Skip to main content
CVE-2025-15186 MEDIUM POC This Month

A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-15181 MEDIUM POC This Month

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-15208 MEDIUM POC This Month

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15207 MEDIUM POC This Month

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/view_products.php. The manipulation of the argument chkId[] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Supplier Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15206 MEDIUM POC This Month

A flaw has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /admin/add_area.php. Executing a manipulation of the argument txtAreaCode can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.

PHP SQLi Supplier Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15198 MEDIUM POC This Month

A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing a manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

PHP SQLi College Notes Uploading System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15168 MEDIUM POC This Month

A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15185 MEDIUM POC This Month

A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the argument a causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15167 MEDIUM POC This Month

A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Online Cake Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15166 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

PHP SQLi Online Cake Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15165 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Cake Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15196 MEDIUM POC This Month

A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

PHP SQLi Assessment Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15195 MEDIUM POC This Month

A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Assessment Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15070 MEDIUM This Month

Sensitive information disclosure in Gmission Web Fax 3.0 (before 3.0.1) enables a locally authenticated low-privileged user to access protected fax data without proper authorization. The root cause is missing authorization checks (CWE-200) that can be abused by an authenticated local actor to read confidential information beyond their intended access scope. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Information Disclosure Web Fax
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-68607 MEDIUM This Month

Stored cross-site scripting (XSS) in WordPress Custom Field Template plugin through version 2.7.7 allows authenticated users to inject malicious scripts that execute in the browsers of other users who view affected content, potentially compromising site security and user data. The vulnerability has an EPSS score of 0.04% (14th percentile), indicating low real-world exploitation probability despite the high-impact nature of stored XSS on WordPress sites.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68504 MEDIUM This Month

DOM-based cross-site scripting (XSS) in Crocoblock JetSearch WordPress plugin through version 3.5.16 allows attackers to inject malicious scripts into the search interface that execute in users' browsers. The vulnerability affects the plugin's web page generation when processing search input, enabling attackers to steal session tokens, redirect users, or perform actions on behalf of authenticated users without requiring authentication themselves. No CVSS score was available at analysis time, but the low EPSS score (0.04%, 14th percentile) suggests limited real-world exploitation likelihood despite the XSS vector.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68868 MEDIUM This Month

Stored cross-site scripting (XSS) in codeaffairs Wp Text Slider Widget plugin for WordPress versions 1.0 and earlier enables authenticated attackers to inject malicious scripts that execute in the browsers of site administrators and other users. The vulnerability arises from improper input sanitization during widget configuration, allowing persistent code injection through the plugin's admin interface.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68503 MEDIUM This Month

Missing authorization in Crocoblock JetBlog plugin versions up to 2.4.7 allows unauthenticated attackers to exploit incorrectly configured access control, potentially bypassing intended security restrictions on blog content and administrative functions. The vulnerability stems from broken access control mechanisms that fail to properly validate user permissions before granting access to sensitive operations, with an EPSS score of 0.04% indicating low real-world exploitation probability despite the authorization defect.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15184 MEDIUM This Month

A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15182 MEDIUM This Month

A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15183 MEDIUM This Month

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tfid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-68893 MEDIUM This Month

Server-Side Request Forgery (SSRF) in WordPress Image Shrinker plugin versions up to 1.1.0 enables unauthenticated remote attackers to forge requests from the affected server to internal or external resources, potentially exposing sensitive data or enabling lateral movement within network infrastructure. The vulnerability has extremely low exploitation probability (EPSS 0.04th percentile) and no public exploit code identified, suggesting limited real-world threat despite the technical severity of SSRF vulnerabilities.

WordPress SSRF
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-68502 MEDIUM This Month

Authorization Bypass in Crocoblock JetPopup WordPress plugin through version 2.0.20.1 allows attackers to exploit incorrectly configured access control security levels via user-controlled keys, enabling unauthorized access to protected popup content and functionality. EPSS score of 0.04% indicates low exploitation probability despite the authorization flaw; no public exploit code or active exploitation has been identified.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy