3.2

CVSS3.1

CVE-2025-29431 -

Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/department.php via the id, code, and name parameters.

๐Ÿ“… Published: March 17, 2025, midnight ๐Ÿ”„ Last Modified: April 2, 2025, 12:30 p.m.

5.9

CVSS3.1

CVE-2025-29427 -

Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in profile.php via the member_first and member_last parameters.

๐Ÿ“… Published: March 17, 2025, midnight ๐Ÿ”„ Last Modified: Oct. 23, 2025, 8:06 p.m.

5.5

CVSS3.1

CVE-2025-29425 -

Code-projects Online Class and Exam Scheduling System 1.0 is vulnerable to SQL Injection in exam_save.php via the parameters member and first.

๐Ÿ“… Published: March 17, 2025, midnight ๐Ÿ”„ Last Modified: Oct. 23, 2025, 8:06 p.m.

6

CVSS3.1

CVE-2025-26042 -

Uptime Kuma >== 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through the web service. If a string is provided it triggers catastrophic backtracking in the regular expression, leading to a ReDoS attack.

๐Ÿ“… Published: March 17, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 26, 2026, 4:15 p.m.

4.1

CVSS3.1

CVE-2025-29430 -

Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/room.php via the id and rome parameters.

๐Ÿ“… Published: March 17, 2025, midnight ๐Ÿ”„ Last Modified: Oct. 23, 2025, 8:06 p.m.

7.5

CVSS3.1

CVE-2025-25685 -

An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share.

๐Ÿ“… Published: March 17, 2025, midnight ๐Ÿ”„ Last Modified: March 21, 2025, 2:15 p.m.

4.3

CVSS3.1

CVE-2025-25621 -

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacher_id=2&semester_id=1.

๐Ÿ“… Published: March 17, 2025, midnight ๐Ÿ”„ Last Modified: June 24, 2025, 2:59 p.m.

7.5

CVSS3.1

CVE-2025-25684 -

A lack of validation in the path parameter (/download) of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request.

๐Ÿ“… Published: March 17, 2025, midnight ๐Ÿ”„ Last Modified: March 19, 2025, 8:15 p.m.

6.9

CVSS4.0

CVE-2025-2353 - VAM Virtual Airlines Manager HTTP GET Parameter index.php sql injection

A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registry_id/plane_icao leads to sql injection. It is โ€ฆ

๐Ÿ“… Published: March 16, 2025, 11:31 p.m. ๐Ÿ”„ Last Modified: March 17, 2025, 2:53 p.m.

4.8

CVSS4.0

CVE-2025-2352 - StarSea99 starsea-mall Backend save cross site scripting

A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The attack may bโ€ฆ

๐Ÿ“… Published: March 16, 2025, 11 p.m. ๐Ÿ”„ Last Modified: Oct. 10, 2025, 7:06 p.m.
Total resulsts: 342379
Page 5649 of 34,238
ยซ previous page ยป next page
Filters