PT-2025-38154

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Student File Management System version 1.0 Description: A SQL injection flaw exists in the /admin/delete student.php file due to manipulation of the stud id argument. This issue is remotely exploitable. The exploit has...

CVE-2025-10483

A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/saveuser.php. This manipulation of the argument firstname causes sql injection. The attack is possible to be carried out remotely. The...

CVE-2025-10366

A flaw has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/inc.setWlanIpMail.php. This manipulation of the argument Email address causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be...

PT-2025-37442

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Grading System version 1.0 Description: A flaw exists in the SourceCodester Student Grading System that may allow for SQL injection. The issue affects unknown code within the /update account.php file. Manipulation of th...

CVE-2025-10330

A flaw has been found in cdevroe unmark up to 1.9.3. This vulnerability affects unknown code of the file application/views/layouts/topbar/searchform.php. This manipulation of the argument q causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published...

CVE-2025-10321

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /liveonline.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about...

PT-2025-37404

Name of the Vulnerable Software and Affected Versions: miurla morphic versions prior to 0.4.5 Description: A flaw has been found in miurla morphic. This impacts the fetchHtml function of the file /api/advanced-search of the component HTTP Status Code 3xx Handler, causing server-side request...

PT-2025-37419

Name of the Vulnerable Software and Affected Versions: PHPGurukul Beauty Parlour Management System version 1.1 Description: A SQL injection issue exists in PHPGurukul Beauty Parlour Management System version 1.1. The issue is located in the /admin/readenq.php file, within an unknown function...

CVE-2025-10330

CVE-2025-10330 targets the Unmark (cdevroe) open-source to-do app. A cross-site scripting vulnerability arises from lack of input filtering/escaping in the parameter q of the file application/views/layouts/topbar/searchform.php, affecting Unmark versions up to 1.9.3. Remote exploitation is possib...

CVE-2025-10330 cdevroe unmark searchform.php cross site scripting

A flaw has been found in cdevroe unmark up to 1.9.3. This vulnerability affects unknown code of the file application/views/layouts/topbar/searchform.php. This manipulation of the argument q causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published...

CVE-2025-10321

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /liveonline.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about...

CVE-2025-10321 Wavlink WL-WN578W2 live_online.shtml information disclosure

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /liveonline.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about...

PT-2025-37287

Name of the Vulnerable Software and Affected Versions: roncoo-pay affected versions not specified Description: A vulnerability exists in roncoo-pay that allows for improper authentication. The issue is related to manipulation of an unknown function within the /user/info/list file. This allows for...

PT-2025-37339

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A flaw has been found in Wavlink WL-WN578W2 221110. Exploitation of a manipulation vulnerability in the /live online.shtml file’s unknown function can lead to information disclosure. The attack c...

PT-2025-37280

Name of the Vulnerable Software and Affected Versions: YunaiV ruoyi-vue-pro versions prior to 2025.09 Description: A flaw exists in YunaiV ruoyi-vue-pro that allows for improper authorization. The issue is related to the manipulation of the ids/newOwnerUserId argument within an unknown function o...

CVE-2025-10172

A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affects some unknown processing of the file /goform/formPictureUrl. Executing manipulation of the argument importpictureurl can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be...

CVE-2025-5500

A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulation causes improper export of android application components. The attack requires local access. T...

PT-2025-37107

Name of the Vulnerable Software and Affected Versions: Scada-LTS versions prior to 2.7.8.2 Description: A flaw exists in Scada-LTS’s Reports Module due to cross-site scripting. The issue stems from unknown processing of the file /reports.shtm and manipulation of the Colour argument. This...

CVE-2025-10105

A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

PT-2025-37101

Name of the Vulnerable Software and Affected Versions: ruoyi-go version 2.1 Description: A flaw exists in the SelectListPage function within the SysRoleDao.go file of the Background Management Page component. Manipulation of the sortName argument can lead to SQL injection. Remote exploitation is...