VulDB Recent Entries

A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /search.php. The manipulation of the argument searchtitle leads to sql injection. This vulnerability is traded as CVE-2025-4728. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The identification of this vulnerability is CVE-2025-4727. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_student.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-4726. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. This affects an unknown part of the file /view_drive.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4725. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in itsourcecode Placement Management System 1.0. Affected by this issue is some unknown functionality of the file /student_profile.php. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2025-4724. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /all_student.php. The manipulation of the argument delete leads to sql injection. This vulnerability is known as CVE-2025-4723. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /edit_profile.php. The manipulation of the argument Name leads to sql injection. This vulnerability is traded as CVE-2025-4722. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /drive.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-4721. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file academic/core/drop_student.php. The manipulation of the argument img leads to path traversal. This vulnerability was named CVE-2025-4720. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Hitachi JP1 IT Desktop Management 2 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to use of web browser cache containing sensitive information. This vulnerability is uniquely identified as CVE-2025-27525. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/cash_transaction.php. The manipulation of the argument cid leads to sql injection. This vulnerability is handled as CVE-2025-4719. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/customer_add.php. The manipulation of the argument last leads to sql injection. This vulnerability is known as CVE-2025-4718. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability, which was classified as critical, was found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /visitors-form.php. The manipulation of the argument fullname leads to sql injection. This vulnerability is traded as CVE-2025-4717. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Microsoft Windows. This issue affects some unknown processing of the component xrm-ms File Handler. The manipulation leads to xml injection. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Hitachi JP1 IT Desktop Management 2 on Windows. This vulnerability affects unknown code. The manipulation leads to xml external entity reference. This vulnerability was named CVE-2025-27523. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Hitachi JP1 IT Desktop Management 2 on Windows. This affects an unknown part. The manipulation leads to inadequate encryption strength. This vulnerability is uniquely identified as CVE-2025-27524. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pages/credit_transaction_add.php. The manipulation of the argument prod_name leads to sql injection. This vulnerability is handled as CVE-2025-4716. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /pages/view_application.php. The manipulation of the argument cid leads to sql injection. This vulnerability is known as CVE-2025-4715. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/reprint.php. The manipulation of the argument sid leads to sql injection. This vulnerability is traded as CVE-2025-4714. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/print.php. The manipulation of the argument sid leads to sql injection. The identification of this vulnerability is CVE-2025-4713. The attack may be initiated remotely. Furthermore, there is an exploit available.