) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2025-3231 - A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /aboutus.php. The manipulation of the argument pagetitle/pagedes leads to sql injection. The a... read CVE-2025-3231
Published: April 04, 2025; 5:15:17 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-3767 - A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be... read CVE-2024-3767
Published: April 15, 2024; 12:15:15 AM -0400V3.1: 8.8 HIGH
-
CVE-2025-3173 - A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the file /save_booking.php. The manipulation of the argument lawyer_id/description leads to sql ... read CVE-2025-3173
Published: April 03, 2025; 3:15:40 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2025-4331 - A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. This vulnerability affects unknown code of the file /Admin/login.php. The manipulation of the argument id/username/password leads to sql inject... read CVE-2025-4331
Published: May 06, 2025; 4:15:17 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2023-1061 - A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to... read CVE-2023-1061
Published: February 27, 2023; 7:15:11 AM -0500V3.1: 8.8 HIGH
-
CVE-2023-1059 - A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/i... read CVE-2023-1059
Published: February 27, 2023; 7:15:11 AM -0500V3.1: 8.8 HIGH
-
CVE-2025-4469 - A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/... read CVE-2025-4469
Published: May 09, 2025; 3:16:11 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2025-9738 - A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_tipo_ensino_cad.php. Executing manipulation of the argument nm_tipo can lead to cross site scripting. ... read CVE-2025-9738
Published: August 31, 2025; 1:15:37 PM -0400V3.1: 5.4 MEDIUM
-
CVE-2025-9760 - A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/Api/matricula of the component Matricula API. Executing manipulation can lead to improper authorization. It is possible to launch th... read CVE-2025-9760
Published: September 01, 2025; 1:15:41 AM -0400V3.1: 8.8 HIGH
-
CVE-2025-7868 - A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_calendario_dia_motivo_cad.php of the component Calendar Module. The manipulation of the argument Motivo/descricao ... read CVE-2025-7868
Published: July 20, 2025; 1:15:41 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2025-7867 - A vulnerability has been found in Portabilis i-Educar 2.9.0/2.10.0. This vulnerability affects unknown code of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novo_titulo/novo_descricao leads to cross... read CVE-2025-7867
Published: July 20, 2025; 1:15:41 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2025-0296 - A vulnerability was found in code-projects Online Book Shop 1.0. It has been classified as critical. This affects an unknown part of the file /booklist.php. The manipulation of the argument subcatid leads to sql injection. It is possible to initia... read CVE-2025-0296
Published: January 07, 2025; 10:15:12 AM -0500V3.1: 9.8 CRITICAL
-
CVE-2025-0295 - A vulnerability was found in code-projects Online Book Shop 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /booklist.php?subcatid=1. The manipulation of the argument subcatnm leads to cross site... read CVE-2025-0295
Published: January 07, 2025; 10:15:12 AM -0500V3.1: 5.4 MEDIUM
-
CVE-2024-6807 - A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST... read CVE-2024-6807
Published: July 17, 2024; 12:15:02 AM -0400V3.1: 3.4 LOW
-
CVE-2025-4191 - A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.php. The manipulation of the argument coursepg/y... read CVE-2025-4191
Published: May 01, 2025; 8:15:19 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-56436 - Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: January 07, 2025; 9:15:25 PM -0500V3.1: 7.5 HIGH
-
CVE-2024-56435 - Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: January 07, 2025; 9:15:25 PM -0500V3.1: 7.5 HIGH
-
CVE-2024-10628 - The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, ... read CVE-2024-10628
Published: January 26, 2025; 1:15:22 AM -0500 -
CVE-2024-56136 - Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticate... read CVE-2024-56136
Published: January 16, 2025; 3:15:33 PM -0500V3.1: 5.3 MEDIUM
-
CVE-2025-27149 - Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific... read CVE-2025-27149
Published: March 31, 2025; 12:15:23 PM -0400V3.1: 2.7 LOW