Skip to main content
CVE-2025-7757 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-property.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Land Record System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7752 MEDIUM POC This Month

A vulnerability was found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/deletedoctor.php. The manipulation of the argument did leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7751 MEDIUM POC This Month

A vulnerability has been found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addclinic.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7765 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addmanagerclinic.php. The manipulation of the argument clinic leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7764 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/deletedoctorclinic.php. The manipulation of the argument clinic leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7750 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/adddoctorclinic.php. The manipulation of the argument clinic leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7749 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /admin/getmanagerregion.php. The manipulation of the argument city leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7753 MEDIUM POC This Month

A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adddoctor.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-53816 MEDIUM POC PATCH CISA This Month

Heap buffer overflow in 7-Zip's RAR5 handler writes zeroes beyond allocated heap memory, causing memory corruption and denial of service in versions prior to 25.0.0. Local attackers can trigger this vulnerability by crafting malicious RAR5 archive files. Publicly available exploit code exists, making this a moderate-priority local vulnerability despite its network-isolated attack surface.

Heap Overflow Denial Of Service Buffer Overflow 7 Zip Suse
NVD GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-46102 MEDIUM This Month

Reflected XSS in Beakon Learning Management System SCORM v5.4.3 allows an authenticated remote attacker to inject arbitrary JavaScript into a victim's browser session via the unsanitized `url` parameter of the SCORM loader endpoint. The PoC published on PacketStorm demonstrates direct cookie theft using a `javascript:alert(document.cookie)` payload, confirming the vulnerability is exploitable without specialized tooling. No patch has been identified at time of analysis; no public exploit identified at time of analysis beyond the published PoC, and EPSS at 0.25% (17th percentile) reflects low observed exploitation activity consistent with a niche product.

XSS Learning Management System Sharable Content Object Reference Model
NVD
CVSS 3.1
5.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy