CVE-2025-1809 Pixsoft Sol Login Endpoint servlet sql injection

A vulnerability was found in Pixsoft Sol up to 7.6.6c and classified as critical. This issue affects some unknown processing of the file /pixprojetos/servlet?act=login&submit=1&evento=0&pixrnd=0125021816444195731041 of the component Login Endpoint. The manipulation of the argument txtUsuario lead...

CVE-2025-1646 Lumsoft ERP ASPX File UploadAjaxAPI.ashx unrestricted upload

A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler. The manipulation of the argument file leads to unrestricted upload. The attack m...

CVE-2025-1465

A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an unknown function of the file db.inc.php of the component Maintenance. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high...

CVE-2025-1379

A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument city leads to sql injection. The attack can be...

CVE-2025-1373 FFmpeg MOV Parser mov.c mov_read_trak null pointer dereference

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function movreadtrak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The...

CVE-2025-1201

A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/app/profilecrud.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-1200 SourceCodester Best Church Management Software slider_crud.php sql injection

A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/app/slidercrud.php. The manipulation of the argument delid leads to sql injection. The attack can be initiated remotely. Th...

CVE-2025-1187

A vulnerability classified as critical was found in code-projects Police FIR Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Delete Record Handler. The manipulation leads to stack-based buffer overflow. Attacking locally is a requirement...

CVE-2025-1185

A vulnerability was found in pihome-shc PiHome 2.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?Ajax=GetModalSensorGraph. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

CVE-2025-1177

A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been classified as critical. Affected is the function importadd of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to...

CVE-2025-0565

A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

CVE-2022-2487

A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument starthour leads to os command injection. The exploit has been disclosed to the public and may be us...

CVE-2024-12229

A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely...

CVE-2024-3087

A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata lead...

CVE-2024-3360

A vulnerability, which was classified as critical, was found in SourceCodester Online Library System 1.0. Affected is an unknown function of the file admin/books/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

CVE-2024-10561

A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file birdsupdate.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-9295

A vulnerability was found in SourceCodester Advocate Office Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /control/login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-11648

A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/add-customer.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2024-4291

A vulnerability was found in Tenda A301 15.13.08.12multiTDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated...

CVE-2025-0948 itsourcecode Tailoring Management System incview.php sql injection

A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file incview.php. The manipulation of the argument incid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...