Aggregator

CVE-2025-7155 | PHPGurukul Online Notes Sharing System 1.0 Cookie /Dashboard sessionid sql injection

VulDB Recent Entries
20 hours 20 minutes ago
A vulnerability, which was classified as critical, was found in PHPGurukul Online Notes Sharing System 1.0. This affects an unknown part of the file /Dashboard of the component Cookie Handler. The manipulation of the argument sessionid leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7155. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The original researcher disclosure suspects an XPath Injection vulnerability; however, the provided attack payload appears to be characteristic of an SQL Injection attack.
vuldb.com

CVE-2025-7154 | TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi sub_41A0F8 Hostname os command injection

VulDB Recent Entries
20 hours 25 minutes ago
A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command injection. This vulnerability is handled as CVE-2025-7154. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7153 | CodeAstro Simple Hospital Management System 1.0 POST Parameter /doctor.html First Name/Last name/Address cross site scripting

VulDB Recent Entries
20 hours 26 minutes ago
A vulnerability classified as problematic was found in CodeAstro Simple Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor.html of the component POST Parameter Handler. The manipulation of the argument First Name/Last name/Address leads to cross site scripting. This vulnerability is known as CVE-2025-7153. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

AI built it, but can you trust it?

Help Net Security
20 hours 27 minutes ago

In this Help Net Security interview, John Morello, CTO at Minimus, discusses the security risks in AI-driven development, where many dependencies are pulled in quickly. He explains why it’s hard to secure software stacks that no one fully understands. He also shares what needs to change to keep development secure as AI becomes more common. We’re seeing AI-assisted development pull in hundreds of dependencies from diverse sources at speed. From your perspective, what’s the most … More →

The post AI built it, but can you trust it? appeared first on Help Net Security.

Mirko Zorz

CVE-2025-7152 | Campcodes Advanced Online Voting System 1.0 candidates_add.php photo unrestricted upload

VulDB Recent Entries
20 hours 28 minutes ago
A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestricted upload. This vulnerability is traded as CVE-2025-7152. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7151 | Campcodes Advanced Online Voting System 1.0 /admin/voters_add.php photo unrestricted upload

VulDB Recent Entries
20 hours 28 minutes ago
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/voters_add.php. The manipulation of the argument photo leads to unrestricted upload. The identification of this vulnerability is CVE-2025-7151. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7150 | Campcodes Advanced Online Voting System 1.0 /admin/voters_delete.php ID sql injection

VulDB Recent Entries
20 hours 28 minutes ago
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/voters_delete.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-7150. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7149 | Campcodes Advanced Online Voting System 1.0 candidates_delete.php ID sql injection

VulDB Recent Entries
20 hours 28 minutes ago
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/candidates_delete.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7149. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7148 | CodeAstro Simple Hospital Management System 1.0 POST Parameter /patient.html cross site scripting

VulDB Recent Entries
20 hours 31 minutes ago
A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /patient.html of the component POST Parameter Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-7148. The attack may be launched remotely. Furthermore, there is an exploit available. Multiple parameters might be affected.
vuldb.com

CVE-2025-7147 | CodeAstro Patient Record Management System 1.0 /login.php uname sql injection

VulDB Recent Entries
20 hours 32 minutes ago
A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. This vulnerability is known as CVE-2025-7147. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad