EUVD-2024-27516

Malicious code in bioql PyPI...

CVE-2025-11102 Campcodes Online Learning Management System edit_content.php sql injection

A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/editcontent.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be launched remotely. The exploit has been made available t...

CVE-2025-11045 WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 usb_paswd.asp command injection

A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-11045

The CVE-2025-11045 entry concerns WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 (version 22.03.17) where the Name parameter in an unknown function of the /usb_paswd.asp file enables remote command injection. Affected products are WAYOS routers in the LQ series; the vulnerability’s root cause is improper ha...

CVE-2025-10834

A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. This affects an unknown function of the file /jobportal/admin/login.php. Such manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available a...

CVE-2025-10615

The CVE-2025-10615 entry concerns itsourcecode E-Commerce Website 1.0. Affected component: the /admin/products.php file, where an unrestricted file upload vulnerability exists due to the flaw in that function. The issue is exploitable remotely and has publicly available exploits. Various connecte...

CVE-2025-10598

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This issue affects some unknown processing of the file /admin/searchproduct.php. Such manipulation of the argument groupid leads to sql injection. The attack may be launched remotely. The exploit is publicly...

CVE-2025-10564 Campcodes Grocery Sales and Inventory System ajax.php sql injection

A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=deletecategory. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-10028

A vulnerability was identified in itsourcecode POS Point of Sale System 1.0. This affects an unknown part of the file /inventory/main/vendors/datatables/unittesting/templates/6776.php. Such manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. Th...

CVE-2025-9789

A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /admin/edituser.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

CVE-2025-9394

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

CVE-2025-9676

A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack...

CVE-2025-9676 NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components

A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack...

PT-2025-34827

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A vulnerability exists in Campcodes Online Loan Management System that allows for SQL injection. The issue is located in an unknown functionality within the /ajax.php?action=sav...

CVE-2025-9439

A weakness has been identified in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this vulnerability is an unknown functionality of the file /rse/admin/editfaculty.php?id=2. This manipulation of the argument Name causes cross site scripting. The attack is...

CVE-2025-9424

A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itboxpi/branchimport.php?a=branchlist. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit i...

CVE-2025-9410

A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. It is possible to launch the attack remotely...

PT-2025-34526 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 versions 1.0.013.001 through 1.2.07.001 Linksys RE6300 versions 1.0.013.001 through 1.2.07.001 Linksys RE6350 versions 1.0.013.001 through 1.2.07.001 Linksys RE6500 versions 1.0.013.001 through 1.2.07.001 Linksys RE7000 version...

CVE-2025-8538

CVE-2025-8538 affects Portabilis i-Educar 2.10. The vulnerability exists in the unknown function at /usuarios/tipos/novo where manipulating the name/description parameter triggers cross-site scripting. It can be exploited remotely; the exploit has been disclosed. Vendor did not respond to disclos...

Fedora 41 : yasm (2025-5bd2ac3698)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-5bd2ac3698 advisory. Fixes CVE-2024-22653 . Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...