Skip to main content
CVE-2025-7933 MEDIUM POC This Month

A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/settings_update.php of the component Setting Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7931 MEDIUM POC This Month

A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /members/admin_pic.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP Authentication Bypass File Upload Church Donation System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7915 MEDIUM POC This Month

A vulnerability was found in Chanjet CRM 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mail/mailinactive.php of the component Login Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Chanjet Crm
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7930 MEDIUM POC This Month

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /members/add_members.php. The manipulation of the argument mobile leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Church Donation System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7929 MEDIUM POC This Month

A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /members/edit_Members.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Church Donation System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7928 MEDIUM POC This Month

A vulnerability was found in code-projects Church Donation System 1.0 and classified as critical. This issue affects some unknown processing of the file /members/edit_user.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Church Donation System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-5681 MEDIUM This Month

Authorization bypass via user-controlled key manipulation in Turtek Software Eyotek exposes sensitive user data to remote attackers without requiring authentication. The vulnerability, classified as CWE-639 (Insecure Direct Object Reference class), permits an attacker to enumerate or substitute trusted identifiers in requests to access resources belonging to other users, resulting in high-confidentiality-impact data disclosure with no integrity or availability effect. Reported by Turkish USOM (iletisim@usom.gov.tr), no public exploit code exists and the EPSS score of 0.20% places this at the 43rd percentile, indicating low current exploitation probability.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-7369 MEDIUM This Month

Execute arbitrary shortcodes in WordPress sites running WP Shortcodes Plugin - Shortcodes Ultimate through version 7.4.2 via Cross-Site Request Forgery targeting site administrators. Unauthenticated attackers can forge requests that bypass nonce validation in the preview function, allowing execution of arbitrary shortcodes if an admin clicks a malicious link. When combined with CVE-2025-7354, this enables Reflected Cross-Site Scripting. EPSS score of 6.1 (moderate CVSS) reflects the UI requirement and need for admin interaction, though real-world risk is elevated due to the attack surface in WordPress admin workflows. No public exploit code or CISA KEV confirmation identified at time of analysis.

WordPress CSRF XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-7962 MEDIUM PATCH This Month

SMTP injection in Eclipse Jakarta Mail (and its Angus Mail implementation) prior to version 2.0.2 allows a low-privileged attacker to inject arbitrary SMTP protocol commands by embedding raw carriage return (\r) and line feed (\n) UTF-8 characters into email fields processed by the library. The library fails to sanitize these input terminators before passing data to the SMTP command stream, enabling an attacker with control over email content to inject additional SMTP commands, forge headers, or deliver unsolicited messages through a trusted mail relay. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Code Injection Jakarta Mail Angus Mail Red Hat Suse
NVD VulDB
CVSS 4.0
6.0
EPSS
0.8%
CVE-2025-2301 MEDIUM This Month

Authorization bypass in Akbim Software Online Exam Registration allows a highly privileged, remote attacker to access confidential exam registration data belonging to other users by manipulating user-controlled identifier keys. Affected versions are all releases prior to 14.03.2025. No public exploit code has been identified at time of analysis, and EPSS exploitation probability stands at just 0.17%, reflecting low observed threat activity despite the confidentiality severity of the flaw.

Authentication Bypass
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy