ReportizFlow
Filtered by vendor
Subscriptions
Total
4587 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9241 | 2 Eladmin, Elunez | 2 Eladmin, Eladmin | 2025-10-31 | 6.3 Medium |
| A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2022-27924 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-10-31 | 7.5 High |
| Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries. | ||||
| CVE-2025-11629 | 1 Docsys Project | 1 Docsys | 2025-10-31 | 6.3 Medium |
| A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11909 | 2 Shenzhen Ruiming Technology, Streamax | 2 Streamax Crocus, Streamax Crocus | 2025-10-31 | 6.3 Medium |
| A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11910 | 2 Shenzhen Ruiming Technology, Streamax | 2 Streamax Crocus, Streamax Crocus | 2025-10-31 | 6.3 Medium |
| A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11911 | 2 Shenzhen Ruiming Technology, Streamax | 2 Streamax Crocus, Streamax Crocus | 2025-10-31 | 6.3 Medium |
| A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.do?Action=Query. The manipulation of the argument sortField results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11912 | 2 Shenzhen Ruiming Technology, Streamax | 2 Streamax Crocus, Streamax Crocus | 2025-10-31 | 6.3 Medium |
| A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2020-8468 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2025-10-31 | 8.8 High |
| Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. | ||||
| CVE-2025-12309 | 2 Code-projects, Fabian | 2 Social Networking Site, Nero Social Networking Site | 2025-10-30 | 7.3 High |
| A weakness has been identified in code-projects Nero Social Networking Site 1.0. This affects an unknown part of the file /friendprofile.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-12316 | 2 Carmelogarcia, Code-projects | 2 Courier Management System, Courier Management System | 2025-10-30 | 7.3 High |
| A vulnerability was identified in code-projects Courier Management System 1.0. This impacts an unknown function of the file /courier/edit-courier.php. The manipulation of the argument OfficeName leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-12325 | 2 Mayurik, Sourcecodester | 2 Best Salon Management System, Best Salon Management System | 2025-10-30 | 7.3 High |
| A vulnerability has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6446 | 2 Code-projects, Fabian | 2 Client Details System, Client Details System | 2025-10-29 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /clientdetails/admin/index.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-11605 | 2 Code-projects, Fabian | 2 Client Details System, Client Details System | 2025-10-29 | 6.3 Medium |
| A vulnerability was identified in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/update-profile.php. Such manipulation of the argument uid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-12208 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2025-10-28 | 7.3 High |
| A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /admin_class.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-12226 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2025-10-28 | 4.7 Medium |
| A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performing manipulation of the argument house_no results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2025-12243 | 2 Code-projects, Fabian | 2 Client Details System, Client Details System | 2025-10-28 | 6.3 Medium |
| A vulnerability was found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the file clientdetails/welcome.php of the component GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-12252 | 2 Carmelo, Code-projects | 2 Online Event Judging System, Online Event Judging System | 2025-10-28 | 6.3 Medium |
| A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-12253 | 1 Amttgroup | 2 Hibos, Hotel Broadband Operation System | 2025-10-28 | 7.3 High |
| A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/portal/get_expiredtime.php. This manipulation of the argument uid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-12254 | 2 Carmelo, Code-projects | 2 Online Event Judging System, Online Event Judging System | 2025-10-28 | 6.3 Medium |
| A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected by this issue is some unknown functionality of the file /add_judge.php. Such manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-12255 | 2 Carmelo, Code-projects | 2 Online Event Judging System, Online Event Judging System | 2025-10-28 | 6.3 Medium |
| A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown part of the file /add_contestant.php. Performing manipulation of the argument fullname results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. | ||||