5.3

CVSS4.0

CVE-2025-8340 - code-projects Intern Membership Management System Error Message fill_details.php cross site scripti…

A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file fill_details.php of the component Error Message Handler. The manipulation of the argument email leads to cross site scripting.…

πŸ“… Published: July 31, 2025, 12:32 a.m. πŸ”„ Last Modified: Aug. 5, 2025, 8:36 p.m.

6.9

CVSS4.0

CVE-2025-8339 - code-projects Intern Membership Management System student_login.php sql injection

A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /student_login.php. The manipulation of the argument user_name/password leads to sql injection. It is possible to initiate the attack remo…

πŸ“… Published: July 31, 2025, 12:02 a.m. πŸ”„ Last Modified: Aug. 5, 2025, 7:32 p.m.

6.1

CVSS3.1

CVE-2025-50866 -

CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading t…

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: Aug. 6, 2025, 4:51 p.m.

6.5

CVSS3.1

CVE-2025-50847 -

Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: Aug. 6, 2025, 4:36 p.m.

7.6

CVSS3.1

CVE-2025-52203 -

A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are …

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: Aug. 6, 2025, 4:18 p.m.

7.6

CVSS3.1

CVE-2025-51503 -

A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: Aug. 6, 2025, 4:21 p.m.

3.5

CVSS3.1

CVE-2025-51385 -

D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: Aug. 1, 2025, 7:36 p.m.

3.5

CVSS3.1

CVE-2025-51383 -

D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: Aug. 4, 2025, 9 a.m.

6.5

CVSS3.1

CVE-2025-50867 -

A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization.

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: Aug. 6, 2025, 4:33 p.m.

8.6

CVSS3.1

CVE-2025-50850 -

An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthoriz…

πŸ“… Published: July 31, 2025, midnight πŸ”„ Last Modified: Aug. 6, 2025, 4:34 p.m.
Total resulsts: 349182
Page 4453 of 34,919
Β« previous page Β» next page
Filters