A vulnerability has been found in Campcodes Online Movie Theater Seat Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/manage_seat.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The manipulation leads to xml external entity reference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file /members/giving.php. The manipulation of the argument Amount leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/offering.php. The manipulation of the argument trcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in code-projects Church Donation System 1.0. This affects an unknown part of the file /members/Tithes.php. The manipulation of the argument trcode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /reg.php. The manipulation of the argument mobile leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Use-after-free in Linux Kernel traffic control (qdisc) subsystem allows local authenticated attackers to execute arbitrary code, escalate privileges, or cause denial of service. Affects Linux Kernel versions prior to vendor-released patches across multiple stable branches (6.6.x, 6.12.x, 6.15, 6.16-rc1). Triggered when classful qdiscs like DRR and HFSC incorrectly handle child class deactivation during enqueue operations, leaving stale class pointers that can be exploited after deletion. Vendor patches available from kernel.org git stable tree; no active exploitation confirmed (not in CISA KEV), but PoC reproducer exists in public advisory.
Command injection in D-Link DIR-816L firmware up to version 2.06B01 allows authenticated remote attackers to execute arbitrary system commands via the lxmldbc_system function in the Environment Variable Handler component. The vulnerability affects end-of-life hardware no longer receiving vendor support, with public exploit code available and low real-world exploitation probability despite network accessibility, limited only by requirement for valid authentication credentials.
Cross-site request forgery in PHPGurukul Complaint Management System 2.0 allows remote attackers to perform unauthorized actions via crafted requests requiring user interaction. The vulnerability has a low CVSS score of 2.1 due to required user interaction (UI:P) and limited integrity impact, but publicly available exploit code exists, making it actionable for targeted attacks against installations.
Cross-site scripting (XSS) in Campcodes Online Movie Theater Seat Reservation System 1.0 allows authenticated remote attackers to inject malicious scripts via the Firstname or Lastname parameters on the reserve page, requiring user interaction to trigger. The vulnerability has a low CVSS score of 2.0 due to authentication and user interaction requirements, but publicly available exploit code exists and the vulnerability is classified as problematic with potential for phishing or session hijacking attacks.
Reflected cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated remote attackers to inject malicious JavaScript via the visname parameter in bwdates-passreports-details.php, with user interaction required. Publicly available exploit code exists, though EPSS exploitation probability remains low at 0.05%, indicating limited real-world weaponization despite disclosure.
Stored cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated users to inject malicious scripts via the visname parameter in pass-details.php, which are then executed in the context of other users' browsers. The vulnerability requires user interaction (UI:P) but can be exploited remotely by any authenticated user with access to the HTTP POST request handler. Publicly available exploit code exists, though the low EPSS score (0.05%) and requirement for user interaction and authentication suggest limited real-world exploitation risk.
Stored cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated users to inject malicious scripts via the categoryname parameter in /category.php, which are subsequently reflected to other users. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting its direct impact to user account compromise or session hijacking of visiting administrators. Public exploit code is available and exploitation probability is low (EPSS 0.05%), suggesting limited real-world weaponization despite public disclosure.
Reflected cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated remote attackers to inject malicious scripts via the visname parameter in /bwdates-reports.php, executing arbitrary JavaScript in victim browsers when user interaction occurs. Publicly available exploit code exists; EPSS score of 0.05% indicates low real-world exploitation probability despite public POC availability.
Stored cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated remote attackers to inject malicious JavaScript via the visname parameter in /visitor-detail.php, which is then reflected to other users. The vulnerability requires user interaction (clicking a malicious link) but affects confidentiality and integrity of the application. Exploit code is publicly available on GitHub, though real-world exploitation remains limited (EPSS 0.05%).
Cross-site scripting vulnerability in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated users with high privileges to inject malicious scripts via the visname parameter in the /manage-newvisitors.php endpoint, exploitable only when the victim user clicks a crafted link. The CVSS score of 1.9 reflects the severe privilege requirement (PR:H), mandatory user interaction (UI:P), and limited impact (integrity only); EPSS exploitation probability is minimal at 0.05%, indicating this poses negligible real-world risk despite publicly available exploit code.