Vulnerabilities (CVE)

Filtered by CWE-74
Total 4815 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-15391 1 Dlink 2 Dir-806a, Dir-806a Firmware 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi_main of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-15357 1 Dlink 2 Di-7400g\+, Di-7400g\+ Firmware 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used.
CVE-2025-15354 1 Angeljudesuarez 1 Society Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/add_admin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2025-15353 1 Angeljudesuarez 1 Society Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function edit_admin_query of the file /admin/edit_admin_query.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2025-15263 1 Biggidroid 1 Simple Php Cms 2026-06-17 7.5 HIGH 7.3 HIGH
A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2025-15257 1 Edimax 2 Br-6208ac, Br-6208ac Firmware 2026-06-17 7.5 HIGH 7.3 HIGH
A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-15256 1 Edimax 2 Br-6208ac, Br-6208ac Firmware 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-15250 2026-06-17 5.8 MEDIUM 4.7 MEDIUM
A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-15243 1 Carmelo 1 Simple Stock System 2026-06-17 7.5 HIGH 7.3 HIGH
A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
CVE-2025-15212 1 Fabian 1 Refugee Food Management System 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVE-2025-15211 1 Fabian 1 Refugee Food Management System 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationality_nid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
CVE-2025-15210 1 Fabian 1 Refugee Food Management System 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationality_nid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-15209 1 Fabian 1 Refugee Food Management System 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown part of the file /home/editfood.php. This manipulation of the argument a/b/c/d causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-15208 1 Fabian 1 Refugee Food Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
CVE-2025-15207 1 Campcodes 1 Supplier Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/view_products.php. The manipulation of the argument chkId[] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-15206 1 Campcodes 1 Supplier Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A flaw has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /admin/add_area.php. Executing a manipulation of the argument txtAreaCode can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
CVE-2025-15205 1 Fabian 1 Student File Management System 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argument istore_id leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
CVE-2025-15198 1 Code-projects 1 College Notes Uploading System 2026-06-17 7.5 HIGH 7.3 HIGH
A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing a manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2025-15196 1 Code-projects 1 Assessment Management 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
CVE-2025-15195 1 Code-projects 1 Assessment Management 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.