CVE-2025-8933

A vulnerability was identified in 1000 Projects Sales Management System 1.0. This issue affects some unknown processing of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2025-8934

A vulnerability has been found in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

CVE-2025-8927

A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/sendcode of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The...

CVE-2025-9025

A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /portal.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the...

CVE-2025-9004

A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. T...

CVE-2025-9005

The vulnerability CVE-2025-9005 affects mtons mblog up to version 3.5.0, where an unknown function in the /register endpoint can trigger information exposure via an error message. It can be exploited remotely; attack complexity is high and exploitation is not trivial. Public disclosure exists, wi...

CVE-2025-9004

CVE-2025-9004 affects mtons mblog up to version 3.5.0 (and related advisories reference versions prior to 3.5.1). The issue stems from improper restriction of excessive authentication attempts when processing /settings/password, with potential remote initiation. Exploitation is described as diffi...

CVE-2025-8993 itsourcecode Online Tour and Travel Management System expense_report.php sql injection

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/expensereport.php. The manipulation of the argument fromdate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos...

CVE-2025-8990

Summary of CVE-2025-8990 findings : The vulnerability affects the Online Medicine Guide software (version 1.0). The issue is a SQL injection in the file /browsemdcn.php caused by unsafely handling the Search parameter. This can be exploited remotely, and public disclosures indicate the exploit is...

PT-2025-33426 · Unknown · Mechrevo Control Center Gx V2

Name of the Vulnerable Software and Affected Versions: Mechrevo Control Center GX V2 version 5.56.51.48 Description: A vulnerability exists in Mechrevo Control Center GX V2 due to an uncontrolled search path within the reg File Handler component. The issue can be exploited on a local host, with a...

PT-2025-33425 · Itsourcecode · Itsourcecode Online Tour/Travel Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A SQL injection issue exists in itsourcecode Online Tour and Travel Management System 1.0, specifically within the /admin/expense report.php file. Manipulation of...

PT-2025-33436 · Mtons · Mtons Mblog

Name of the Vulnerable Software and Affected Versions: mtons mblog versions prior to 3.5.1 Description: A vulnerability exists in mtons mblog up to version 3.5.0. The issue affects an unknown function within the /register endpoint and leads to information exposure through error messages. The atta...

PT-2025-33437 · Tenda · Tenda Ch22

Name of the Vulnerable Software and Affected Versions: Tenda CH22 version 1.0.0.1 Description: A vulnerability exists in the formdelFileName function of the /goform/delFileName file. Manipulation of this function leads to a buffer overflow, and the attack can be launched remotely. The exploit for...

CVE-2025-8982

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. The manipulation of the argument currcode leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2025-8982 itsourcecode Online Tour and Travel Management System currency.php sql injection

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. The manipulation of the argument currcode leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2025-8978

A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

CVE-2025-8971 itsourcecode Online Tour and Travel Management System travellers.php sql injection

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument val-username leads to sql injection. The attack can be initiated remotely. The exploi...

CVE-2025-8967

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...

CVE-2025-8966

CVE-2025-8966 affects itsourcecode Online Tour and Travel Management System 1.0. The vulnerability resides in the file /admin/operations/tax.php , where manipulation of the tname parameter triggers an SQL injection. Attacks can be remote, and public disclosure is noted. Technical details across s...

CVE-2025-8961

LibTIFF 4.7.0 contains a local-only memory corruption vulnerability in tiffcrop.c (function main) that attackers can exploit via crafted TIFF files; a public exploit is available. Multiple advisories confirm patches in newer libtiff packages across distros (e.g., ALAS2-2025-3039, ALAS2025-1212, A...