CVE-2025-10812

A vulnerability has been found in code-projects Hostel Management System 1.0. This impacts an unknown function of the file /justines/admin/modamenities/index.php?view=view. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-10629 D-Link DIR-852 Simple Service Discovery Protocol Service cgibin ssdpcgi_main command injection

A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgimain of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from...

CVE-2025-10629 D-Link DIR-852 Simple Service Discovery Protocol Service cgibin ssdpcgi_main command injection

A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgimain of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from...

CVE-2025-10592

A security vulnerability has been detected in itsourcecode Online Public Access Catalog OPAC 1.0. This impacts an unknown function of the file mysearch.php of the component POST Parameter Handler. Such manipulation of the argument searchfield/searchtext leads to sql injection. The attack may be...

PT-2025-38147

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Public Access Catalog OPAC version 1.0 Description: A security issue has been identified in itsourcecode Online Public Access Catalog OPAC. The vulnerability resides in an unknown function within the mysearch.php file,...

CVE-2025-10369

A vulnerability was determined in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This affects an unknown part of the file /htdocs/cardRegisterNew.php. Executing manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2025-10118

A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. The affected element is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

PT-2025-36455

Name of the Vulnerable Software and Affected Versions: Jinher OA versions up to 1.2 Description: A vulnerability exists in Jinher OA that allows for xml external entity reference. The issue affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add...

CVE-2025-10033

A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

CVE-2025-9783

A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. This issue affects the function sub418030 of the file /boafrm/formParentControl. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly...

CVE-2025-9669

A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used...

CVE-2025-9528

CVE-2025-9528 affects Linksys E1700 router (version 1.0.0.4.003). The vulnerability targets the function systemCommand in /goform/systemCommand; manipulating the command argument can cause an OS command injection. The attack can be launched remotely, and exploitation has been publicly disclosed. ...

PT-2025-34829

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A vulnerability exists in Campcodes Online Loan Management System that allows for SQL injection. The issue affects an unknown part of the /ajax.php?action=delete plan file...

PT-2025-34834

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A security issue has been identified in itsourcecode Apartment Management System version 1.0. The vulnerability is due to SQL injection in the /branch/addbranch.php file...

CVE-2025-9473

SourceCodester Online Bank Management System 1.0 has a SQL injection in /feedback.php triggered by manipulating the msg parameter. The vulnerability is remote and has public exploit discussion. Multiple sources describe the issue and its impact on confidentiality, integrity, and availability as h...

CVE-2025-9440

CVE-2025-9440 affects 1000projects Online Project Report Submission and Evaluation System 1.0. A vulnerable function is in /admin/add_title.php, where manipulating the Title argument permits cross-site scripting. The issue is exploitable remotely and publicly disclosed. Multiple connected sources...

CVE-2025-9429 mtons mblog Post submit cross site scripting

A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2025-9423

A vulnerability was determined in Campcodes Online Water Billing System 1.0. Affected is an unknown function of the file /editecex.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...

CVE-2025-9411

CVE-2025-9411 affects lostvip-com ruoyi-go up to version 2.1. The vulnerability is in the SelectPageList function of modules/system/service/LoginInforService.go, where manipulation of the isAsc argument enables SQL injection. Exploitation is remote and has been publicly disclosed; multiple source...

CVE-2025-9403

A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function runjqtests of the file jqtest.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Othe...