Common Vulnerabilities and Exposures (CVE)

CVE-2025-14664

Dec 14, 2025 14:32:06 UTC

A vulnerability was identified in Campcodes Supplier Management System 1.0. This issue affects some unknown processing of the file /admin/view_unit.php. The manipulation of the argument chkId[] leads to sql injection. Remote exploitation of...

CVE-2025-14663

Dec 14, 2025 14:02:08 UTC

A vulnerability was determined in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/update_student.php. Executing manipulation can lead to cross site scripting. The attack may be la...

CVE-2025-14662

Dec 14, 2025 13:32:06 UTC

A vulnerability was found in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php of the component Update User Page. Performing manipulation results in cross site scripting. The a...

CVE-2025-67896

Dec 14, 2025 13:10:26 UTC

Exim before 4.99.1 allows remote heap corruption that will be further described on 2025-12-18.

CVE-2025-14661

Dec 14, 2025 13:02:05 UTC

A vulnerability has been found in itsourcecode Student Managemen System 1.0. Affected by this issue is some unknown functionality of the file /advisers.php. Such manipulation of the argument sy leads to sql injection. The attack can be laun...

CVE-2025-14660

Dec 14, 2025 12:32:08 UTC

A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument...

CVE-2025-14659

Dec 14, 2025 11:32:07 UTC

A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch t...

CVE-2025-14656

Dec 14, 2025 11:02:07 UTC

A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be p...

CVE-2025-14655

Dec 14, 2025 10:32:08 UTC

A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing manipulation of the argument rebootTime result...

CVE-2025-14654

Dec 14, 2025 10:02:08 UTC

A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffe...

CVE-2025-14653

Dec 14, 2025 09:32:07 UTC

A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possib...

CVE-2025-14586

Dec 14, 2025 09:16:01 UTC

A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command...

CVE-2025-14652

Dec 14, 2025 09:02:06 UTC

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be ...

CVE-2025-14651

Dec 14, 2025 08:32:06 UTC

A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSION_SECRET leads to use of hard-coded cryptographic key . The a...

CVE-2025-14650

Dec 14, 2025 08:02:06 UTC

A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the argument Product can lead to sql injection. The attack can be launched remo...