VYPR

Vendor CVEs

Sourcecodester

All CVEs

1,696 total · sorted by risk
  • CVE-2025-63640Nov 7, 2025
    risk 0.00cvss epss 0.00

    Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Medicine Name" and "Notes (Optional)" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in…

  • CVE-2025-63638Nov 7, 2025
    risk 0.00cvss epss 0.00

    Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the…

  • CVE-2025-63717Nov 7, 2025
    risk 0.00cvss epss 0.00

    The change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie…

  • CVE-2025-63713Nov 7, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Scripting (XSS) vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize…

  • CVE-2025-63714Nov 7, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Scripting (XSS) vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to…

  • CVE-2025-63718Nov 7, 2025
    risk 0.00cvss epss 0.00

    A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands.

  • CVE-2025-63298Oct 30, 2025
    risk 0.00cvss epss 0.00

    A path traversal vulnerability was identified in SourceCodester Pet Grooming Management System 1.0, affecting the admin/manage_website.php component. An authenticated user with administrative privileges can leverage this flaw by submitting a specially crafted POST request,…

  • CVE-2025-60316Oct 9, 2025
    risk 0.00cvss epss 0.00

    SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/view_customer.php via the ID parameter.

  • CVE-2025-60318Oct 8, 2025
    risk 0.00cvss epss 0.00

    SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the fname (First Name) and lname (Last Name) fields.

  • CVE-2025-60312Oct 7, 2025
    risk 0.00cvss epss 0.00

    Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting (XSS) in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button.

  • CVE-2025-61087Oct 2, 2025
    risk 0.00cvss epss 0.00

    SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section.

  • CVE-2025-11051Sep 27, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack is possible to be carried out remotely.

  • CVE-2025-26258Sep 26, 2025
    risk 0.00cvss epss 0.00

    Sourcecodester Employee Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via 'Add Designation.'

  • CVE-2025-56608Sep 3, 2025
    risk 0.00cvss epss 0.00

    The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getInstance("MD5")` to hash credentials. MD5 is a broken cryptographic algorithm…

  • CVE-2025-57425Aug 26, 2025
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint.

  • CVE-2025-40729Jun 16, 2025
    risk 0.00cvss epss 0.00

    Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.

  • CVE-2025-40728Jun 16, 2025
    risk 0.00cvss epss 0.00

    SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve, create, update and delete databases via the id parameter in the /customer_support/manage_user.php endpoint.

  • CVE-2025-5840Jun 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is…

  • CVE-2025-5628Jun 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to…

  • CVE-2025-5376May 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Health Center Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /patient.php. The manipulation of the argument itr_no leads to sql injection.…

  • CVE-2025-5371May 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in SourceCodester Health Center Patient Record Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin.php. The manipulation of the argument Username leads to sql…

  • CVE-2025-5369May 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in SourceCodester PHP Display Username After Login 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely.…

  • CVE-2025-5299May 28, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Client Database Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /user_order_customer_update.php. The manipulation of the argument uploaded_file_cancelled leads to…

  • CVE-2025-5297May 28, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the function Add of the file main.c. The manipulation of the argument laptopcompany/RAM/Processor leads to stack-based buffer overflow. An attack has…

  • CVE-2025-5208May 26, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in SourceCodester Online Hospital Management System 1.0. This affects an unknown part of the file /admin/check_availability.php. The manipulation of the argument emailid leads to sql injection. It is possible to…

  • CVE-2025-5207May 26, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unknown functionality of the file /superadmin_update_profile.php. The manipulation of the argument nickname/email leads to…

  • CVE-2025-5002May 20, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_proposal_update_order.php. The manipulation of the argument order_id leads to sql injection. It is possible to…

  • CVE-2025-4935May 19, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/changePassword.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated…

  • CVE-2025-4924May 19, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /user_void_transaction.php. The manipulation of the argument order_id leads to sql injection. It is possible to…

  • CVE-2025-4923May 19, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_delivery_update.php. The manipulation of the argument uploaded_file_cancelled leads to…

  • CVE-2025-4909May 19, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has…

  • CVE-2025-4895May 18, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/delete-session.php. The manipulation of the argument ID leads to sql injection. The attack may be…

  • CVE-2025-4818May 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/delete-doctor.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql…

  • CVE-2025-4817May 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Sourcecodester Doctor's Appointment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete-appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to…

  • CVE-2025-4816May 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. It…

  • CVE-2025-4806May 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=back_order/view_bo. The manipulation of the argument ID leads to sql…

  • CVE-2025-4787May 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected is an unknown function of the file /admin/?page=sales/view_sale. The manipulation of the argument ID leads to sql injection. It is possible to launch the…

  • CVE-2025-4786May 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/?page=return/view_return. The manipulation of the argument ID leads to sql injection. The attack may be…

  • CVE-2025-4782May 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /sms/admin/?page=receiving/view_receiving&id=1. The manipulation of the argument ID leads to sql injection. The…

  • CVE-2025-4728May 15, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /search.php. The manipulation of the argument searchtitle leads to sql injection. It is possible to launch the attack…

  • CVE-2025-44185May 15, 2025
    risk 0.00cvss epss 0.00

    SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/change_pass.php via the password parameter.

  • CVE-2025-44184May 14, 2025
    risk 0.00cvss epss 0.00

    SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and address parameters.

  • CVE-2025-44186May 14, 2025
    risk 0.00cvss epss 0.00

    SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/Operation/User.php page.

  • CVE-2025-4504May 10, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Online College Library System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack…

  • CVE-2025-46193May 9, 2025
    risk 0.00cvss epss 0.01

    SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php.

  • CVE-2025-46192May 9, 2025
    risk 0.00cvss epss 0.00

    SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter.

  • CVE-2025-46188May 9, 2025
    risk 0.00cvss epss 0.01

    SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php.

  • CVE-2025-46190May 9, 2025
    risk 0.00cvss epss 0.00

    SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter.

  • CVE-2025-46191May 9, 2025
    risk 0.00cvss epss 0.01

    Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploaded_file_cancelled field. Due to the absence of proper file extension checks, MIME type validation, and…

  • CVE-2025-46189May 9, 2025
    risk 0.00cvss epss 0.00

    SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter.

Page 8 of 34