Tenda AC20 Buffer Overflow Vulnerability

Tenda AC20 is a wireless router product from Tenda. A buffer overflow vulnerability exists in Tenda AC20 16.03.08.12 and earlier versions, which originates from the improper handling of the mac parameter in the strcpy function in the /goform/GetParentControlInfo file. The vulnerability can be...

CVE-2025-57061

Tenda G3 v3.0brV15.11.0.17 was discovered to contain multiple stack overflows in the formIPMacBindModify function via the ruleId, ip, mac, v6 and remark parameters. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-56498

An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated attacker can exploit...

PLDT WiFi Router Prolink PGN6401V 安全漏洞

PLDT WiFi Router Prolink PGN6401V is a router from PLDT Philippines. A security vulnerability exists in PLDT WiFi Router Prolink PGN6401V Firmware version 8.1.2, which stems from insufficient cleanup of the pingAddr parameter in the ping6.asp page, which could lead to OS command injection...

CVE-2025-56498

An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated attacker can exploit...

CVE-2025-9790

A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an unknown part of the file /admin/updateabout.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit has been released to the public...

CVE-2025-9790

A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an unknown part of the file /admin/updateabout.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit has been released to the public...

SourceCodester Hotel Reservation System 安全漏洞

SourceCodester Hotel Reservation System is a SourceCodester open source hotel reservation system. A security vulnerability exists in SourceCodester Hotel Reservation System version 1.0, which is caused by SQL injection due to incorrect manipulation of the parameter address in file...

PT-2025-35504

Name of the Vulnerable Software and Affected Versions: SourceCodester Hotel Reservation System version 1.0 Description: A security flaw has been discovered that allows for remote SQL injection via manipulation of the address argument in the file /admin/updateabout.php. The exploit has been releas...

CVE-2025-9414

A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argument url results in server-side request forgery. Remote...

CVE-2025-9438

A security flaw has been discovered in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected is an unknown function of the file /admin/addstudent.php. The manipulation of the argument address results in cross site scripting. The attack can be executed remotely. The...

CVE-2025-9438

CVE-2025-9438 affects 1000projects Online Project Report Submission and Evaluation System version 1.0. The vulnerability is a cross-site scripting flaw triggered by manipulating the address argument in the /admin/add_student.php function/file. It can be exploited remotely, and public exploits hav...

TOTOLINK A3002R url parameter buffer overflow vulnerability

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. The TOTOLINK A3002R suffers from a buffer overflow vulnerability that originates from improperly...

CVE-2025-55602

D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter...

CVE-2025-55586

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

Cross-site Scripting (XSS)

Overview com.liferay:com.liferay.journal.web is a Liferay Journal Web Affected versions of this package are vulnerable to Cross-site Scripting XSS via the use of journalEditArticleDisplayContext.getBackURL when editing articles. An attacker can execute arbitrary JavaScript code in the context of...

Scada-LTS 代码注入漏洞

Scada-LTS is an open source, web-based, multi-platform solution from Scada-LTS Open Source. A code injection vulnerability exists in Scada-LTS version 2.7.8.1, which stems from a cross-site scripting attack due to incorrect manipulation of the parameters name/userList/address in the file...

CVE-2025-55588

TOTOLINK A3002R (firmware version 4.0.0-B20230531.1404) is affected by a buffer overflow in the fw_ip parameter of the /boafrm/formPortFw API. The overflow could be triggered by crafted input, leading to Denial of Service. Public documentation across multiple sources corroborates the model and af...

PT-2025-33688 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: The TOTOLINK A3002R device contains a buffer overflow in the fw ip parameter at the /boafrm/formPortFw API endpoint. This issue allows attackers to cause a Denial of Service DoS via a...

CVE-2025-9013

A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclos...