|
291
|
6.1 |
MEDIUM
Network
|
-
|
-
|
alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which allows an attacker to inject and execute arbitrary JavaScript via the room_id GE…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-65132
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affec…
Update
|
CWE-89
SQL Injection
|
CVE-2025-65133
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293
|
- |
|
-
|
-
|
In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter.
Update
|
-
|
CVE-2025-65134
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294
|
9.8 |
CRITICAL
Network
|
-
|
-
|
In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter.
Update
|
CWE-89
SQL Injection
|
CVE-2025-65135
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295
|
6.1 |
MEDIUM
Network
|
-
|
-
|
In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-65136
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296
|
9.9 |
CRITICAL
Network
|
-
|
-
|
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file.
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-38526
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297
|
8.5 |
HIGH
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-38527
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298
|
7.1 |
HIGH
Network
|
-
|
-
|
Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-38528
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299
|
2.7 |
LOW
Network
|
-
|
-
|
SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-37590
|
2026-04-18 00:32 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300
|
2.7 |
LOW
Network
|
-
|
-
|
Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-37591
|
2026-04-18 00:32 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
