CVE Feeds
Latest CVEs
Updates on the latest vulnerabilities detected.
-
CVE-2025-14642 - code-projects Computer Laboratory System technical_staff_pic.php unrestricted upload
CVE ID :CVE-2025-14642
Published : Dec. 14, 2025, 3:15 a.m. | 20 minutes ago
Description :A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technical_staff_pic.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14641 - code-projects Computer Laboratory System admin_pic.php unrestricted upload
CVE ID :CVE-2025-14641
Published : Dec. 14, 2025, 3:15 a.m. | 20 minutes ago
Description :A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/admin_pic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14643 - code-projects Simple Attendance Record System check.php sql injection
CVE ID :CVE-2025-14643
Published : Dec. 14, 2025, 3:02 a.m. | 34 minutes ago
Description :A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14640 - code-projects Student File Management System save_student.php sql injection
CVE ID :CVE-2025-14640
Published : Dec. 14, 2025, 2:15 a.m. | 1 hour, 20 minutes ago
Description :A flaw has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /admin/save_student.php. Executing manipulation of the argument stud_no can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14639 - itsourcecode Student Management System uprec.php sql injection
CVE ID :CVE-2025-14639
Published : Dec. 14, 2025, 2:15 a.m. | 1 hour, 20 minutes ago
Description :A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14638 - itsourcecode Online Pet Shop Management System update_cnp.php sql injection
CVE ID :CVE-2025-14638
Published : Dec. 14, 2025, 1:15 a.m. | 2 hours, 20 minutes ago
Description :A security vulnerability has been detected in itsourcecode Online Pet Shop Management System 1.0. This issue affects some unknown processing of the file /pet1/update_cnp.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13832 - Apache HTTP Server Remote Code Execution Vulnerability
CVE ID :CVE-2025-13832
Published : Dec. 13, 2025, 11:15 p.m. | 4 hours, 20 minutes ago
Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14637 - itsourcecode Online Pet Shop Management System addcnp.php sql injection
CVE ID :CVE-2025-14637
Published : Dec. 13, 2025, 8:15 p.m. | 7 hours, 20 minutes ago
Description :A weakness has been identified in itsourcecode Online Pet Shop Management System 1.0. This vulnerability affects unknown code of the file /pet1/addcnp.php. This manipulation of the argument cnpname causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14636 - Tenda AX9 httpd image_check weak hash
CVE ID :CVE-2025-14636
Published : Dec. 13, 2025, 7:15 p.m. | 8 hours, 20 minutes ago
Description :A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14623 - code-projects Student File Management System update_student.php sql injection
CVE ID :CVE-2025-14623
Published : Dec. 13, 2025, 6:15 p.m. | 9 hours, 20 minutes ago
Description :A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of the argument stud_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14622 - code-projects Student File Management System save_user.php sql injection
CVE ID :CVE-2025-14622
Published : Dec. 13, 2025, 6:15 p.m. | 9 hours, 20 minutes ago
Description :A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14621 - code-projects Student File Management System update_user.php sql injection
CVE ID :CVE-2025-14621
Published : Dec. 13, 2025, 5:15 p.m. | 10 hours, 20 minutes ago
Description :A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument user_id leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-9873 - a3 Lazy Load ributor+) Stored Cross-Site Scripting
CVE ID :CVE-2025-9873
Published : Dec. 13, 2025, 4:16 p.m. | 11 hours, 19 minutes ago
Description :The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-9856 - Popup Builder – Create highly converting, mobile friendly marketing popups.
CVE ID :CVE-2025-9856
Published : Dec. 13, 2025, 4:16 p.m. | 11 hours, 19 minutes ago
Description :The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sg_popup' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-9488 - Redux Framework utor+) Stored Cross-Site Scripting via data Parameter
CVE ID :CVE-2025-9488
Published : Dec. 13, 2025, 4:16 p.m. | 11 hours, 19 minutes ago
Description :The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-9218 - rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function
CVE ID :CVE-2025-9218
Published : Dec. 13, 2025, 4:16 p.m. | 11 hours, 19 minutes ago
Description :The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handle_rest_pre_dispatch() function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to retrieve media items associated with draft or private posts.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-9207 - TI WooCommerce Wishlist n
CVE ID :CVE-2025-9207
Published : Dec. 13, 2025, 4:16 p.m. | 11 hours, 19 minutes ago
Description :The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the plugin accepting hidden fields and not limiting the values or data that can input and is later output. This makes it possible for unauthenticated attackers to inject arbitrary HTML into wishlist items.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-9116 - WPS Visitor Counter Plugin ST_URI']
CVE ID :CVE-2025-9116
Published : Dec. 13, 2025, 4:16 p.m. | 11 hours, 19 minutes ago
Description :The WPS Visitor Counter Plugin WordPress plugin through 1.4.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-8780 - Livemesh SiteOrigin Widgets d Cross-Site Scripting via Hero Header and Pricing Table Widgets
CVE ID :CVE-2025-8780
Published : Dec. 13, 2025, 4:16 p.m. | 11 hours, 19 minutes ago
Description :The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Hero Header and Pricing Table widgets in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-8779 - All-in-One Addons for Elementor – WidgetKit ting via Team and Countdown Widgets
CVE ID :CVE-2025-8779
Published : Dec. 13, 2025, 4:16 p.m. | 11 hours, 19 minutes ago
Description :The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Information
Vortech Consulting is a network security and design consulting firm originally founded in 1997. Over our nearly 30 year history we have provided security services and products for a wide variety of companies around the globe.
Company
Who's Online
We have 554 guests and no members online