EUVD-2022-37532

Malicious code in bioql PyPI...

CVE-2025-59746 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'm' parameter in '/lib/asp/alert.asp'...

PT-2025-40364

Name of the Vulnerable Software and Affected Versions AndSoft's e-TMS version 25.03 Description A path traversal issue exists in AndSoft's e-TMS version 25.03. This allows an attacker to access files within the web root. The issue is related to the docurl parameter in the...

CVE-2025-10345

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'...

CVE-2025-11055

A vulnerability was detected in SourceCodester Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/updateaddress.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit is now public and may be us...

CVE-2025-11055

A vulnerability was detected in SourceCodester Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/updateaddress.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit is now public and may be us...

CVE-2025-11055 SourceCodester Online Hotel Reservation System updateaddress.php sql injection

A vulnerability was detected in SourceCodester Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/updateaddress.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit is now public and may be us...

CVE-2025-11055

CVE-2025-11055 affects SourceCodester Online Hotel Reservation System 1.0. The vulnerability is in the file /admin/updateaddress.php, where manipulation of the address parameter leads to a SQL injection. Exploitation can be performed remotely, and public exploits are noted in the sources. Several...

SourceCodester Online Hotel Reservation System SQL注入漏洞

SourceCodester Online Hotel Reservation System is a SourceCodester open source online hotel system. A SQL injection vulnerability exists in SourceCodester Online Hotel Reservation System version 1.0, which originates from the incorrect operation of the parameter address in the file...

CVE-2025-10962

A vulnerability was identified in Wavlink NU516U1 M16U1V240425. This impacts the function sub403198 of the file /cgi-bin/wireless.cgi of the component SetName Page. The manipulation of the argument mac5g leads to command injection. It is possible to initiate the attack remotely. The exploit is...

CVE-2025-10962

A vulnerability was identified in Wavlink NU516U1 M16U1V240425. This impacts the function sub403198 of the file /cgi-bin/wireless.cgi of the component SetName Page. The manipulation of the argument mac5g leads to command injection. It is possible to initiate the attack remotely. The exploit is...

WAVLINK WL-NU516U1 安全漏洞

WAVLINK WL-NU516U1 is a wireless print server from China Ruiyin WAVLINK. A security vulnerability exists in the Wavlink WL-NU516U1 version 240425, which originates from the incorrect operation of the parameter ipaddr in the file /cgi-bin/login.cgi, which could lead to a remote os command injectio...

PT-2025-38673

Name of the Vulnerable Software and Affected Versions: Wavlink WL-NU516U1 version 240425 Description: A security issue has been identified in the sub 4012A0 function of the /cgi-bin/login.cgi file. Manipulation of the ipaddr argument can lead to operating system command injection. This attack is...

D-Link DIR-823X 安全漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that originates from a misuse of the parameters terminaladdr/serverip/serverport in the file /usr/sbin/goahead, which can be exploited by an attacker to cause...

Unmark Code Issues Vulnerabilities

Unmark is an open source to-do list application for bookmarking. A code issue vulnerability exists in Unmark 1.9.3 and earlier versions, which stems from incorrect manipulation of the parameter url in the file /application/controllers/Marks.php, which could lead to server-side request forgery. An...

Wavlink WL-WN578W2 sub_404DBC Function OS Command Injection Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. The Wavlink WL-WN578W2 221110 version has an operating system command injection vulnerability, which originates from the parameter macAddr in the sub404DBC function of the file /cgi-bin/wireless.cgi that fails to correctly filter...

CVE-2025-10471

A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery. It is possible to initiate the attack remotely. The exploit is now public and may...

ZKEACMS 代码问题漏洞

ZKEACMS is a visually designed, WYSIWYG content management system from ZKEASOFT open source. A code issue vulnerability exists in ZKEACMS version 4.3, which stems from the incorrect manipulation of the parameter url of the function Proxy in the file src/ZKEACMS/Controllers/MediaController.cs, whi...

CRMEB 授权问题漏洞

CRMEB is a Java mall system of CRMEB open source. An authorization issue vulnerability exists in CRMEB 5.6.1 and earlier versions, which stems from improper manipulation of the parameter ID of the function editAddress in the file app/services/user/UserAddressServices.php, which could lead to...

CVE-2025-10359 Wavlink WL-WN578W2 wireless.cgi sub_404DBC os command injection

A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor wa...