EUVD-2025-208138

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not...

CVE-2025-11950 Reflected XSS in Knowhy's EduAsist

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS. This issue affects EduAsist: before v2.1...

PT-2026-22336

Name of the Vulnerable Software and Affected Versions Signum Technology Promotion and Training Inc. Windesk.Fm versions through 27022026 Description An issue exists in Windesk.Fm that allows for SQL Injection. The issue is due to improper neutralization of special elements used in an SQL command...

CVE-2025-10463

CVE-2025-10463 concerns an Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co.’s Senseway system. The issue enables Authentication Abuse and affects Senseway versions up to 09022026. Multiple sources (NVD, Red Hat, CVE list, AttackKB, etc.) reiter...

CVE-2025-7708 Sensitive Data Exposure in Atlas Software's k12net

Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation. This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

PT-2026-7085

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Zirve Information Technologies Inc. E-Taxpayer Accounting Website allows Reflected XSS.This issue affects e-Taxpayer Accounting Website: through 07082025...

CVE-2025-8456

CVE-2025-8456 affects Kod8 Individual and SME Website. Red Hat and Circl/CIRCL data confirm a vulnerability in input handling during web page generation, leading to a Reflected XSS . Affected software/versions are cited as Kod8 Individual and SME Website up to 03022026. The underlying cause is im...

CVE-2025-7014

Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

PT-2026-5303

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection.This issue affects Content Management System CMS: through 21072025...

CVE-2025-10437

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. Webpack Management System allows SQL Injection. This issue affects Webpack Management System: through 20251119...

EUVD-2025-24106

Malicious code in bioql PyPI...

CVE-2024-13150

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection.This issue affects fayton.Pro ERP: through 20250929...

CVE-2024-13149

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arma Store Armalife allows SQL Injection. This issue affects Armalife: through 20250916. NOTE: The vendor did not inform abou...

CVE-2025-8832 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setDMZ stack-based overflow

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffer overflow. The attack can be initiated...

CVE-2025-8827

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function uminspectcrossband of the file /goform/RPsetBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated...

CVE-2025-8829

CVE-2025-8829 affects Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. The vulnerability is in the um_red function of the file /goform/RP_setBasicAuto; manipulation of the hname parameter leads to OS command injection. The attack can be launched remotely, and public discl...

CVE-2025-8825

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RPsetBasicAuto of the file /goform/RPsetBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiat...

CVE-2025-8824 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setRIP stack-based overflow

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setRIP of the file /goform/setRIP. The manipulation of the argument RIPmode/RIPpasswd leads to stack-based buffer overflow. The attack may be launched...