Vulnerabilities (CVE)

Filtered by CWE-74
Total 4838 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-11098 1 Dlink 2 Dir-823x, Dir-823x Firmware 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_wifi_blacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.
CVE-2025-11097 1 Dlink 2 Dir-823x, Dir-823x Firmware 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-11096 1 Dlink 2 Dir-823x, Dir-823x Firmware 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diag_traceroute. Executing manipulation of the argument target_addr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used.
CVE-2025-11095 1 Dlink 2 Dir-823x, Dir-823x Firmware 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/delete_offline_device. Performing manipulation of the argument delvalue results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVE-2025-11094 1 Fabian 1 E-commerce Site 2026-06-17 7.5 HIGH 7.3 HIGH
A security vulnerability has been detected in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/admin_product_details.php. Such manipulation of the argument prod_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-11092 1 Dlink 2 Dir-823x, Dir-823x Firmware 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_switch_settings. This manipulation of the argument port causes command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-11090 1 Angeljudesuarez 1 Open Source Job Portal 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected is an unknown function of the file /admin/employee/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
CVE-2025-11089 1 Kidaze 1 Courseselectionsystem 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVE-2025-11088 1 Angeljudesuarez 1 Open Source Job Portal 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A weakness has been identified in itsourcecode Open Source Job Portal 1.0. Impacted is an unknown function of the file /admin/vacancy/index.php?view=edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
CVE-2025-11077 1 Campcodes 1 Online Learning Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was determined in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/add_content.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-11076 1 Campcodes 1 Online Learning Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was found in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_teacher.php. Performing manipulation of the argument department results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
CVE-2025-11075 1 Campcodes 1 Online Learning Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability has been found in Campcodes Online Learning Management System 1.0. This affects an unknown function of the file /admin/de_activate.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-11074 1 Fabian 1 Project Monitoring System 2026-06-17 7.5 HIGH 7.3 HIGH
A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
CVE-2025-11073 2026-06-17 5.8 MEDIUM 4.7 MEDIUM
A vulnerability was detected in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be launched remotely. The exploit is now public and may be used.
CVE-2025-11071 1 Seacms 1 Seacms 2026-06-17 5.8 MEDIUM 4.7 MEDIUM
A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admin_cron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-11070 1 Projectworlds 1 Online Shopping System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cart_add.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2025-11066 1 Fabian 1 Online Bidding System 2026-06-17 7.5 HIGH 7.3 HIGH
A flaw has been found in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/bidlist.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
CVE-2025-11064 1 Campcodes 1 Online Learning Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Impacted is an unknown function of the file /admin/teachers.php. The manipulation of the argument department results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
CVE-2025-11063 1 Campcodes 1 Online Learning Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /admin/edit_department.php. The manipulation of the argument d leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVE-2025-11062 1 Campcodes 1 Online Learning Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was determined in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/save_student.php. Executing manipulation of the argument class_id can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.