Vulnerabilities (CVE)

Filtered by CWE-74
Total 4730 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-3971 1 Phpgurukul 1 Covid19 Testing Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability classified as critical was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3968 1 Code-projects 1 News Publishing Site Dashboard 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /api.php. The manipulation of the argument cat_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3957 1 Opplus 1 Springboot-admin 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in opplus springboot-admin 1.0 and classified as critical. This issue affects some unknown processing of the file \src\main\resources\mapper\sys\SysLogDao.xml. The manipulation of the argument order leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3956 1 Xxyopen 1 Novel-cloud 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability has been found in 201206030 novel-cloud 1.4.0 and classified as critical. This vulnerability affects the function RestResp of the file novel-cloud-master/novel-book/novel-book-service/src/main/resources/mapper/BookInfoMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-3955 1 Code-projects 1 Patient Record Management System 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, was found in codeprojects Patient Record Management System 1.0. This affects an unknown part of the file /edit_rpatient.php.php. The manipulation of the argument id/lastname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3856 1 Xxyopen 1 Novel-plus 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-3847 1 Markparticle 1 Webserver 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3846 1 Markparticle 1 Webserver 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file code/http/httprequest.cpp of the component Registration. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3842 1 Panhainan 1 Ds-java 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function uploadUserPic.action of the file src/com/phn/action/FileUpload.java. The manipulation of the argument fileUpload leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3829 1 Phpgurukul 1 Men Salon Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3828 1 Phpgurukul 1 Men Salon Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-3827 1 Phpgurukul 1 Men Salon Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3819 1 Phpgurukul 1 Men Salon Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3818 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3817 1 Oretnom23 1 Online Eyewear Shop 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /oews/classes/Master.php?f=delete_stock. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3805 2026-06-17 4.3 MEDIUM 5.3 MEDIUM
A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Affected by this vulnerability is an unknown functionality of the file check_id.py of the component Jinja2 Template Handler. The manipulation of the argument ID leads to injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
CVE-2025-3804 2026-06-17 4.3 MEDIUM 5.3 MEDIUM
A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVE-2025-3800 1 Wcms 1 Wcms 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobile_phone leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-3799 1 Wcms 1 Wcms 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-3797 1 Seacms 1 Seacms 2026-06-17 5.8 MEDIUM 4.7 MEDIUM
A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.