TEhS411/cve

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-1135 ↗	Jan 19, 2026Monday, 19 January 2026, 04:15	4.3 MEDIUM	5 MEDIUM
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-1134 ↗	Jan 19, 2026Monday, 19 January 2026, 04:15	4.3 MEDIUM	5 MEDIUM
A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The manipulation of the argument detail leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVE-2025-4507 ↗	May 10, 2025Saturday, 10 May 2025, 17:15	7.3 HIGH	7.5 HIGH
A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/add-item.php. The manipulation of the argument price leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4506 ↗	May 10, 2025Saturday, 10 May 2025, 16:15	7.3 HIGH	7.5 HIGH
A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/menu-router.php. The manipulation of the argument 1_price leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4465 ↗	May 9, 2025Friday, 9 May 2025, 06:15	7.3 HIGH	7.5 HIGH
A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_schedule. The manipulation of the argument member_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4466 ↗	May 9, 2025Friday, 9 May 2025, 06:15	7.3 HIGH	7.5 HIGH
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=save_payment. The manipulation of the argument registration_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.