Total
4834 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-11053 | 1 Phpgurukul | 1 Small Crm | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-11052 | 1 Kidaze | 1 Courseselectionsystem | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in kidaze CourseSelectionSystem 1.0/5.php. The impacted element is an unknown function of the file /Profilers/PriProfile/COUNT3s5.php. Performing manipulation of the argument csslc results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-11045 | 2026-06-17 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. This affects an unknown function of the file /usb_paswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-11041 | 1 Angeljudesuarez | 1 Open Source Job Portal | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in itsourcecode Open Source Job Portal 1.0. Affected by this issue is some unknown functionality of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-11040 | 1 Angeljudesuarez | 1 Hostel Management System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in code-projects Hostel Management System 1.0. Affected by this issue is some unknown functionality of the file /justines/admin/mod_users/index.php?view=view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. | |||||
| CVE-2025-11039 | 1 Campcodes | 1 Computer Sales And Inventory System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/us_edit1.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-11038 | 1 Angeljudesuarez | 1 Online Clinic Management System | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in itsourcecode Online Clinic Management System 1.0. Affected is an unknown function of the file /details.php?action=post. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-11037 | 1 Fabian | 1 E-commerce Website | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/admin_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-11036 | 1 Fabian | 1 E-commerce Website | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in code-projects E-Commerce Website 1.0. This affects an unknown function of the file /pages/admin_account_update.php. Such manipulation of the argument user_id leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-11033 | 1 Kidaze | 1 Courseselectionsystem | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Impacted is an unknown function of the file /Profilers/PriProfile/COUNT3s7.php. The manipulation of the argument cbe leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2025-11032 | 1 Kidaze | 1 Courseselectionsystem | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This issue affects some unknown processing of the file /Profilers/PriProfile/COUNT3s6.php. Executing manipulation of the argument CPU can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. | |||||
| CVE-2025-10993 | 1 Muyucms | 1 Muyucms | 2026-06-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security flaw has been discovered in MuYuCMS up to 2.7. Affected by this issue is some unknown functionality of the file /admin.php of the component Template Management. The manipulation results in code injection. It is possible to launch the attack remotely. | |||||
| CVE-2025-10973 | 2026-06-17 | 7.5 HIGH | 7.3 HIGH | ||
| A flaw has been found in JackieDYH Resume-management-system up to fb6b857d852dd796e748ce30c606fe5e61c18273. Affected by this issue is some unknown functionality of the file /admin/show.php. This manipulation of the argument userid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10967 | 2026-06-17 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9. This affects an unknown part of the file /chkuser.php. Performing manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10964 | 1 Wavlink | 2 Wl-nu516u1, Wl-nu516u1 Firmware | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in Wavlink NU516U1. Affected by this vulnerability is the function sub_401B30 of the file /cgi-bin/firewall.cgi. This manipulation of the argument remoteManagementEnabled causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10963 | 1 Wavlink | 2 Wl-nu516u1, Wl-nu516u1 Firmware | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. Affected is the function sub_4016F0 of the file /cgi-bin/firewall.cgi. The manipulation of the argument del_flag results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10962 | 1 Wavlink | 2 Wl-nu516u1, Wl-nu516u1 Firmware | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This impacts the function sub_403198 of the file /cgi-bin/wireless.cgi of the component SetName Page. The manipulation of the argument mac_5g leads to command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10961 | 1 Wavlink | 2 Wl-nu516u1, Wl-nu516u1 Firmware | 2026-06-17 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. This affects the function sub_4030C0 of the file /cgi-bin/wireless.cgi of the component Delete_Mac_list Page. Executing manipulation of the argument delete_list can lead to command injection. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10960 | 1 Wavlink | 2 Wl-nu516u1, Wl-nu516u1 Firmware | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Wavlink NU516U1 M16U1_V240425. The impacted element is the function sub_402D1C of the file /cgi-bin/wireless.cgi of the component DeleteMac Page. Performing manipulation of the argument delete_list results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10959 | 1 Wavlink | 2 Wl-nu516u1, Wl-nu516u1 Firmware | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. The affected element is the function sub_401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmz_flag leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
