dewcode91/security-research

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-65380 ↗	Dec 2, 2025Tuesday, 2 December 2025, 21:15	6.5 MEDIUM	—
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.
CVE-2025-65379 ↗	Dec 2, 2025Tuesday, 2 December 2025, 20:15	6.5 MEDIUM	—
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query.
CVE-2025-56467 ↗	Sep 12, 2025Friday, 12 September 2025, 17:15	6.5 MEDIUM	—
An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's perspective is that this is an intended feature and "does not reveal much sensitive information."
CVE-2025-56466 ↗	Sep 10, 2025Wednesday, 10 September 2025, 15:15	7.5 HIGH	—
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information.