CNA 2025

VulDB is an officially certified CVE Numbering Authority (CNA) by MITRE and Authorized Data Publisher (ADP) by NIST NVD. We are authorized to handle new vulnerability submissions, assign unique CVEs and disclose them. CVE is an international program to discover vulnerabilities which are then assigned and published to the CVE list. Partners coordinate such CVE entries to communicate consistent descriptions. Information technology and cybersecurity professionals all around the world use CVE records to ensure they are discussing the same issues, and to coordinate their efforts to prioritize and address these properly.

Vendor

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

code-projects Point of Sales and Inventory Managem ...9
liujianview gymxmjpa7
code-projects Online Book Shop7
code-projects Online Shoe Store5
leiyuxi cy-fast4

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix5
Temporary Fix0
Workaround1
Unavailable0
Not Defined77

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept81
Unproven0
Not Defined2

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local4
Adjacent1
Network78

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High9
Low62
None12

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required12
None71

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤20
≤35
≤47
≤57
≤610
≤746
≤87
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k15
<2k53
<5k15
<10k0
<25k0
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilityScopeResponsibleSubmissionCreatedUpdatedCVESubmitCNA
291286liujianview gymxmjpa MenberConntroller.java MenberDaoInpl sql injectionVulDBVulDB01/02/202501/12/202501/13/2025CVE-2025-0410473426
accepted
291285liujianview gymxmjpa MembertypeController.java MembertypeDaoImpl sql injectionVulDBVulDB01/02/202501/12/202501/13/2025CVE-2025-0409473425
accepted
291284liujianview gymxmjpa LoosController.java LoosDaoImpl sql injectionVulDBVulDB01/02/202501/12/202501/13/2025CVE-2025-0408473423
accepted
291283liujianview gymxmjpa EquipmentController.java EquipmentDaoImpl sql injectionVulDBVulDB01/02/202501/12/202501/13/2025CVE-2025-0407473422
accepted
291282liujianview gymxmjpa SubjectController.java SubjectDaoImpl sql injectionVulDBVulDB01/02/202501/12/202501/13/2025CVE-2025-0406473417
accepted
291281liujianview gymxmjpa GoodsController.java GoodsDaoImpl sql injectionVulDBVulDB01/02/202501/12/202501/13/2025CVE-2025-0405473411
accepted
291280liujianview gymxmjpa CoachController.java CoachController sql injectionVulDBVulDB01/02/202501/12/202501/13/2025CVE-2025-0404473385
accepted
2912781902756969 reggie Phone Number Validation sendMsg information disclosureVulDBVulDB01/02/202501/12/202501/13/2025CVE-2025-0403473325
accepted
2912771902756969 reggie CommonController.java upload unrestricted uploadVulDBVulDB01/02/202501/12/202501/13/2025CVE-2025-0402473324
accepted
2912761902756969 reggie CommonController.java download path traversalVulDBVulDB01/02/202501/12/202501/13/2025CVE-2025-0401473322
accepted
291275StarSea99 starsea-mall update cross site scriptingVulDBVulDB01/02/202501/12/202501/13/2025CVE-2025-0400473321
accepted
291274StarSea99 starsea-mall uploadController.java UploadController unrestricted uploadVulDBVulDB01/02/202501/12/202501/13/2025CVE-2025-0399473319
accepted
291271longpi1 warehouse Backend updateInport cross site scriptingVulDBVulDB01/02/202501/11/202501/12/2025CVE-2025-0398473316
accepted
291270reckcn SPPanAdmin edit cross site scriptingVulDBVulDB01/02/202501/11/202501/12/2025CVE-2025-0397473287
accepted
291269exelban stats XPC Service shouldAcceptNewConnection command injectionVulDBVulDB01/01/202501/11/202501/12/2025CVE-2025-0396473229
accepted
291126Guangzhou Huayi Intelligent Technology Jeewms graphReportController.do datagridGraph sql injectionVulDBVulDB01/10/202501/11/2025CVE-2025-0392
 
accepted
291125Guangzhou Huayi Intelligent Technology Jeewms CgFormBuildController. java saveOrUpdate sql injectionVulDBVulDB01/10/202501/11/2025CVE-2025-0391
 
accepted
291124Guangzhou Huayi Intelligent Technology Jeewms wmOmNoticeHController.do path traversalVulDBVulDB01/10/202501/11/2025CVE-2025-0390
 
accepted
290862Tenda AC6 GetParentControlInfo stack-based overflowVulDBVulDB01/08/202501/08/202501/08/2025CVE-2025-0349477048
accepted
290861CampCodes DepEd Equipment Inventory System add_employee.php cross site scriptingVulDBVulDB01/08/202501/08/202501/08/2025CVE-2025-0348476908
accepted
290860code-projects Admission Management System Login index.php sql injectionVulDBVulDB01/08/202501/08/202501/08/2025CVE-2025-0347476898
accepted
290859code-projects Content Management System Publish News Page publishnews.php unrestricted uploadVulDBVulDB01/07/202501/08/202501/08/2025CVE-2025-0346476728
accepted
290858leiyuxi cy-fast listData sql injectionVulDBVulDB01/07/202501/08/202501/08/2025CVE-2025-0345475748
accepted
290857leiyuxi cy-fast listData sql injectionVulDBVulDB01/07/202501/08/202501/08/2025CVE-2025-0344475747
accepted
290829CampCodes Computer Laboratory Management System edit cross site scriptingVulDBVulDB01/08/202501/08/202501/08/2025CVE-2025-0342476897
accepted
290828CampCodes Computer Laboratory Management System edit unrestricted uploadVulDBVulDB01/08/202501/08/202501/08/2025CVE-2025-0341476884
accepted
290827code-projects Cinema Seat Reservation System deleteBooking.php sql injectionVulDBVulDB01/07/202501/08/202501/08/2025CVE-2025-0340476707
accepted
290826code-projects Online Bike Rental HTTP GET Request vehical-details.php cross site scriptingVulDBVulDB01/07/202501/08/202501/08/2025CVE-2025-0339475731
accepted
290823Codezips Project Management System teacher.php sql injectionVulDBVulDB01/06/202501/08/202501/08/2025CVE-2025-0336475493
accepted
290822code-projects Online Bike Rental System Change Image unrestricted uploadVulDBVulDB01/06/202501/08/202501/08/2025CVE-2025-0335475365
accepted
290821leiyuxi cy-fast listData sql injectionVulDBVulDB01/06/202501/08/202501/09/2025CVE-2025-0334475302
accepted
290820leiyuxi cy-fast listData sql injectionVulDBVulDB01/06/202501/08/202501/09/2025CVE-2025-0333475297
accepted
290819YunzMall HTTP POST Request ResetpwdController.php changePwd password recoveryVulDBVulDB12/29/202401/08/202501/09/2025CVE-2025-0331471663
accepted
290792KaiYuanTong ECT Platform HTTP POST Request runCode.php command injectionVulDBVulDB12/28/202401/08/202501/09/2025CVE-2025-0328470601
accepted
290450code-projects Online Book Shop subcat.php cross site scriptingVulDBVulDB01/06/202501/07/202501/07/2025CVE-2025-0301475287
accepted
290449code-projects Online Book Shop subcat.php sql injectionVulDBVulDB01/06/202501/07/202501/07/2025CVE-2025-0300475286
accepted
290448code-projects Online Book Shop search_result.php sql injectionVulDBVulDB01/06/202501/07/202501/07/2025CVE-2025-0299475285
accepted
290447code-projects Online Book Shop process_login.php sql injectionVulDBVulDB01/06/202501/07/202501/07/2025CVE-2025-0298475159
accepted
290446code-projects Online Book Shop detail.php sql injectionVulDBVulDB01/06/202501/07/202501/07/2025CVE-2025-0297475138
accepted
290445code-projects Online Book Shop booklist.php sql injectionVulDBVulDB01/06/202501/07/202501/07/2025CVE-2025-0296475135
accepted
290444code-projects Online Book Shop booklist.php cross site scriptingVulDBVulDB01/06/202501/07/202501/07/2025CVE-2025-0295475134
accepted
290443SourceCodester Home Clean Services Management System process.php sql injectionVulDBVulDB01/05/202501/07/202501/07/2025CVE-2025-0294475076
accepted
290229Codezips Project Management System course.php sql injectionVulDBVulDB01/04/202501/04/202501/11/2025CVE-2025-0233474673
accepted
290228Codezips Blood Bank Management System successadmin.php sql injectionVulDBVulDB01/04/202501/04/202501/11/2025CVE-2025-0232474597
accepted
290227Codezips Gym Management System submit_payments.php sql injectionVulDBVulDB01/04/202501/04/202501/11/2025CVE-2025-0231474596
accepted
290226code-projects Responsive Hotel Site print.php sql injectionVulDBVulDB01/04/202501/04/202501/11/2025CVE-2025-0230474581
accepted
290225code-projects Travel Management System enquiry.php sql injectionVulDBVulDB01/04/202501/04/202501/11/2025CVE-2025-0229474572
accepted
290218code-projects Local Storage Todo App index.html cross site scriptingVulDBVulDB01/02/202501/04/202501/11/2025CVE-2025-0228474049
accepted
290217Tsinghua Unigroup Electronic Archives System downLoad.html information disclosureVulDBVulDB01/03/202501/04/202501/05/2025CVE-2025-0227474266
accepted
290216Tsinghua Unigroup Electronic Archives System downLoad.html download information disclosureVulDBVulDB01/03/202501/04/202501/05/2025CVE-2025-0226474265
accepted
290215Tsinghua Unigroup Electronic Archives System exampleDownload.html path traversalVulDBVulDB01/03/202501/04/202501/05/2025CVE-2025-0225474264
accepted
290203Provision-ISR SH-4050A-2 server.js information disclosureVulDBVulDB12/20/202401/04/202501/05/2025CVE-2025-0224467085
accepted
290202IObit Protected Folder IOCTL IURegistryFilter.sys 0x8001E010 null pointer dereferenceVulDBVulDB12/20/202401/04/202501/05/2025CVE-2025-0223466963
accepted
290201IObit Protected Folder IOCTL IUProcessFilter.sys 0x8001E004 null pointer dereferenceVulDBVulDB12/20/202401/04/202501/05/2025CVE-2025-0222466956
accepted
290200IOBit Protected Folder IOCTL pffilter.sys 0x22200c null pointer dereferenceVulDBVulDB12/20/202401/04/202501/05/2025CVE-2025-0221466955
accepted
290199Trimble SPS851 Ethernet Configuration Menu cross site scriptingVulDBVulDB12/17/202401/04/202501/05/2025CVE-2025-0220464943
accepted
290198Trimble SPS851 Receiver Status Identity Tab cross site scriptingVulDBVulDB12/17/202401/04/202501/05/2025CVE-2025-0219464906
accepted
290159TMD Custom Header Menu index.php sql injectionVulDBVulDB01/03/202501/03/202501/04/2025CVE-2025-0214474299
accepted
290158Campcodes Project Management System update_forms.php unrestricted uploadVulDBVulDB01/03/202501/03/202501/11/2025CVE-2025-0213474200
accepted
290157Campcodes Student Grading System view_students.php sql injectionVulDBVulDB01/03/202501/03/202501/11/2025CVE-2025-0212474168
accepted
290156Campcodes School Faculty Scheduling System index.php file inclusionVulDBVulDB01/03/202501/03/202501/11/2025CVE-2025-0211474115
accepted
290155Campcodes School Faculty Scheduling System ajax.php sql injectionVulDBVulDB01/03/202501/03/202501/11/2025CVE-2025-0210474112
accepted
290145code-projects Online Shoe Store summary.php sql injectionVulDBVulDB01/02/202501/03/202501/11/2025CVE-2025-0208474038
accepted
290144code-projects Online Shoe Store login.php sql injectionVulDBVulDB01/02/202501/03/202501/11/2025CVE-2025-0207474035
accepted
290143code-projects Online Shoe Store index.php access controlVulDBVulDB01/02/202501/03/202501/04/2025CVE-2025-0206474033
accepted
290142code-projects Online Shoe Store details2.php sql injectionVulDBVulDB01/02/202501/03/202501/04/2025CVE-2025-0205474032
accepted
290141code-projects Online Shoe Store details.php sql injectionVulDBVulDB01/02/202501/03/202501/04/2025CVE-2025-0204474031
accepted
290140code-projects Student Management System DbFunction.php showSubject1 sql injectionVulDBVulDB01/02/202501/03/202501/04/2025CVE-2025-0203473410
accepted
290139TCS BaNCS REPORTS_SHOW_FILE.jsp file inclusionVulDBVulDB12/27/202401/03/202501/04/2025CVE-2025-0202469455
accepted
290138code-projects Point of Sales and Inventory Management System update_account.php sql injectionVulDBVulDB01/02/202501/03/202501/04/2025CVE-2025-0201473418
accepted
290137code-projects Point of Sales and Inventory Management System search_num.php sql injectionVulDBVulDB01/02/202501/03/202501/04/2025CVE-2025-0200473386
accepted
290136code-projects Point of Sales and Inventory Management System minus_cart.php sql injectionVulDBVulDB01/02/202501/03/202501/04/2025CVE-2025-0199473384
accepted
290135code-projects Point of Sales and Inventory Management System search_result.php sql injectionVulDBVulDB01/02/202501/03/202501/04/2025CVE-2025-0198473383
accepted
290134code-projects Point of Sales and Inventory Management System search.php sql injectionVulDBVulDB01/02/202501/03/202501/04/2025CVE-2025-0197473362
accepted
290133code-projects Point of Sales and Inventory Management System plist.php sql injectionVulDBVulDB01/02/202501/03/202501/03/2025CVE-2025-0196473350
accepted
290132code-projects Point of Sales and Inventory Management System del_product.php sql injectionVulDBVulDB01/02/202501/03/202501/03/2025CVE-2025-0195473349
accepted
290105code-projects Point of Sales and Inventory Management System add_cart.php sql injectionVulDBVulDB01/02/202501/02/202501/03/2025CVE-2025-0176473347
accepted
290104code-projects Online Shop view.php cross site scriptingVulDBVulDB01/02/202501/02/202501/03/2025CVE-2025-0175473333
accepted
290103code-projects Point of Sales and Inventory Management System Parameter search_result2.php sql injectionVulDBVulDB01/02/202501/02/202501/03/2025CVE-2025-0174473330
accepted
289940SourceCodester Online Eyewear Shop view_order.php sql injectionVulDBVulDB01/01/202501/02/202501/02/2025CVE-2025-0173473163
accepted
289939code-projects Chat System deleteroom.php sql injectionVulDBVulDB01/01/202501/02/202501/02/2025CVE-2025-0172473153
accepted
289938code-projects Chat System deleteuser.php sql injectionVulDBVulDB01/01/202501/02/202501/02/2025CVE-2025-0171473143
accepted
289917code-projects Job Recruitment _feedback_system.php sql injectionVulDBVulDB01/01/202501/01/202501/09/2025CVE-2025-0168473107
accepted

Might our Artificial Intelligence support you?

Check our Alexa App!