VulDB Recent Entries

A vulnerability was found in VMSMan up to 20250416. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Email with the input "><script>alert(1)</script> leads to cross site scripting. This vulnerability is handled as CVE-2025-4075. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/pass-bwdates-report.php. The manipulation of the argument fromdate/todate leads to sql injection. This vulnerability is known as CVE-2025-4074. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Student Record System 3.20. It has been classified as critical. Affected is an unknown function of the file /change-password.php. The manipulation of the argument currentpassword leads to sql injection. This vulnerability is traded as CVE-2025-4073. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-nurse.php. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-4072. The attack may be initiated remotely. Furthermore, there is an exploit available. Multiple parameters might be affected.

A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /test-details.php. The manipulation of the argument Status leads to sql injection. This vulnerability was named CVE-2025-4071. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4070. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-4069. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Simple Movie Ticket Booking System 1.0. Affected by this vulnerability is the function changeprize. The manipulation of the argument prize leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-4068. The attack needs to be approached locally. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-4067. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/addpackage.php. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2025-4066. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipulation leads to improper access controls. This vulnerability was named CVE-2025-4065. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/viewenquiry.php. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-4064. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Student Information Management System 1.0 and classified as critical. Affected by this issue is the function cancel. The manipulation of the argument first_name/last_name leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-4063. The attack needs to be approached locally. Furthermore, there is an exploit available.

A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Affected by this vulnerability is the function cancel. The manipulation of the argument cancelcustomername leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-4062. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Affected is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-4061. Attacking locally is a requirement. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /category.php. The manipulation of the argument catname leads to sql injection. The identification of this vulnerability is CVE-2025-4060. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Prison Management System 1.0. This vulnerability affects the function addrecord of the component Prison_Mgmt_Sys. The manipulation of the argument filename leads to stack-based buffer overflow. This vulnerability was named CVE-2025-4059. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of the file /Bloodgroop_process.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4058. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in GNU C Library up to 2.84.0 on Windows. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Command Line Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-4056. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in n8n-io n8n up to 1.89.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Attachments View Endpoint. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-46343. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.