VulDB Recent Entries

A vulnerability, which was classified as critical, was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2025-13579. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. This vulnerability is documented as CVE-2025-13578. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability classified as problematic was found in PHPGurukul Hostel Management System 2.1. The impacted element is an unknown function of the file /register-complaint.php. Executing manipulation of the argument cdetails can lead to cross site scripting. This vulnerability is registered as CVE-2025-13577. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as critical has been found in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. This vulnerability is cataloged as CVE-2025-13576. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Multiple endpoints are affected.

A vulnerability described as critical has been identified in code-projects Blog Site 1.0. Impacted is the function category_exists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field leads to sql injection. This vulnerability is listed as CVE-2025-13575. The attack may be performed from remote. In addition, an exploit is available. Multiple endpoints are affected.

A vulnerability marked as critical has been reported in code-projects Online Bidding System 1.0. This issue affects the function categoryadd of the file /administrator/addcategory.php. This manipulation of the argument catimage causes unrestricted upload. This vulnerability is tracked as CVE-2025-13574. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add_book.php. The manipulation of the argument image results in unrestricted upload. This vulnerability is identified as CVE-2025-13573. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /delete_admin.php. The manipulation of the argument admin_id leads to sql injection. This vulnerability is referenced as CVE-2025-13572. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /listorder.php. Executing manipulation of the argument ID can lead to sql injection. The identification of this vulnerability is CVE-2025-13571. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in itsourcecode COVID Tracking System 1.0. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=state. Performing manipulation of the argument ID results in sql injection. This vulnerability was named CVE-2025-13570. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in itsourcecode COVID Tracking System 1.0. It has been declared as critical. Affected is an unknown function of the file /admin/?page=city. Such manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-13569. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in itsourcecode COVID Tracking System 1.0. It has been classified as critical. This impacts an unknown function of the file /admin/?page=people. This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2025-13568. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in itsourcecode COVID Tracking System 1.0 and classified as critical. This affects an unknown function of the file /admin/?page=establishment. The manipulation of the argument ID results in sql injection. This vulnerability is known as CVE-2025-13567. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability has been found in jarun nnn up to 5.1 and classified as problematic. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation leads to double free. This vulnerability is traded as CVE-2025-13566. An attack has to be approached locally. There is no exploit available. It is suggested to install a patch to address this issue.

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. This vulnerability appears as CVE-2025-13565. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as problematic, has been found in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. This vulnerability is reported as CVE-2025-13564. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is documented as CVE-2025-13562. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql injection. This vulnerability is registered as CVE-2025-13561. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as critical has been identified in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. This vulnerability is cataloged as CVE-2025-13560. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The manipulation of the argument email leads to sql injection. This vulnerability is listed as CVE-2025-13557. The attack may be initiated remotely. In addition, an exploit is available.