rsecroot

6 exploits Active since Dec 2025
CVE-2026-0730 GITHUB LOW
PHPGurukul Staff Leave Management System 1.0 - Cross-Site Scripting via Profile Pic Argument
A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADD_STAFF/UPDATE_STAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profile_pic can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used.
1 stars
CVSS 2.4
CVE-2026-1550 GITHUB MEDIUM
PHPGurukul Hospital Management System 1.0 - Incorrect Privilege Assignment in Admin Dashboard Page
A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
1 stars
CVSS 6.3
CVE-2026-1424 GITHUB MEDIUM
PHPGurukul News Portal 1.0 - Unrestricted File Upload in Profile Pic Handler
A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
1 stars
CVSS 4.7
CVE-2026-0547 GITHUB MEDIUM
Online Course Registration < 3.1 - Unrestricted File Upload via Student Registration Page
A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used.
CVSS 6.3
CVE-2025-15406 GITHUB MEDIUM
PHPGurukul Online Course Registration < 3.1 - Missing Authorization
A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVSS 6.3
CVE-2025-15390 GITHUB MEDIUM
PHPGurukul Small CRM < 4.0 - Missing Authorization in /admin/edit-user.php
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVSS 6.3