Skip to main content
CVE-2025-8241 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. This affects an unknown part of the file /report.php. The manipulation of the argument From leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Abc Courier Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8240 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /user/dashboard.php. The manipulation of the argument phone leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8239 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8238 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s2.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8237 MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_s1.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8236 MEDIUM POC This Month

A vulnerability was found in code-projects Online Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8235 MEDIUM POC This Month

A vulnerability was found in code-projects Online Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/product.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8234 MEDIUM POC This Month

A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8233 MEDIUM POC This Month

A vulnerability has been found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user.php. The manipulation of the argument un leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8232 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/delete_user.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8220 MEDIUM POC This Month

A vulnerability has been found in Engeman Web up to 12.0.0.2. The affected element is an unknown function of the file /Login/RecoveryPass of the component Password Recovery Page. The manipulation of the argument LanguageCombobox as part of Cookie leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.0.3 is sufficient to fix this issue. Upgrading the affected component is advised. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Web
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8231 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Authentication Bypass D-Link Dir 890L Firmware
NVD GitHub VulDB
CVSS 4.0
5.2
EPSS
0.1%
CVE-2025-8227 LOW POC Monitor

Unsafe deserialization in ChanCMS up to version 3.1.2 allows authenticated remote attackers to trigger deserialization vulnerabilities via the taskUrl parameter in the /collect/getArticle endpoint, potentially leading to code execution. The vulnerability has limited confidentiality, integrity, and availability impact per CVSS 4.0 scoring (2.1 score). Publicly available exploit code exists, and the vendor has released patched version 3.1.3.

Deserialization Chancms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-8228 LOW POC Monitor

Server-side request forgery in ChanCMS up to version 3.1.2 allows authenticated attackers to conduct SSRF attacks via the targetUrl parameter in the /cms/collect/getPages endpoint. The CVSS score of 2.1 reflects low confidentiality and integrity impact on the vulnerable component itself, but the publicly disclosed exploit and low EPSS score (0.10%, percentile 26%) suggest this vulnerability carries minimal real-world exploitation risk despite active public disclosure.

SSRF Chancms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8226 LOW POC Monitor

ChanCMS up to version 3.1.2 permits information disclosure through improper validation of accessKey and secretKey parameters in the /sysApp/find endpoint, allowing authenticated remote attackers to access sensitive data. The vulnerability has a low CVSS score of 2.1 (CVSS:4.0/AV:N/AC:L/PR:L) reflecting limited confidentiality impact and requirement for low-privilege authentication, but publicly available exploit code exists and exploitation probability (EPSS 0.09%) is extremely low, suggesting this is a narrow-scope, low-urgency issue despite public disclosure.

Information Disclosure Chancms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8223 LOW POC Monitor

Cross-site request forgery in jerryshensjf JPACookieShop (蛋糕商城JPA版) allows unauthenticated remote attackers to perform unauthorized actions via crafted requests to AdminTypeCustController.java, requiring user interaction. The vulnerability has a low CVSS score of 2.1 but public exploit code is available; however, the extremely low EPSS percentile (23%) suggests minimal real-world exploitation despite public disclosure.

CSRF Jpacookieshop
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8221 LOW POC Monitor

Reflected cross-site scripting (XSS) in JPACookieShop's GoodsCustController.goodsSearch function allows remote unauthenticated attackers to inject malicious scripts via the keyword parameter, affecting user sessions with minimal complexity. The vulnerability carries a CVSS 2.1 score but requires user interaction (clicking a malicious link), and public exploit code is available. With an EPSS of 0.06% and no confirmed active exploitation in the wild, the real-world risk is low despite the disclosed POC.

XSS Jpacookieshop
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8222 LOW POC Monitor

Stored cross-site scripting (XSS) in JPACookieShop GoodsController allows authenticated users to inject malicious scripts that execute in other users' browsers, with public exploit code available and CVSS 2.0 reflecting low impact due to required user interaction and authenticated access prerequisites.

XSS Jpacookieshop
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-8224 LOW POC Monitor

Null pointer dereference in GNU Binutils 2.44 BFD Library function bfd_elf_get_str_section causes denial of service when processing malformed ELF files locally. The vulnerability requires local access with limited privileges (PR:L) and publicly available exploit code exists, though EPSS scoring (0.04%, 12th percentile) indicates low real-world exploitation probability despite public disclosure.

Denial Of Service
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8225 LOW POC PATCH Monitor

Memory leak in GNU Binutils 2.44 DWARF section handler allows local authenticated users to consume memory resources, potentially leading to denial of service. The vulnerability exists in the process_debug_info function of binutils/dwarf.c and is triggered during DWARF debug information parsing. Publicly available exploit code exists, and a vendor patch has been released.

Information Disclosure Binutils
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8230 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /manage_user.php, with publicly available exploit code disclosed. Despite a critical classification, the CVSS 4.0 vector reflects low impact (confidentiality, integrity, availability all limited) and EPSS score of 0.06% suggests minimal real-world exploitation probability.

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8229 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the parameter 's' in /parcel_list.php, with publicly available exploit code disclosed. Despite a critical classification in the original report, the CVSS 4.0 score of 2.1 reflects limited confidentiality, integrity, and availability impact constrained by the requirement for prior authentication (PR:L) and absence of scope escalation; EPSS scoring of 0.06% indicates low real-world exploitation probability despite public POC availability.

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy