High
CVE-2025-12208
A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /admin_class.php. Performing manipulation of the argument Username re…
Tag: PHP
All CVEs associated with "PHP". Page 33/311 • 37316 CVEs.
Subscribe CVEs: RSS for “PHP” · RSS (High+Critical only)
About “PHP”
A curated feed of “PHP”-related CVEs appears below. We currently track 37316 CVEs for this tag (all time). In the last 365 days, 6054 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-10-27
Medium
CVE-2025-12203
A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation…
Medium
CVE-2025-12202
A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation resu…
Medium
CVE-2025-12201
A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component…
2025-10-25
High
CVE-2025-10488
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the add_listin…
High
CVE-2025-12095
The Simple Registration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.8. This is due to missing nonce validation on the ro…
2025-10-24
High
CVE-2025-12028
The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the `login_form_indieauth()` f…
Medium
CVE-2025-11992
The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on th…
High
CVE-2025-62868
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion.This issue affects Edge C…
Medium
CVE-2025-9978
The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability.
2025-10-23
Medium
CVE-2025-60859
Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted c_id parameter in bbs/view_comment.php.
Medium
CVE-2025-61464
gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the search_table in bbs/search.php.
Critical
CVE-2025-11023
Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software a…
Medium
CVE-2025-62396
An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.
Medium
CVE-2025-41073
Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those l…
Medium
CVE-2025-40643
Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm…
2025-10-22
High
CVE-2025-62606
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark re…
High
CVE-2025-62054
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue…
High
CVE-2025-62029
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themesion Grevo grevo.This issue affects Grevo: from n/a through <= 2.4.
High
CVE-2025-59564
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects E…
High
CVE-2025-59558
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Bil…
High
CVE-2025-59555
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Medizin medizin allows PHP Local File Inclusion.This issue affects M…
High
CVE-2025-59550
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Xcare xcare allows PHP Local File Inclusion.This issue affects Xc…
High
CVE-2025-58967
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects…
High
CVE-2025-58958
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affec…
High
CVE-2025-58955
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Karzo karzo allows PHP Local File Inclusion.This issue affects Ka…
High
CVE-2025-49935
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects Wo…
High
CVE-2025-49921
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue a…
High
CVE-2025-48338
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows PHP Local Fi…
High
CVE-2025-32657
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pr…
Critical
CVE-2016-15048
AMTT Hotel Broadband Operation System (HiBOS) contains an unauthenticated command injection vulnerability in the /manager/radius/server_ping.php endpoint. The application constructs a shell command t…
2025-10-21
Medium
CVE-2025-61457
code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS) src/Form/Fields/SharpFormUploadField.php.
Medium
CVE-2025-62598
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the edit…
Medium
CVE-2025-62597
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the edit…
Medium
CVE-2025-60511
Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat…
High
CVE-2025-60500
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate Yo…
Medium
CVE-2025-61194
daicuocms V1.3.13 contains a SQL injection vulnerability in the file library\think\db\Builder.php.
Medium
CVE-2025-60934
Multiple stored cross-site scripting (XSS) vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML vi…
2025-10-20
Medium
CVE-2025-60783
There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially c…
Medium
CVE-2025-60781
PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) in the worksheet.php file via the participant_name parameter.
High
CVE-2025-61488
An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter
High
CVE-2025-62429
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the…
Critical
CVE-2025-61455
SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, al…
2025-10-19
Medium
CVE-2025-11944
A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes…
Medium
CVE-2025-11941
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulati…
Medium
CVE-2025-11939
A vulnerability was determined in ChurchCRM up to 5.18.0. This issue affects some unknown processing of the file src/ChurchCRM/Backup/RestoreJob.php of the component Backup Restore Handler. Executing…
Medium
CVE-2025-11938
A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing a manipulation of the argument DB_PASSWORD/ROOT_PATH/URL re…
2025-10-18
Medium
CVE-2025-11738
The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthe…
Critical
CVE-2017-20208
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 (exclusive) via…
Critical
CVE-2017-20207
The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the `pager ` parameter. This allows u…
Critical
CVE-2017-20206
The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This…
2025-10-17
Medium
CVE-2025-62424
ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - #146 and earlier, the /admin_area/template_editor.php endpoint is vulnerable to path traversal. The validation of the f…
Critical
CVE-2025-57567
A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory (/themes/defaut/css/minify.php). An au…
2025-10-16
Medium
CVE-2025-62423
ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/admin_area/login_as_user.php” file. Exp…
Low
CVE-2025-61924
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wro…
Medium
CVE-2025-60641
The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserialize(base64_decode($_POST['mexcel'])), where $_POST['mexcel'] is user-controlled input. This input is decoded f…
High
CVE-2025-34518
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to…
High
CVE-2025-34517
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to…
High
CVE-2025-34514
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec() and allow an authenticated at…
Critical
CVE-2025-34513
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that allows an unauthenticated attacker to execute arbitrary code. Ilev…
Medium
CVE-2025-34512
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in…
Medium
CVE-2025-61540
SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php.
Medium
CVE-2025-61539
Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php.
Medium
CVE-2025-41021
Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin…
High
CVE-2025-41020
Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admi…
Critical
CVE-2025-41019
SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticket_detail'.
Critical
CVE-2025-41018
SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'.
2025-10-15
High
CVE-2025-11722
The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'categoryaccordionpanel' shortcode.…
Medium
CVE-2025-11692
The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions up to, and including,…
Medium
CVE-2025-10312
The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions…
High
CVE-2025-11746
The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theet_ajax_required_plugins_popup() function. This makes it possible for authentic…
Critical
CVE-2023-7304
Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmc_sync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject sh…
Critical
CVE-2011-10033
The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-rese…
2025-10-14
High
CVE-2025-11736
A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of the argument Username causes sql…
2025-10-13
Medium
CVE-2025-62365
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in `report_this` function in `librenms/includes/functions.php`. The `report_this`…
Medium
CVE-2025-62361
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, an Open Redirect vulnerability was identified in the control.php endpoint of the WeGIA…
High
CVE-2025-62360
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documen…
Medium
CVE-2025-62359
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /pet/profile…
Medium
CVE-2025-62358
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracao_geral.php is vulnerable to Reflected Cross-Site Scrip…
High
CVE-2025-62179
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastro_funciona…
Low
CVE-2025-62178
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /html/atendi…
High
CVE-2025-62177
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar…
Medium
CVE-2025-11668
A vulnerability was determined in code-projects Automated Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/update_user.php. This manipulation of the argument…
Medium
CVE-2025-11667
A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_candidate_modal.php.. The manipulation of the…
Medium
CVE-2025-11664
A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipul…
Medium
CVE-2025-11663
A weakness has been identified in Campcodes Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/manage-services.php. This manipulation of the ar…
High
CVE-2025-11662
A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. Impacted is an unknown function of the file /booking.php. The manipulation of the argument serv_id results in s…
High
CVE-2025-11660
A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets…
High
CVE-2025-11659
A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/up…
High
CVE-2025-11658
A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. Th…
High
CVE-2025-11657
A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createN…
High
CVE-2025-11656
A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Exec…
High
CVE-2025-11654
A vulnerability was identified in yousaf530 Inferno Online Clothing Store up to 827dd42bfbe380e8de76fdc67958c24cf1246208. The affected element is an unknown function of the file /log.php. Such manipu…
2025-10-12
Medium
CVE-2025-11628
A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inv…
2025-10-11
High
CVE-2025-11615
A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add_invoice.php. Performing manipulation of the argument Servic…
High
CVE-2025-11614
A vulnerability was identified in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/edit-appointment.php. Such manipulation of t…
Medium
CVE-2025-11613
A vulnerability was found in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file /addcategory.php. The manipulation of the argument cname results in sql injecti…
Medium
CVE-2025-11612
A vulnerability has been found in code-projects Simple Food Ordering System 1.0. This impacts an unknown function of the file /addproduct.php. The manipulation of the argument Category leads to sql i…
Medium
CVE-2025-11611
A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql injection. The…
Medium
CVE-2025-11610
A security flaw has been discovered in SourceCodester Simple Inventory System 1.0. This issue affects some unknown processing of the file /brand.php. The manipulation of the argument editBrandName re…
High
CVE-2025-11608
A security vulnerability has been detected in code-projects E-Banking System 1.0. This affects an unknown function of the file /register.php of the component POST Parameter Handler. The manipulation…
Medium
CVE-2025-11605
A vulnerability was identified in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/update-profile.php. Such manipulation of the argument uid leads to sql in…
High
CVE-2025-11604
A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status cause…
Medium
CVE-2025-11603
A vulnerability was found in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /editproduct.php. The manipulation of the argument Category results in…
High
CVE-2025-11601
A vulnerability was detected in SourceCodester Online Student Result System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing manipulation of the argu…
Medium
CVE-2025-11600
A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file editcategory.php. Such manipulation of the argument cname lead…
High
CVE-2025-11599
A weakness has been identified in Campcodes Online Apartment Visitor Management System 1.0. This impacts an unknown function of the file /forgot-password.php. This manipulation of the argument email…
Medium
CVE-2025-11597
A vulnerability was identified in code-projects E-Commerce Website 1.0. The impacted element is an unknown function of the file /pages/product_add_qty.php. The manipulation of the argument prod_id le…
High
CVE-2025-11596
A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/delete_order_details.php. Executing manipulation of the argument…
Medium
CVE-2025-11595
A vulnerability was found in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /admin-profile.php. Performing a manipulation of the argument mobile…
Medium
CVE-2025-11594
A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of t…
Medium
CVE-2025-9196
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via…
Medium
CVE-2025-11593
A flaw has been found in CodeAstro Gym Management System 1.0. This vulnerability affects unknown code of the file /admin/actions/delete-equipment.php. This manipulation of the argument ID causes sql…
Medium
CVE-2025-11592
A vulnerability was detected in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/edit-equipmentform.php. The manipulation of the argument ID results in sql injecti…
Medium
CVE-2025-11591
A security vulnerability has been detected in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/actions/delete-member.php. The manipulation…
Medium
CVE-2025-11590
A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing a manipulation of t…
2025-10-10
Medium
CVE-2025-11589
A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results…
Medium
CVE-2025-11588
A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql inject…
High
CVE-2025-11585
A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql in…
High
CVE-2025-11584
A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation of the argument txtspecializatio…