CVE-2025-9013

Summary of vulnerability (CVE-2025-9013) : PHPGurukul Online Shopping Portal Project 2.0 has a SQL injection flaw in the file /shopping/password-recovery.php triggered by manipulating the emailid parameter. This vulnerability can be exploited remotely and has publicly disclosed exploits. Multiple...

CVE-2025-8949 D-Link DIR-825 httpd ping_response.cgi get_ping_app_stat stack-based overflow

A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function getpingappstat of the file pingresponse.cgi of the component httpd. The manipulation of the argument pingipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2025-8819 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setWan stack-based overflow

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function setWan of the file /goform/setWan. The manipulation of the argument staticIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The...

Student Attendance Management System 安全漏洞

Student Attendance Management System is a student attendance management system by rickxy individual developer. A security vulnerability exists in Student Attendance Management System v1. The vulnerability stems from a SQL injection due to incorrect manipulation of the emailAddress parameter in th...

Vvveb 代码问题漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. A code issue vulnerability exists in Vvveb version 1.0.5 and earlier, which stems from a server-side request forgery due to incorrect manipulation of the parameter url...

PT-2025-32503 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists due to os command injection. The RP setBasicAuto function within the /goform/RP setBasicAuto file is affected. Manipulation ...

GestioIP 安全漏洞

GestioIP is a web-based IPv4/IPv6 address management software from GestioIP. A security vulnerability exists in GestioIP 3.0 commit ac67be and prior versions, which stems from an unvalidated ip parameter that could lead to remote command execution...

TOTOLINK N300RH Denial of Service Vulnerability

TOTOLINK N300RH is a long-range wireless router from China's TOTOLINK, supporting the IEEE 802.11n standard with a maximum wireless transmission rate of 300Mbps. A denial of service vulnerability exists in the TOTOLINK N300RH, which originates from the incorrect operation of the parameter url in...

VulnCheck KEV: CVE-2025-34049

An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11X101 Build 1127.190306 and earlier. The router’s web management interface fails to properly sanitize user input in the targetaddr parameter of the formTracert and formPing administrative...

5V Technologies Blue Angel Software Suite 操作系统命令注入漏洞

5V Technologies Blue Angel Software Suite is a management and control software suite deployed on embedded Linux devices from 5V Technologies, Taiwan, China. A security vulnerability exists in 5V Technologies Blue Angel Software Suite that originates from an OS command injection attack due to an...

CVE-2025-6340

A vulnerability classified as problematic has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument Branch/Address/Detail leads to cross site scripting. It is possible to initiate the attack remotely. The...

TOTOLINK EX1200T 安全漏洞

TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1200T 4.1.2cu.5232B20210713 suffers from a buffer overflow vulnerability that originates from the parameter submit-url in file /boafrm/formSysLog failing to correctly validate the length size of the...

The vulnerability of the formSetSafeWanWebMan() function (/goform/SetRemoteWebCfg) in the Tenda AC6 router software allows a hacker to trigger a service failure.

The vulnerability of the formSetSafeWanWebMan function /goform/SetRemoteWebCfg in the Tenda AC6 router software lies in the issue of the operation exceeding the buffer boundaries in memory when processing the remoteIp parameter. Exploiting this vulnerability could allow an attacker to cause a...

X2000R URL Address Parameter Cross-Site Scripting Vulnerability at Gion Electronics (Shenzhen) Co.

The X2000R is a wireless router from China's Gion Electronics TOTOLINK. Ltd. X2000R version 1.0.0-B20230726.1108 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter URL Address, which can be exploite...

Code-Projects Traffic Offense Reporting System 代码注入漏洞

Traffic Offense Reporting System is a traffic violation reporting system. Traffic Offense Reporting System has a cross-site scripting vulnerability that originates from the parameter offenseid/vehicleno/driverlicense/name/address/gender/officer in the file /save-reported.php. The lack of effectiv...

SUSE CVE-2025-49113

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...

TOTOLINK X2000R 安全漏洞

The X2000R is a wireless router from China's Gion Electronics TOTOLINK. Ltd. X2000R version 1.0.0-B20230726.1108 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter URL Address, which can be exploite...

llisoft MTA Maita Training System 代码问题漏洞

The llisoft MTA Maita Training System is a training system from China Dongke llisoft. A code issue exists in version 4.5 of the llisoft MTA Maita Training System, which is caused by a parameter url operation that results in unlimited uploads...

Tmall_demo 代码注入漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the projectteam. A code injection vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from cross-site scripting due to incorrect operation of the parameter Detailed Address in the component Buy Item Page...

CVE-2024-46236

CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting XSS via the address parameter in addmembers.php and editmember.php...