Skip to main content
CVE-2025-14673 MEDIUM POC This Month

A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7_rs::client::S7Client::as_ct_write of the file /tests/snap7-rs/src/client.rs. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow Snap7 Rs
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14672 MEDIUM POC This Month

A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts the function TSnap7MicroClient::opWriteArea of the file s7_micro_client.cpp. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

Buffer Overflow Snap7 Rs
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14646 MEDIUM POC This Month

A security flaw has been discovered in code-projects Student File Management System 1.0. This impacts an unknown function of the file /admin/delete_student.php. The manipulation of the argument stud_id results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited.

PHP SQLi Student File Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14645 MEDIUM POC This Month

A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown function of the file /admin/delete_user.php. The manipulation of the argument user_id leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

PHP SQLi Student File Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14640 MEDIUM POC This Month

A flaw has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /admin/save_student.php. Executing manipulation of the argument stud_no can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.

PHP SQLi Student File Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14668 MEDIUM POC This Month

A vulnerability was detected in campcodes Advanced Online Examination System 1.0. This affects an unknown function of the file /query/loginExe.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

PHP SQLi Advanced Online Examination System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14667 MEDIUM POC This Month

A security vulnerability has been detected in itsourcecode COVID Tracking System 1.0. The impacted element is an unknown function of the file /admin/?page=system_info. Such manipulation of the argument meta_value leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

SQLi Covid Tracking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14666 MEDIUM POC This Month

A weakness has been identified in itsourcecode COVID Tracking System 1.0. The affected element is an unknown function of the file /admin/?page=user. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.

SQLi Covid Tracking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14664 MEDIUM POC This Month

A vulnerability was identified in Campcodes Supplier Management System 1.0. This issue affects some unknown processing of the file /admin/view_unit.php. The manipulation of the argument chkId[] leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

PHP SQLi Supplier Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14661 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Student Managemen System 1.0. Affected by this issue is some unknown functionality of the file /advisers.php. Such manipulation of the argument sy leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14653 MEDIUM POC This Month

A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14652 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

PHP SQLi Online Cake Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14650 MEDIUM POC This Month

A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the argument Product can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.

PHP SQLi Online Cake Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14649 MEDIUM POC This Month

A vulnerability was detected in itsourcecode Online Cake Ordering System 1.0. Affected by this issue is some unknown functionality of the file /cakeshop/supplier.php. Performing manipulation of the argument supplier results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.

PHP SQLi Online Cake Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14647 MEDIUM POC This Month

A weakness has been identified in code-projects Computer Book Store 1.0. Affected is an unknown function of the file /admin_delete.php. This manipulation of the argument bookisbn causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.

PHP SQLi Computer Book Store
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14644 MEDIUM POC This Month

A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /update_subject.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14643 MEDIUM POC This Month

A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

PHP SQLi Simple Attendance Record System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14639 MEDIUM POC This Month

A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14638 MEDIUM POC This Month

A security vulnerability has been detected in itsourcecode Online Pet Shop Management System 1.0. This issue affects some unknown processing of the file /pet1/update_cnp.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi Online Pet Shop Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14691 LOW POC PATCH Monitor

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."

XSS Mayan Edms
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-14648 LOW POC Monitor

Command injection in DedeBIZ up to version 6.5.9 allows authenticated high-privilege administrators to execute arbitrary system commands via the /src/admin/catalog_add.php endpoint. The vulnerability requires high-privilege authentication (PR:H in CVSS v4.0) and has publicly available exploit code, but real-world risk is constrained by the authentication requirement and limited scope of impact (CVSS 2.0, EPSS 0.28%).

PHP Command Injection Dedebiz
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.3%
CVE-2025-14642 LOW POC Monitor

Unrestricted file upload in Computer Laboratory System 1.0 via the technical_staff_pic.php file allows high-privilege users to upload arbitrary files to the server. The vulnerability requires administrator-level access (PR:H) and affects confidentiality, integrity, and availability with low impact scope. Publicly available exploit code exists; however, the EPSS score of 0.07% (21st percentile) and high-privilege requirement significantly limit real-world exploitation risk compared to the CVSS 2.0 baseline.

PHP Authentication Bypass File Upload Computer Laboratory System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-14641 LOW POC Monitor

Unrestricted file upload in Computer Laboratory System 1.0 via the admin_pic.php image parameter allows high-privilege authenticated users to upload arbitrary files remotely, with publicly available proof-of-concept code demonstrating exploitation. Despite the CVSS 2.0 score reflecting the high authentication barrier (PR:H), the vulnerability enables attackers with admin credentials to bypass upload restrictions and potentially establish persistence or execute malicious code on the server.

PHP Authentication Bypass File Upload Computer Laboratory System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-14663 LOW POC Monitor

Cross-site scripting (XSS) in code-projects Student File Management System 1.0 allows high-privilege users to inject malicious scripts via the /admin/update_student.php endpoint, requiring user interaction to execute. The vulnerability has low real-world impact (CVSS 1.9, EPSS 0.06%) despite publicly available exploit code, as it demands high administrative privileges and user action; however, the low exploitation threshold (EPSS percentile 18%) indicates this is not a widespread threat.

PHP XSS Student File Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2025-14662 LOW POC Monitor

Cross-site scripting vulnerability in code-projects Student File Management System 1.0 allows high-privilege authenticated users to inject malicious scripts via the Update User Page at /admin/update_user.php, requiring user interaction to trigger. The exploit is publicly available and rated CVSS 1.9 due to restrictive privilege and UI requirements, though EPSS score of 0.05% indicates minimal real-world exploitation risk.

PHP XSS Student File Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-14660 LOW Monitor

Improper access controls in DecoCMS Mesh up to 1.0.0-alpha.31 allow remote attackers to manipulate the domain argument in the createTool function of the Workspace Domain Handler, resulting in unauthorized information disclosure. The vulnerability requires high attack complexity and has published exploit code available, though real-world exploitation appears difficult. CVSS score of 2.9 reflects low severity with limited confidentiality impact, while EPSS scoring at 25th percentile suggests minimal real-world exploitation probability.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-14651 LOW Monitor

MartialBE one-hub up to version 0.14.27 uses a hard-coded cryptographic key in the SESSION_SECRET environment variable of its default docker-compose.yml configuration, allowing remote attackers to potentially decrypt or forge session tokens with high attack complexity. The vulnerability requires non-standard deployment configurations and affects confidentiality rather than integrity or availability. Exploit code has been disclosed publicly, though active exploitation remains unconfirmed by CISA, and the vendor explicitly recommends against using the default Docker Compose example in production environments.

Docker Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy