CVE-2025-10172

A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affects some unknown processing of the file /goform/formPictureUrl. Executing manipulation of the argument importpictureurl can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be...

CVE-2025-10172

CVE-2025-10172 affects UTT 750W firmware up to 3.2.2-191225. The vulnerability is a buffer overflow in the handling of the importpictureurl argument within the /goform/formPictureUrl endpoint. Exploitation can be performed remotely, with publicized exploits and a POI (proof-of-concept) status in ...

CVE-2025-5500

A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulation causes improper export of android application components. The attack requires local access. T...

PT-2025-37000

Name of the Vulnerable Software and Affected Versions: UTT 750W versions through 3.2.2-191225 Description: A buffer overflow issue exists due to the manipulation of the importpictureurl argument when processing the file /goform/formPictureUrl. This can be exploited remotely. Recommendations:...

CVE-2025-10090

A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be us...

CVE-2025-10090 Jinher OA GetTreeDate.aspx sql injection

A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be us...

CVE-2025-10081 SourceCodester Pet Management System profile.php unrestricted upload

A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument websiteimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be...

PT-2025-36505

Name of the Vulnerable Software and Affected Versions: yanyutao0402 ChanCMS versions through 3.3.1 Description: A SQL injection flaw exists in yanyutao0402 ChanCMS due to manipulation of the keyword argument in the /cms/article/search file. This issue can be exploited remotely. Recommendations: A...

PT-2025-36429

Name of the Vulnerable Software and Affected Versions: SourceCodester Pet Management System version 1.0 Description: A flaw has been found that allows for unrestricted file upload. This occurs through manipulation of the website image argument in an unknown function of the /admin/profile.php file...

CVE-2025-10070 Portabilis i-Educar enturmacao-em-lote access control

A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used...

PT-2025-36408

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Discussion Forum version 1.0 Description: A SQL injection issue exists in itsourcecode Online Discussion Forum version 1.0. The flaw is located in the file /admin/admin forum/add views.php and affects an unknown function...

CVE-2025-10014 elunez eladmin Email Address updateEmail updateUserEmail improper authorization

A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. The attack may be performed from remote...

CVE-2025-9834

A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and...

PT-2025-35863

Name of the Vulnerable Software and Affected Versions: CodeAstro Real Estate Management System version 1.0 Description: A flaw exists in CodeAstro Real Estate Management System 1.0 that allows for unrestricted file upload. The issue is located in the /register.php file and involves manipulation o...

CVE-2025-9843

A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. It is possible to initiate the attack remotely. The exploit has been published and may be used...

PT-2025-35848

Name of the Vulnerable Software and Affected Versions: PHPGurukul Beauty Parlour Management System version 1.1 Description: A flaw exists in PHPGurukul Beauty Parlour Management System 1.1 within the file /admin/update-image.php. Manipulation of the lid argument can lead to SQL injection,...

CVE-2025-9690

A flaw has been found in SourceCodester Advanced School Management System 1.0. This affects an unknown function of the file /index.php/stock/vendordetails. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be us...

CVE-2025-9773

A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2025-9674

A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. This manipulation causes improper export of android application components. The attack requires loca...

CVE-2025-9400

A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/Pfile.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be...