A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument store_id leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

CVE Database V5

Detailed information about CVE-2025-15213: Improper Authorization in code-projects Student File Management System affecting code-projects Student File Managemen

CVE-2025-15213: Improper Authorization in code-projects Student File Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-15213: Improper Authorization in code-projects Student File Management System

A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Detailed information about CVE-2025-15212: SQL Injection in code-projects Refugee Food Management System affecting code-projects Refugee Food Management System.

CVE-2025-15212: SQL Injection in code-projects Refugee Food Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-15212: SQL Injection in code-projects Refugee Food Management System

A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationality_nid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.

Detailed information about CVE-2025-15211: SQL Injection in code-projects Refugee Food Management System affecting code-projects Refugee Food Management System.

CVE-2025-15211: SQL Injection in code-projects Refugee Food Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-15211: SQL Injection in code-projects Refugee Food Management System

ThreatFox MISP Feed

Unknown malware botnet C2 (confidence level: 100%)

Unknown malware botnet C2 server (confidence level: 100%)

Unknown malware payload delivery URL (confidence level: 90%)

Unknown malware payload delivery URL (confidence level: 75%)

AsyncRAT botnet C2 domain (confidence level: 50%)

AsyncRAT botnet C2 domain (confidence level: 100%)

DCRat botnet C2 domain (confidence level: 100%)

Mirai botnet C2 server (confidence level: 80%)

Quasar RAT botnet C2 domain (confidence level: 100%)

Stealc botnet C2 server (confidence level: 100%)

Cobalt Strike botnet C2 server (confidence level: 100%)

Sliver botnet C2 server (confidence level: 90%)

AsyncRAT botnet C2 server (confidence level: 100%)

Hook botnet C2 server (confidence level: 100%)

Venom RAT botnet C2 server (confidence level: 100%)

FatalRat botnet C2 server (confidence level: 100%)

Remcos botnet C2 server (confidence level: 100%)

Sliver botnet C2 server (confidence level: 100%)

DCRat botnet C2 server (confidence level: 100%)

MimiKatz botnet C2 server (confidence level: 100%)

Empire Downloader botnet C2 server (confidence level: 100%)

Lumma Stealer botnet C2 (confidence level: 75%)

ClearFake payload delivery domain (confidence level: 100%)

Unknown malware payload delivery URL (confidence level: 50%)

Detailed information about ThreatFox IOCs for 2025-12-29. Get real-time updates, technical details, and mitigation strategies.

ThreatFox IOCs for 2025-12-29 - Live Threat Intelligence - Threat Radar | OffSeq.com

ThreatFox IOCs for 2025-12-29

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kemal YAZICI Product Puller allows Reflected XSS.This issue affects Product Puller: from n/a through 1.5.1.

Detailed information about CVE-2025-23550: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Kemal YAZICI Product P

CVE-2025-23550: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Kemal YAZICI Product Puller - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-23550: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Kemal YAZICI Product Puller

An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component

Detailed information about CVE-2025-56333: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-56333: n/a

CVE-2025-56333: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-15213: Improper Authorization in code-projects Student File Management System

CVE-2025-15212: SQL Injection in code-projects Refugee Food Management System

CVE-2025-15211: SQL Injection in code-projects Refugee Food Management System

CVE-2025-23550: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Kemal YAZICI Product Puller

CVE-2025-23554: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jakub Glos Off Page SEO

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility