VYPR

Vendor CVEs

Code Projects

All CVEs

1,152 total · sorted by risk
  • CVE-2024-44812Oct 22, 2024
    risk 0.01cvss epss 0.01

    SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.

  • CVE-2023-4111Aug 3, 2023
    risk 0.01cvss epss 0.03

    A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be…

  • CVE-2022-38813Nov 25, 2022
    risk 0.01cvss epss 0.01

    PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.

  • CVE-2022-30514May 27, 2022
    risk 0.01cvss epss 0.03

    School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126.

  • CVE-2026-26713Mar 2, 2026
    risk 0.00cvss epss 0.00

    code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php.

  • CVE-2026-26712Mar 2, 2026
    risk 0.00cvss epss 0.00

    code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php.

  • CVE-2026-26695Mar 2, 2026
    risk 0.00cvss epss 0.00

    code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php.

  • CVE-2026-26696Mar 2, 2026
    risk 0.00cvss epss 0.00

    code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php.

  • CVE-2026-26709Mar 2, 2026
    risk 0.00cvss epss 0.00

    code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_search.php.

  • CVE-2026-26711Mar 2, 2026
    risk 0.00cvss epss 0.00

    code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php.

  • CVE-2026-26694Mar 2, 2026
    risk 0.00cvss epss 0.01

    code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php.

  • CVE-2026-26697Mar 2, 2026
    risk 0.00cvss epss 0.00

    code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=.

  • CVE-2026-26698Mar 2, 2026
    risk 0.00cvss epss 0.00

    code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php.

  • CVE-2026-26710Mar 2, 2026
    risk 0.00cvss epss 0.00

    code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php.

  • CVE-2025-70152Feb 18, 2026
    risk 0.00cvss epss 0.00

    code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters…

  • CVE-2025-70151Feb 18, 2026
    risk 0.00cvss epss 0.01

    code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints update_profile_picture.php and upload_picture.php store uploaded files in a web-accessible uploads/ directory using the…

  • CVE-2026-2176Feb 8, 2026
    risk 0.00cvss epss 0.00

    A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem[0] leads to sql injection. The attack can be executed remotely.

  • CVE-2026-2174Feb 8, 2026
    risk 0.00cvss epss 0.01

    A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely.

  • CVE-2025-69563Jan 27, 2026
    risk 0.00cvss epss 0.00

    code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExLogin.php via the Password parameter.

  • CVE-2025-69562Jan 27, 2026
    risk 0.00cvss epss 0.00

    code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter.

  • CVE-2025-69565Jan 27, 2026
    risk 0.00cvss epss 0.00

    code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php.

  • CVE-2025-69564Jan 27, 2026
    risk 0.00cvss epss 0.00

    code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirm_password, Role, Branch, and Activate parameters.

  • CVE-2025-63622Oct 29, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This manipulation of the argument category causes SQL injection.

  • CVE-2025-60308Oct 10, 2025
    risk 0.00cvss epss 0.00

    code-projects Simple Online Hotel Reservation System 1.0 has a Cross Site Scripting (XSS) vulnerability in the Add Room function of the online hotel reservation system. Malicious JavaScript code is entered in the Description field, which can leak the administrator's cookie…

  • CVE-2025-60306Oct 10, 2025
    risk 0.00cvss epss 0.00

    code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations.

  • CVE-2025-60302Oct 9, 2025
    risk 0.00cvss epss 0.00

    code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting (XSS). When adding customer information, the client details system fills in malicious JavaScript code in the username field.

  • CVE-2025-60304Oct 9, 2025
    risk 0.00cvss epss 0.00

    code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Subject Description field.

  • CVE-2025-56293Sep 16, 2025
    risk 0.00cvss epss 0.00

    code-projects Human Resource Integrated System 1.0 is vulnerable to Cross Site Scripting (XSS) in the Add Child Information section in the Childs Name field.

  • CVE-2025-56280Sep 16, 2025
    risk 0.00cvss epss 0.00

    code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the area where users submit reservation information.

  • CVE-2025-56276Sep 16, 2025
    risk 0.00cvss epss 0.00

    code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the registration function. An attacker enters malicious JavaScript code as a username, which triggers the XSS vulnerability when the admin views user information, resulting in the…

  • CVE-2025-56289Sep 16, 2025
    risk 0.00cvss epss 0.00

    code-projects Document Management System 1.0 has a Cross Site Scripting (XSS) vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field when adding files.

  • CVE-2025-50487Jul 28, 2025
    risk 0.00cvss epss 0.00

    Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack.

  • CVE-2025-6364Jun 20, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adduser-exec.php. The manipulation of the argument Username leads to sql injection. The attack can…

  • CVE-2025-6363Jun 20, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /adding-exec.php. The manipulation of the argument ingname leads to sql injection. It is possible to launch the attack…

  • CVE-2025-6362Jun 20, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in code-projects Simple Pizza Ordering System 1.0. This issue affects some unknown processing of the file /editpro.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated…

  • CVE-2025-6361Jun 20, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in code-projects Simple Pizza Ordering System 1.0. This vulnerability affects unknown code of the file /adds.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely.

  • CVE-2025-6352Jun 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible to launch the attack remotely. The…

  • CVE-2025-5674Jun 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file urinalysis_form.php. The manipulation of the argument urinalysis_id leads to sql injection. The attack may…

  • CVE-2025-5633Jun 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection.…

  • CVE-2025-5632Jun 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads…

  • CVE-2025-5631Jun 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. It is possible to…

  • CVE-2025-5627Jun 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /sputum_form.php. The manipulation of the argument itr_no leads to sql injection. The attack can be…

  • CVE-2025-46173May 27, 2025
    risk 0.00cvss epss 0.00

    code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) via the name field in the feedback form.

  • CVE-2025-4892May 18, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in code-projects Police Station Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function criminal::remove of the file source.cpp of the component Delete Record. The manipulation of the argument No leads to…

  • CVE-2025-4891May 18, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in code-projects Police Station Management System 1.0. It has been classified as critical. Affected is the function criminal::display of the file source.cpp of the component Display Record. The manipulation of the argument N leads to buffer overflow. It…

  • CVE-2025-4890May 18, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in code-projects Tourism Management System 1.0 and classified as critical. This issue affects the function LoginUser of the component Login User. The manipulation of the argument username/password leads to stack-based buffer overflow. Attacking locally…

  • CVE-2025-4889May 18, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in code-projects Tourism Management System 1.0 and classified as critical. This vulnerability affects the function AddUser of the component User Registration. The manipulation of the argument username/password leads to buffer overflow. Local access…

  • CVE-2025-4888May 18, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. This affects the function medicineType::take_order of the component Add Order Details. The manipulation leads to buffer overflow. An attack has to be approached locally.…

  • CVE-2025-4501May 10, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in code-projects Album Management System 1.0. This affects the function searchalbum of the component Search Albums. The manipulation leads to stack-based buffer overflow. Local access is required to approach this…

  • CVE-2025-4500May 10, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in code-projects Hotel Management System 1.0. Affected by this issue is the function Edit of the component Edit Room. The manipulation of the argument roomnumber leads to stack-based buffer overflow. An attack has…

Page 13 of 24