CVE-2025-8707

CVE-2025-8707 affects Huuge Box App 1.0.3 on Android, specifically the component com.huuge.game.zjbox through improper export of AndroidManifest.xml. The root cause is manipulation of an AndroidManifest.xml element that leads to exporting of application components, requiring local access for expl...

PT-2025-32339 · Unknown · Com.Huuge.Game.Zjbox +1

Name of the Vulnerable Software and Affected Versions: Huuge Box version 1.0.3 Description: A vulnerability exists in the Huuge Box App for Android. The issue involves the improper export of Android application components due to manipulation of an unknown part of the AndroidManifest.xml file with...

CVE-2025-8584

A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function avbufferunref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this...

CVE-2025-8443

A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-8365 Portabilis i-Educar atendidos_cad.php cross site scripting

A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file atendidoscad.php. The manipulation of the argument nome/nomesocial/email leads to cross site scripting. The attack can be launched...

CVE-2025-8254

A vulnerability was found in Campcodes Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /viewparcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-8270

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/deletes2.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

PT-2025-32445 · Vsftpd +1 · Vsftpd +1

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-822DRE version FW103B02 Description: A vulnerability exists in TRENDnet TEW-822DRE FW103B02, affecting an unknown part of the vsftpd component. The issue results in a least privilege violation. Local access is required for...

CVE-2025-8135

A vulnerability, which was classified as critical, has been found in itsourcecode Insurance Management System 1.0. This issue affects some unknown processing of the file /updateAgent.php. The manipulation of the argument agentid leads to sql injection. The attack may be initiated remotely. The...

CVE-2025-8188

A vulnerability classified as critical has been found in Campcodes Courier Management System 1.0. This affects an unknown part of the file /editstaff.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2025-8163 deerwms deer-wms-2 list sql injection

A vulnerability, which was classified as critical, was found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/role/list. The manipulation of the argument paramsdataScope leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-8128 zhousg letao product.js unrestricted upload

A vulnerability, which was classified as critical, has been found in zhousg letao up to 7d8df0386a65228476290949e0413de48f7fbe98. This issue affects some unknown processing of the file routes\bf\product.js. The manipulation of the argument pictrdtz leads to unrestricted upload. The attack may be...

CVE-2025-7942

A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be...

CVE-2025-7940

A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.house.auscat. The manipulation leads to improper export of android...

CVE-2025-7935 fuyang_lipengjun platform SysLogController.java SysLogController sql injection

A vulnerability, which was classified as critical, was found in fuyanglipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. Affected is the function SysLogController of the file platform-admin/src/main/java/com/platform/controller/SysLogController.java. The manipulation of the argume...

CVE-2025-7911

A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnpctrl.asp of the component jhttpd. The manipulation of the argument removeextproto/removeextport leads to stack-based buffer overflow. The attack can be initiate...

CVE-2025-7765

A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addmanagerclinic.php. The manipulation of the argument clinic leads to sql injection. The attack can be launched...

CVE-2025-7854

The CVE-2025-7854 entry concerns Tenda FH451 (v1.0.0.9). A vulnerability in the fromVirtualSer function in /goform/VirtualSer arises from improper validation of the page argument, causing a stack-based buffer overflow. This can be exploited remotely, and public exploit details are reported across...

CVE-2025-7824 Jinher OA XmlHttp.aspx xml external entity reference

A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The manipulation leads to xml external entity reference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

PT-2025-29967 · Unknown · Online Appointment Booking System

Name of the Vulnerable Software and Affected Versions: Online Appointment Booking System version 1.0 Description: A critical issue exists in the Online Appointment Booking System that allows for SQL injection. The vulnerability is located in the /admin/deletedoctor.php file, specifically through...