Skip to main content
CVE-2025-7838 MEDIUM POC This Month

A vulnerability has been found in Campcodes Online Movie Theater Seat Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/manage_seat.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Movie Theater Seat Reservation System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7824 MEDIUM POC This Month

A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The manipulation leads to xml external entity reference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

XXE Jinher Oa
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7823 MEDIUM POC This Month

A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

XXE Jinher Oa
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7833 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file /members/giving.php. The manipulation of the argument Amount leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Church Donation System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7832 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/offering.php. The manipulation of the argument trcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Church Donation System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7831 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Church Donation System 1.0. This affects an unknown part of the file /members/Tithes.php. The manipulation of the argument trcode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Church Donation System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7830 MEDIUM POC This Month

A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /reg.php. The manipulation of the argument mobile leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Church Donation System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7829 MEDIUM POC This Month

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Church Donation System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-38350 HIGH PATCH This Week

Use-after-free in Linux Kernel traffic control (qdisc) subsystem allows local authenticated attackers to execute arbitrary code, escalate privileges, or cause denial of service. Affects Linux Kernel versions prior to vendor-released patches across multiple stable branches (6.6.x, 6.12.x, 6.15, 6.16-rc1). Triggered when classful qdiscs like DRR and HFSC incorrectly handle child class deactivation during enqueue operations, leaving stale class pointers that can be exploited after deletion. Vendor patches available from kernel.org git stable tree; no active exploitation confirmed (not in CISA KEV), but PoC reproducer exists in public advisory.

Information Disclosure Use After Free Memory Corruption Linux Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7836 LOW POC Monitor

Command injection in D-Link DIR-816L firmware up to version 2.06B01 allows authenticated remote attackers to execute arbitrary system commands via the lxmldbc_system function in the Environment Variable Handler component. The vulnerability affects end-of-life hardware no longer receiving vendor support, with public exploit code available and low real-world exploitation probability despite network accessibility, limited only by requirement for valid authentication credentials.

Command Injection D-Link Dir 816L Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-7834 LOW POC Monitor

Cross-site request forgery in PHPGurukul Complaint Management System 2.0 allows remote attackers to perform unauthorized actions via crafted requests requiring user interaction. The vulnerability has a low CVSS score of 2.1 due to required user interaction (UI:P) and limited integrity impact, but publicly available exploit code exists, making it actionable for targeted attacks against installations.

CSRF Complaint Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7840 LOW POC Monitor

Cross-site scripting (XSS) in Campcodes Online Movie Theater Seat Reservation System 1.0 allows authenticated remote attackers to inject malicious scripts via the Firstname or Lastname parameters on the reserve page, requiring user interaction to trigger. The vulnerability has a low CVSS score of 2.0 due to authentication and user interaction requirements, but publicly available exploit code exists and the vulnerability is classified as problematic with potential for phishing or session hijacking attacks.

PHP XSS Online Movie Theater Seat Reservation System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-7857 LOW POC Monitor

Reflected cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated remote attackers to inject malicious JavaScript via the visname parameter in bwdates-passreports-details.php, with user interaction required. Publicly available exploit code exists, though EPSS exploitation probability remains low at 0.05%, indicating limited real-world weaponization despite disclosure.

PHP XSS Apartment Visitors Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-7856 LOW POC Monitor

Stored cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated users to inject malicious scripts via the visname parameter in pass-details.php, which are then executed in the context of other users' browsers. The vulnerability requires user interaction (UI:P) but can be exploited remotely by any authenticated user with access to the HTTP POST request handler. Publicly available exploit code exists, though the low EPSS score (0.05%) and requirement for user interaction and authentication suggest limited real-world exploitation risk.

PHP XSS Apartment Visitors Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-7818 LOW POC Monitor

Stored cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated users to inject malicious scripts via the categoryname parameter in /category.php, which are subsequently reflected to other users. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting its direct impact to user account compromise or session hijacking of visiting administrators. Public exploit code is available and exploitation probability is low (EPSS 0.05%), suggesting limited real-world weaponization despite public disclosure.

PHP XSS Apartment Visitors Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-7817 LOW POC Monitor

Reflected cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated remote attackers to inject malicious scripts via the visname parameter in /bwdates-reports.php, executing arbitrary JavaScript in victim browsers when user interaction occurs. Publicly available exploit code exists; EPSS score of 0.05% indicates low real-world exploitation probability despite public POC availability.

PHP XSS Apartment Visitors Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-7816 LOW POC Monitor

Stored cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated remote attackers to inject malicious JavaScript via the visname parameter in /visitor-detail.php, which is then reflected to other users. The vulnerability requires user interaction (clicking a malicious link) but affects confidentiality and integrity of the application. Exploit code is publicly available on GitHub, though real-world exploitation remains limited (EPSS 0.05%).

PHP XSS Apartment Visitors Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-7815 LOW POC Monitor

Cross-site scripting vulnerability in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated users with high privileges to inject malicious scripts via the visname parameter in the /manage-newvisitors.php endpoint, exploitable only when the victim user clicks a crafted link. The CVSS score of 1.9 reflects the severe privilege requirement (PR:H), mandatory user interaction (UI:P), and limited impact (integrity only); EPSS exploitation probability is minimal at 0.05%, indicating this poses negligible real-world risk despite publicly available exploit code.

PHP XSS Apartment Visitors Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy