|
281
|
- |
|
-
|
-
|
An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames.
Update
|
-
|
CVE-2026-31280
|
2026-04-18 00:33 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem_name POST parameter.
Update
|
CWE-89
SQL Injection
|
CVE-2025-63939
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283
|
6.1 |
MEDIUM
Network
|
-
|
-
|
alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which allows an attacker to inject and execute arbitrary JavaScript via the room_id GE…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-65132
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affec…
Update
|
CWE-89
SQL Injection
|
CVE-2025-65133
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285
|
- |
|
-
|
-
|
In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter.
Update
|
-
|
CVE-2025-65134
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286
|
9.8 |
CRITICAL
Network
|
-
|
-
|
In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter.
Update
|
CWE-89
SQL Injection
|
CVE-2025-65135
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287
|
6.1 |
MEDIUM
Network
|
-
|
-
|
In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-65136
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288
|
9.9 |
CRITICAL
Network
|
-
|
-
|
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file.
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-38526
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289
|
8.5 |
HIGH
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-38527
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290
|
7.1 |
HIGH
Network
|
-
|
-
|
Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-38528
|
2026-04-18 00:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
