6.9
CVE-2025-5980 - code-projects Restaurant Order System order.php sql injection
A vulnerability classified as critical was found in code-projects Restaurant Order System 1.0. This vulnerability affects unknown code of the file /order.php. The manipulation of the argument tabidNoti leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to tβ¦
6.9
CVE-2025-5979 - code-projects School Fees Payment System branch.php sql injection
A vulnerability classified as critical has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to β¦
8.7
CVE-2025-5978 - Tenda FH1202 VirtualSer fromVirtualSer stack-based overflow
A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has bβ¦
8.1
CVE-2025-35940 - Hard-coded ArchiverSpaApi JWT Signing Key
The ArchiverSpaApiΒ ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.
6.9
CVE-2025-5977 - code-projects School Fees Payment System datatable.php sql injection
A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /datatable.php. The manipulation of the argument sSortDir_0 leads to sql injection. The attack may be initiated remotely. The exploit has beenβ¦
5.1
CVE-2025-5976 - PHPGurukul Rail Pass Management System add-pass.php cross site scripting
A vulnerability has been found in PHPGurukul Rail Pass Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/add-pass.php. The manipulation of the argument fullname leads to cross site scripting. The attack can be initiated remotely. The expβ¦
5.9
CVE-2025-49133 - Libtpms contains a possible out-of-bound access and abort due to HMAC signing issue
Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds (OOB) read vulnerability. The vulnerβ¦
5.3
CVE-2025-5975 - PHPGurukul Rail Pass Management System download-pass.php cross site scripting
A vulnerability, which was classified as problematic, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /rpms/download-pass.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely.β¦
5.1
CVE-2025-5974 - PHPGurukul Restaurant Table Booking System check-status.php cross site scripting
A vulnerability, which was classified as problematic, has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this issue is some unknown functionality of the file /check-status.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be laβ¦
9.4
CVE-2025-36852 - Build Cache Poisoning via Untrusted Pull Requests
A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those using Amazon S3, Google Cloud Storage, or similar object storage) that allows any contributor with pull request privileges to inject compromised artifacts β¦