CVE-2025-10374 Shenzhen Sixun Business Management System OperatorStop improper authorization

A security flaw has been discovered in Shenzhen Sixun Business Management System 7/11. This affects an unknown part of the file /Adm/OperatorStop. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the...

CVE-2025-10245 Display Painéis TGA Galeria rename path traversal

A security flaw has been discovered in Display Painéis TGA up to 7.1.41. Affected by this issue is some unknown functionality of the file /gallery/rename of the component Galeria Page. The manipulation of the argument currentfolder results in path traversal. The exploit has been released to the...

CVE-2025-10075

A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-10064

A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This issue affects some unknown processing of the file /inventory/main/vendors/datatables/unittesting/templates/domdatatwoheaders.php. The manipulation of the argument scripts results in cross site scripting. The...

CVE-2025-9928

A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

PT-2025-35836

Name of the Vulnerable Software and Affected Versions: projectworlds Travel Management System version 1.0 Description: A security flaw exists in projectworlds Travel Management System. The issue involves SQL injection in the /viewcategory.php file through manipulation of the t1 argument. This...

CVE-2025-9726

A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /review.php. The manipulation of the argument pid results in sql injection. The attack may be launched remotely. The exploit has been released to the...

CVE-2025-9425

A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /enquiry.php. Performing manipulation of the argument pid results in sql injection. The attack is possible to be carried out remotely...

CVE-2025-9577

A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this...

PT-2025-34832

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A security flaw exists in itsourcecode Apartment Management System version 1.0 related to the processing of the /report/fair info all.php file. Manipulation of the fid argument...

PT-2025-34728 · Unknown · 1000Projects Online Project Report Submission/Evaluation System

Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A security flaw exists in 1000projects Online Project Report Submission and Evaluation System version 1.0. The manipulation of the address argument i...

SUSE CVE-2025-9396

A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function GIstrtollinternal of the file strtoll.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be...

PT-2025-34680 · Lostvip Com · Ruoyi-Go

Name of the Vulnerable Software and Affected Versions: lostvip-com ruoyi-go versions prior to 2.1 Description: A security flaw exists in the DownloadTmp/DownloadUpload function within the modules/system/controller/CommonController.go file. Manipulation of the fileName argument can lead to a path...

CVE-2025-9396 ckolivas lrzip strtol_l.c __GI_____strtol_l_internal null pointer dereference

A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function GIstrtollinternal of the file strtoll.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be...

CVE-2025-9390

A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be...

CVE-2025-9381 FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure

A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpasupplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as...

CVE-2025-9381 FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure

A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpasupplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as...

PT-2025-34566 · Vim +1 · Vim +1

Name of the Vulnerable Software and Affected Versions: vim versions prior to 9.1.1616 Description: A security flaw exists in vim due to a buffer overflow in the main function of the xxd.c file within the xxd component. The vulnerability is locally exploitable. An exploit for this issue has been...

CVE-2025-9143

A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailinglists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public a...

PT-2025-34228 · Totolink · Totolink A720R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A720R version 4.1.5cu.630 B20250509 Description: A security flaw exists in TOTOLINK A720R 4.1.5cu.630 B20250509. The issue affects the setParentalRules function within the /cgi-bin/cstecgi.cgi file and allows for remote buffer overfl...