carmelo CVE Vulnerabilities & Metrics

Focus on carmelo vulnerabilities and metrics.

Last updated: 21 Aug 2025, 22:25 UTC

About carmelo Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with carmelo. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total carmelo CVEs: 50
Earliest CVE date: 22 Feb 2024, 01:15 UTC
Latest CVE date: 03 Aug 2025, 02:15 UTC

Latest CVE reference: CVE-2025-8495

Rolling Stats

30-day Count (Rolling): 8
365-day Count (Rolling): 44

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -61.9%
Year Variation (Calendar): 633.33%

Month Growth Rate (30-day Rolling): -61.9%
Year Growth Rate (365-day Rolling): 633.33%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical carmelo CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.25

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	7
4.0-6.9	6
7.0-8.9	37
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS carmelo CVEs

These are the five CVEs with the highest CVSS scores for carmelo, sorted by severity first and recency.

CVE-2025-8495 carmelo Published on 03 Aug 2025, 02:15 UTC (CVSS: 7.5)
A vulnerability, which was classified as critical, was found in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /admin/edit_admin_query.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-8494 carmelo Published on 03 Aug 2025, 00:15 UTC (CVSS: 7.5)
A vulnerability, which was classified as critical, has been found in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /admin/delete_student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-8493 carmelo Published on 02 Aug 2025, 23:15 UTC (CVSS: 7.5)
A vulnerability classified as critical was found in code-projects Intern Membership Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_student_query.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-8339 carmelo Published on 31 Jul 2025, 01:15 UTC (CVSS: 7.5)
A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /student_login.php. The manipulation of the argument user_name/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-8166 carmelo Published on 25 Jul 2025, 19:15 UTC (CVSS: 7.5)
A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php of the component HTTP POST Request Handler. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

All CVEs for carmelo

CVE-2025-8495 carmelo vulnerability CVSS: 7.5 03 Aug 2025, 02:15 UTC

A vulnerability, which was classified as critical, was found in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /admin/edit_admin_query.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8494 carmelo vulnerability CVSS: 7.5 03 Aug 2025, 00:15 UTC

A vulnerability, which was classified as critical, has been found in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /admin/delete_student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8493 carmelo vulnerability CVSS: 7.5 02 Aug 2025, 23:15 UTC

A vulnerability classified as critical was found in code-projects Intern Membership Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_student_query.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8340 carmelo vulnerability CVSS: 5.0 31 Jul 2025, 01:15 UTC

A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file fill_details.php of the component Error Message Handler. The manipulation of the argument email leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8339 carmelo vulnerability CVSS: 7.5 31 Jul 2025, 01:15 UTC

A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /student_login.php. The manipulation of the argument user_name/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8167 carmelo vulnerability CVSS: 4.0 25 Jul 2025, 20:15 UTC

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_members.php. The manipulation of the argument fname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-8166 carmelo vulnerability CVSS: 7.5 25 Jul 2025, 19:15 UTC

A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php of the component HTTP POST Request Handler. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8165 carmelo vulnerability CVSS: 6.5 25 Jul 2025, 19:15 UTC

A vulnerability was found in code-projects Food Review System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/approve_reservation.php. The manipulation of the argument occasion leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8018 carmelo vulnerability CVSS: 6.5 22 Jul 2025, 15:15 UTC

A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/reservation_page.php. The manipulation of the argument reg_Id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-7931 carmelo vulnerability CVSS: 7.5 21 Jul 2025, 17:15 UTC

A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /members/admin_pic.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7930 carmelo vulnerability CVSS: 7.5 21 Jul 2025, 16:15 UTC

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /members/add_members.php. The manipulation of the argument mobile leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-7929 carmelo vulnerability CVSS: 7.5 21 Jul 2025, 16:15 UTC

A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /members/edit_Members.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-7928 carmelo vulnerability CVSS: 7.5 21 Jul 2025, 15:15 UTC

A vulnerability was found in code-projects Church Donation System 1.0 and classified as critical. This issue affects some unknown processing of the file /members/edit_user.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-7861 carmelo vulnerability CVSS: 7.5 20 Jul 2025, 01:15 UTC

A vulnerability, which was classified as critical, was found in code-projects Church Donation System 1.0. Affected is an unknown function of the file /members/search.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7860 carmelo vulnerability CVSS: 7.5 20 Jul 2025, 01:15 UTC

A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file /members/login_admin.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7859 carmelo vulnerability CVSS: 7.5 20 Jul 2025, 01:15 UTC

A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/update_password_admin.php. The manipulation of the argument new_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7833 carmelo vulnerability CVSS: 7.5 19 Jul 2025, 16:15 UTC

A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file /members/giving.php. The manipulation of the argument Amount leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7832 carmelo vulnerability CVSS: 7.5 19 Jul 2025, 16:15 UTC

A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/offering.php. The manipulation of the argument trcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7831 carmelo vulnerability CVSS: 7.5 19 Jul 2025, 15:15 UTC

A vulnerability classified as critical has been found in code-projects Church Donation System 1.0. This affects an unknown part of the file /members/Tithes.php. The manipulation of the argument trcode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7830 carmelo vulnerability CVSS: 7.5 19 Jul 2025, 15:15 UTC

A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /reg.php. The manipulation of the argument mobile leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-7829 carmelo vulnerability CVSS: 7.5 19 Jul 2025, 14:15 UTC

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7814 carmelo vulnerability CVSS: 7.5 18 Jul 2025, 22:15 UTC

A vulnerability classified as critical was found in code-projects Food Ordering Review System 1.0. This vulnerability affects unknown code of the file /pages/signup_function.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-7181 carmelo vulnerability CVSS: 6.5 08 Jul 2025, 14:15 UTC

A vulnerability, which was classified as critical, was found in code-projects Staff Audit System 1.0. Affected is an unknown function of the file /test.php. The manipulation of the argument uploadedfile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7180 carmelo vulnerability CVSS: 7.5 08 Jul 2025, 14:15 UTC

A vulnerability, which was classified as critical, has been found in code-projects Staff Audit System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument User leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6938 carmelo vulnerability CVSS: 7.5 01 Jul 2025, 02:15 UTC

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editcus.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6937 carmelo vulnerability CVSS: 7.5 01 Jul 2025, 01:15 UTC

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /large.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6936 carmelo vulnerability CVSS: 7.5 01 Jul 2025, 00:15 UTC

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /addpro.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6890 carmelo vulnerability CVSS: 6.5 30 Jun 2025, 06:15 UTC

A vulnerability was found in code-projects Movie Ticketing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ticketConfirmation.php. The manipulation of the argument Date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6889 carmelo vulnerability CVSS: 7.5 30 Jun 2025, 06:15 UTC

A vulnerability was found in code-projects Movie Ticketing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /logIn.php. The manipulation of the argument postName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6483 carmelo vulnerability CVSS: 7.5 22 Jun 2025, 16:15 UTC

A vulnerability has been found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edituser.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6482 carmelo vulnerability CVSS: 7.5 22 Jun 2025, 16:15 UTC

A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /edituser-exec.php. The manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6481 carmelo vulnerability CVSS: 7.5 22 Jun 2025, 15:15 UTC

A vulnerability, which was classified as critical, has been found in code-projects Simple Pizza Ordering System 1.0. This issue affects some unknown processing of the file /update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6480 carmelo vulnerability CVSS: 7.5 22 Jun 2025, 15:15 UTC

A vulnerability classified as critical was found in code-projects Simple Pizza Ordering System 1.0. This vulnerability affects unknown code of the file /addcatexec.php. The manipulation of the argument textfield leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6479 carmelo vulnerability CVSS: 7.5 22 Jun 2025, 14:15 UTC

A vulnerability classified as critical has been found in code-projects Simple Pizza Ordering System 1.0. This affects an unknown part of the file /salesreport.php. The manipulation of the argument dayfrom leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6364 carmelo vulnerability CVSS: 7.5 20 Jun 2025, 21:15 UTC

A vulnerability has been found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adduser-exec.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely.

CVE-2025-6363 carmelo vulnerability CVSS: 7.5 20 Jun 2025, 20:15 UTC

A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /adding-exec.php. The manipulation of the argument ingname leads to sql injection. It is possible to launch the attack remotely.

CVE-2025-6362 carmelo vulnerability CVSS: 7.5 20 Jun 2025, 20:15 UTC

A vulnerability, which was classified as critical, has been found in code-projects Simple Pizza Ordering System 1.0. This issue affects some unknown processing of the file /editpro.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely.

CVE-2025-6361 carmelo vulnerability CVSS: 7.5 20 Jun 2025, 20:15 UTC

A vulnerability classified as critical was found in code-projects Simple Pizza Ordering System 1.0. This vulnerability affects unknown code of the file /adds.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely.

CVE-2025-6360 carmelo vulnerability CVSS: 7.5 20 Jun 2025, 19:15 UTC

A vulnerability classified as critical has been found in code-projects Simple Pizza Ordering System 1.0. This affects an unknown part of the file /portal.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6359 carmelo vulnerability CVSS: 7.5 20 Jun 2025, 19:15 UTC

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cashconfirm.php. The manipulation of the argument transactioncode leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6358 carmelo vulnerability CVSS: 7.5 20 Jun 2025, 18:15 UTC

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /saveorder.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6357 carmelo vulnerability CVSS: 7.5 20 Jun 2025, 18:15 UTC

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /paymentportal.php. The manipulation of the argument person leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6356 carmelo vulnerability CVSS: 7.5 20 Jun 2025, 18:15 UTC

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /addmem.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-25914 carmelo vulnerability CVSS: 0 17 Mar 2025, 20:15 UTC

SQL injection vulnerability in Online Exam Mastering System v.1.0 allows a remote attacker to execute arbitrary code via the fid parameter

CVE-2024-28279 carmelo vulnerability CVSS: 0 14 May 2024, 15:14 UTC

Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=.

CVE-2024-25250 carmelo vulnerability CVSS: 0 13 Mar 2024, 21:15 UTC

SQL Injection vulnerability in code-projects Agro-School Management System 1.0 allows attackers to run arbitrary code via the Login page.

CVE-2024-24105 carmelo vulnerability CVSS: 0 13 Mar 2024, 21:15 UTC

SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php.

CVE-2024-24100 carmelo vulnerability CVSS: 0 27 Feb 2024, 02:15 UTC

Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID.

CVE-2024-24096 carmelo vulnerability CVSS: 0 27 Feb 2024, 02:15 UTC

Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN.

CVE-2024-25251 carmelo vulnerability CVSS: 0 22 Feb 2024, 01:15 UTC

code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control.