code-projects 2

• CVE-2025-70151 - Scholars Tracking System 1.0: Authenticated Unrestricted File Upload Leads to Remote Code Execution Feb 19, 2026
• CVE-2025-70152 - Scholars Tracking System 1.0: Unauthenticated SQL Injection via /admin/save_user.php and /admin/update_user.php Feb 18, 2026