VYPR

Vendor CVEs

Angeljudesuarez

All CVEs

221 total · sorted by risk
  • CVE-2025-13061MedNov 12, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in itsourcecode Online Voting System 1.0. This impacts an unknown function of the file /index.php?page=manage_voting. Performing manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The exploit is now public…

  • CVE-2025-11597MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in code-projects E-Commerce Website 1.0. The impacted element is an unknown function of the file /pages/product_add_qty.php. The manipulation of the argument prod_id leads to sql injection. The attack is possible to be carried out remotely. The…

  • CVE-2025-11511MedOct 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/supplier_add.php. Executing manipulation of the argument supp_email can lead to sql injection. The attack may be launched remotely. The exploit has been published…

  • CVE-2025-11509MedOct 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/product_add.php. Performing manipulation of the argument prod_name results in sql injection. The attack may be initiated remotely. The exploit is now public…

  • CVE-2025-11090MedSep 28, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected is an unknown function of the file /admin/employee/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly…

  • CVE-2025-11088MedSep 28, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in itsourcecode Open Source Job Portal 1.0. Impacted is an unknown function of the file /admin/vacancy/index.php?view=edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2025-11078MedSep 27, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/controller.php?action=photos. The manipulation of the argument photo leads to unrestricted upload. The attack is possible…

  • CVE-2025-11054MedSep 27, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in itsourcecode Open Source Job Portal 1.0. This impacts an unknown function of the file /jobportal/admin/category/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely.…

  • CVE-2025-11041MedSep 26, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in itsourcecode Open Source Job Portal 1.0. Affected by this issue is some unknown functionality of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out…

  • CVE-2025-11038MedSep 26, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in itsourcecode Online Clinic Management System 1.0. Affected is an unknown function of the file /details.php?action=post. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has…

  • CVE-2025-10620MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in itsourcecode Online Clinic Management System 1.0. This vulnerability affects unknown code of the file /editp2.php. Executing manipulation of the argument id/firstname/lastname/type/age/address can lead to sql injection. The attack can be executed…

  • CVE-2025-10618MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in itsourcecode Online Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file transact.php. Such manipulation of the argument firstname leads to sql injection. The attack may be launched remotely.…

  • CVE-2025-10616MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in itsourcecode E-Commerce Website 1.0. Affected is an unknown function of the file /admin/users.php. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be…

  • CVE-2025-10615MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in itsourcecode E-Commerce Website 1.0. This impacts an unknown function of the file /admin/products.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit is publicly available and might be used.

  • CVE-2025-10197MedSep 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in HJSoft HCM Human Resources Management System up to 20250822. Affected by this vulnerability is an unknown functionality of the file /templates/attestation/../../selfservice/lawresource/downlawbase. Performing manipulation of the argument ID results…

  • CVE-2025-9840MedSep 2, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/gametype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed remotely. The exploit has…

  • CVE-2025-8135MedJul 25, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, has been found in itsourcecode Insurance Management System 1.0. This issue affects some unknown processing of the file /updateAgent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be…

  • CVE-2025-7905MedJul 20, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in itsourcecode Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /insertPayment.php. The manipulation of the argument recipt_no leads to sql injection. The attack can be initiated…

  • CVE-2025-7904MedJul 20, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, was found in itsourcecode Insurance Management System 1.0. This affects an unknown part of the file /insertNominee.php. The manipulation of the argument nominee_id leads to sql injection. It is possible to initiate the attack…

  • CVE-2025-7212MedJul 9, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in itsourcecode Insurance Management System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertAgent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be initiated…

  • CVE-2026-3487MedMar 3, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument course_code results in sql injection. The attack can be initiated remotely. The…

  • CVE-2026-3486MedMar 3, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no leads to sql injection. It is possible to launch the attack remotely. The exploit…

  • CVE-2026-3982MedMar 12, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_result.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack can be executed…

  • CVE-2026-3812MedMar 9, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in itsourcecode Payroll Management System 1.0. Affected is an unknown function of the file /manage_employee_allowances.php. This manipulation of the argument ID causes cross site scripting. The attack is possible to be carried out remotely. The…

  • CVE-2026-3412MedMar 2, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The manipulation of the argument dt results in cross site scripting. The attack can be executed remotely. The exploit is now public and…

  • CVE-2026-1135MedJan 19, 2026
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been…

  • CVE-2026-1134MedJan 19, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The manipulation of the argument detail leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly…

  • CVE-2025-12335MedOct 28, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_update.php. This manipulation of the argument supp_name/supp_address causes cross site scripting. The attack can be…

  • CVE-2025-12334MedOct 27, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument prod_name/prod_desc/prod_cost results in cross site scripting. It is possible to launch the attack remotely.…

  • CVE-2025-12333MedOct 27, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplier_add.php. The manipulation of the argument supp_name/supp_address leads to cross site scripting. It is possible to initiate the attack remotely.…

  • CVE-2025-11119MedSep 28, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in itsourcecode Hostel Management System 1.0. Impacted is an unknown function of the file /justines/index.php of the component POST Request Handler. Performing manipulation of the argument from results in cross site scripting. It is possible…

  • CVE-2026-1421LowJan 26, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknown function of the component Add Pages. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may…

  • CVE-2026-4474LowMar 20, 2026
    risk 0.16cvss 2.4epss 0.00

    A flaw has been found in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_single_student_update.php. This manipulation of the argument st_name causes cross site scripting. The attack may be initiated remotely. The exploit has been…

  • CVE-2026-4356LowMar 18, 2026
    risk 0.16cvss 2.4epss 0.00

    A flaw has been found in itsourcecode University Management System 1.0. Affected is an unknown function of the file /add_result.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack may be launched remotely. The exploit has been published…

  • CVE-2020-23935Aug 20, 2020
    risk 0.04cvss epss 0.16

    Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".

  • CVE-2026-26464Feb 23, 2026
    risk 0.00cvss epss 0.00

    Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the…

  • CVE-2026-2173Feb 8, 2026
    risk 0.00cvss epss 0.00

    A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely.

  • CVE-2025-65380Dec 2, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

  • CVE-2025-65379Dec 2, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

  • CVE-2025-40685Jul 29, 2025
    risk 0.00cvss epss 0.00

    Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php.

  • CVE-2025-40684Jul 29, 2025
    risk 0.00cvss epss 0.00

    Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/country.php.

  • CVE-2025-40682Jul 29, 2025
    risk 0.00cvss epss 0.00

    SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.

  • CVE-2025-4706May 15, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in projectworlds Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Procedure3b_yearwiseVisit.php. The manipulation of the argument Visit_year leads to sql injection. The attack can be…

  • CVE-2025-4058Apr 29, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of the file /Bloodgroop_process.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection. It is possible to initiate the attack…

  • CVE-2025-4034Apr 28, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /inser_doc_process.php. The manipulation of the argument Doc_ID leads to sql injection. The attack can be…

  • CVE-2025-3384Apr 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in 1000 Projects Human Resource Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /controller/employee.php. The manipulation of the argument email leads to sql injection. It is possible to launch the…

  • CVE-2025-2590Mar 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in code-projects Human Resource Management System 1.0.1. It has been classified as problematic. Affected is the function UpdateRecruitmentById of the file \handler\recruitment.go. The manipulation of the argument c leads to cross site scripting. It is…

  • CVE-2025-2589Mar 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument user_cookie leads to improper authorization. The exploit has been…

  • CVE-2024-13006Dec 29, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in 1000 Projects Human Resource Management System 1.0. This issue affects some unknown processing of the file /employeeview.php. The manipulation of the argument search leads to sql injection. The attack may be…

  • CVE-2024-12884Dec 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Codezips E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The…