as a logo. Injected content is executed in the context of other users when they view affected pages. Successful exploitation allows the administrative user to performβ¦
4.8
CVE-2025-61998 - OPEXUS FOIAXpress stored XSS via Hyperlink Manager
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content as a URL within the Technical Support Hyperlink Manager. Injected content is executed in the context of other users when they click the malicious link. Successful exploitation allows the administrβ¦
4.8
CVE-2025-61997 - OPEXUS FOIAXpress stored XSS via banner image
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the adβ¦
4.8
CVE-2025-61996 - OPEXUS FOIAXpress stored XSS via annual report template
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to performβ¦
6.9
CVE-2025-11416 - PHPGurukul Beauty Parlour Management System invoices.php sql injection
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/invoices.php. Performing a manipulation of the argument delid results in sql injection. The attack can be initiated remotely. The exploit has been released to the β¦
6.9
CVE-2025-11415 - PHPGurukul Beauty Parlour Management System customer-list.php sql injection
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/customer-list.php. Such manipulation of the argument delid leads to sql injection. It is possible to launch the attack remotely. The exploit is β¦