| CVE-2021-41858 | Rejected reason: This is unused. | No Score |
| CVE-2021-41857 | Rejected reason: This is unused. | No Score |
| CVE-2021-41856 | Rejected reason: This is unused. | No Score |
| CVE-2021-41855 | Rejected reason: This is unused. | No Score |
| CVE-2021-41854 | Rejected reason: This is unused. | No Score |
| CVE-2021-41853 | Rejected reason: This is unused. | No Score |
| CVE-2021-41852 | Rejected reason: This is unused. | No Score |
| CVE-2021-41851 | Rejected reason: This is unused. | No Score |
| CVE-2021-39810 | In verifyDefaults of CardEmulationManager.java, there is a possible way to set a third party app as the default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | high |
| CVE-2021-3885 | Rejected reason: This is unused. | No Score |
| CVE-2021-37405 | Rejected reason: This is unused. | No Score |
| CVE-2021-33167 | Rejected reason: This is unused. | No Score |
| CVE-2021-33165 | Rejected reason: This is unused. | No Score |
| CVE-2021-33163 | Rejected reason: This is unused. | No Score |
| CVE-2021-33160 | Rejected reason: This is unused. | No Score |
| CVE-2021-33156 | Rejected reason: This is unused. | No Score |
| CVE-2021-33154 | Rejected reason: This is unused. | No Score |
| CVE-2021-33153 | Rejected reason: This is unused. | No Score |
| CVE-2021-33152 | Rejected reason: This is unused. | No Score |
| CVE-2021-33151 | Rejected reason: This is unused. | No Score |
| CVE-2021-33148 | Rejected reason: This is unused. | No Score |
| CVE-2021-33144 | Rejected reason: This is unused. | No Score |
| CVE-2021-33143 | Rejected reason: This is unused. | No Score |
| CVE-2021-33140 | Rejected reason: This is unused. | No Score |
| CVE-2021-33138 | Rejected reason: This is unused. | No Score |
| CVE-2021-33136 | Rejected reason: This is unused. | No Score |
| CVE-2021-33134 | Rejected reason: This is unused. | No Score |
| CVE-2021-33133 | Rejected reason: This is unused. | No Score |
| CVE-2021-33132 | Rejected reason: This is unused. | No Score |
| CVE-2021-33131 | Rejected reason: This is unused. | No Score |
| CVE-2021-33127 | Rejected reason: This is unused. | No Score |
| CVE-2021-33125 | Rejected reason: This is unused. | No Score |
| CVE-2021-33121 | Rejected reason: This is unused. | No Score |
| CVE-2021-33116 | Rejected reason: This is unused. | No Score |
| CVE-2021-33112 | Rejected reason: This is unused. | No Score |
| CVE-2021-33111 | Rejected reason: This is unused. | No Score |
| CVE-2021-33109 | Rejected reason: This is unused. | No Score |
| CVE-2021-33102 | Rejected reason: This is unused. | No Score |
| CVE-2021-33100 | Rejected reason: This is unused. | No Score |
| CVE-2021-33099 | Rejected reason: This is unused. | No Score |
| CVE-2021-33085 | Rejected reason: This is unused. | No Score |
| CVE-2021-33084 | Rejected reason: This is unused. | No Score |
| CVE-2021-33072 | Rejected reason: This is unused. | No Score |
| CVE-2014-125127 | The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service (DoS) attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application needs it. An attacker can exploit this by sending requests with large payloads, causing excessive memory consumption and potentially exhausting available server memory, leading to application crashes or service unavailability. The vulnerability was fixed in v1.2 by implementing lazy loading of request bodies. | high |
| CVE-2025-9814 | A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | medium |
| CVE-2025-9811 | A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | medium |
| CVE-2025-9794 | A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the argument cash/firstname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. Other parameters might be affected as well. | medium |
| CVE-2025-9793 | A vulnerability was detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /setting/admin.php of the component Setting Handler. Performing manipulation of the argument ddlBranch results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. | medium |
| CVE-2025-9792 | A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /e_dashboard/e_all_info.php. Such manipulation of the argument mid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | medium |
| CVE-2025-9790 | A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an unknown part of the file /admin/updateabout.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | medium |
