CVE-2025-5978

A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has...

CVE-2025-5978 Tenda FH1202 VirtualSer fromVirtualSer stack-based overflow

A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has...

CVE-2025-5885 Konica Minolta bizhub cross-site request forgery

A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-5862

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been...

CVE-2025-5860 PHPGurukul Maid Hiring Management System search-booking-request.php sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Maid Hiring Management System 1.0. This affects an unknown part of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack...

CVE-2025-5848

A vulnerability was found in Tenda AC15 15.03.05.19multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. The attac...

CVE-2025-5796

A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edittype.php. The manipulation of the argument Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2025-5618

A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-5780 code-projects Patient Record Management System view_dental.php sql injection

A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /viewdental.php. The manipulation of the argument itrno leads to sql injection. The attack may be launched remotely. The...

CVE-2025-5762

A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file viewhematology.php. The manipulation of the argument itrno leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-5582

A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been...

PT-2025-24006 · Signal · Signal App

Name of the Vulnerable Software and Affected Versions: Signal App version 7.41.4 Description: A vulnerability was found in the Biometric Authentication Handler component, which affects the authentication process by missing a critical step. The attack can be launched on a physical device and has a...

CVE-2025-5660

CVE-2025-5660 affects PHPGurukul Complaint Management System 2.0, with a SQL injection in the /user/register-complaint.php file via the noc parameter. The issue arises from lack of input validation, enabling remote attacker-controlled SQL execution; exploitation is possible as the exploit has bee...

CVE-2025-5558 PHPGurukul Teacher Subject Allocation Management System changeimage.php sql injection

A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely...

CVE-2025-5551

A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. This affects an unknown part of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

CVE-2025-5430

CVE-2025-5430 affects AssamLook CMS 1.0. The vulnerability is a SQL injection in the /product.php file caused by manipulation of the ID parameter, exploitable remotely. Multiple sources describe it as critical with potential high impact on confidentiality, integrity, and availability; exploit det...

CVE-2025-5427

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin-cp/permalinks of the component Permalinks Page. The manipulation leads to improper access controls. The attack may be launched remotely. The...

CVE-2025-5408

A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410240222 and classified as critical. Affected by this issue is the function syslogin of the file /cgi-bin/login.cgi of the component HTTP POST Request Handler. The...

CVE-2025-5409

Mist Community Edition up to 4.7.1 contains a vulnerability in the API Token Handler’s create_token function (src/mist/api/auth/views.py) that enables improper access controls. The issue allows remote initiation of an attack and has publicly disclosed exploits. Upgrading to version 4.7.2 addresse...

CVE-2025-5364 Campcodes Online Hospital Management System add-patient.php sql injection

A vulnerability was found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /doctor/add-patient.php. The manipulation of the argument patname leads to sql injection. The attack may be launched remotely...