PT-2025-16182 · Unknown · Tutorials-Website Employee Management System

Name of the Vulnerable Software and Affected Versions: Tutorials-Website Employee Management System version 1.0 Description: A critical issue was found in the Tutorials-Website Employee Management System, affecting some unknown functionality of the file /admin/delete-user.php. The manipulation of...

CVE-2025-3341

A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0. This affects an unknown part of the file /admin/reservationview.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. Th...

Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal

Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager SSM Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create...

CVE-2025-3351

A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotel...

CVE-2025-3213

A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /view-note.php?noteid=11. The manipulation of the argument remark leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-3255

CVE-2025-3255 affects xujiangfei admintwo 1.0. The vulnerability is in an unknown functionality of the file /user/home, where manipulating the argument ID leads to improper access controls. The attack is remote, and the exploit has been disclosed publicly. Connected sources consistently describe ...

CVE-2025-3220

A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. Th...

PT-2025-14880 · Unknown · Phpgurukul Online Fire Reporting System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Fire Reporting System version 1.2 Description: A critical issue has been found in the PHPGurukul Online Fire Reporting System. The problem affects some unknown functionality of the file /admin/search.php. The manipulation of...

CVE-2025-3009

The CVE-2025-3009 entry concerns Jinher Network OA C6, specifically an SQL injection in the NetDiskProperty.aspx file (/C6/JHSoft.Web.NetDisk/NetDiskProperty.aspx) caused by manipulation of the ID parameter. Documents indicate remote exploitation possibilities and a publicly disclosed exploit. Se...

CVE-2025-3002

CVE-2025-3002 affects Digital China DCME-520 up to 20250320. The issue is an OS command injection caused by incorrect handling of the parameter named type_name in the file /usr/local/WWW/function/audit/newstatistics/mon_merge_stat_hist.php. The vulnerability can be exploited remotely and the expl...

CVE-2025-2993

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14408. Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit...

CVE-2025-2984

Code-projects Payroll Management System 1.0 is affected by a remote SQL injection in the /delete.php script via the emp_id parameter. Root cause: improper handling/exposure of the emp_id argument leads to injection. Exploit has been disclosed publicly. Impact per sources includes confidentiality/...

CVE-2025-2973

The CVE-2025-2973 entry concerns code-projects College Management System 1.0. A vulnerability exists in an unknown portion of /Admin/student.php where manipulation of the profile_image parameter enables unrestricted file upload. This could allow remote execution of arbitrary code, as described ac...

[SECURITY] Fedora 40 Update: libxml2-2.12.10-1.fc40

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

CVE-2025-2854

A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file updateemployee.php. The manipulation of the argument emptype leads to sql injection. The attack can be launched remotely. The...

CVE-2025-2712

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. The exploi...

CVE-2025-2709

CVE-2025-2709 affects Yonyou UFIDA ERP-NC 5.0. The issue is a reflected cross-site scripting (XSS) vulnerability in /login.jsp caused by unsanitized input in the key/redirect parameters. An attacker can remotely trigger the vulnerability; the exploit has been disclosed publicly. The Nuclei templa...

CVE-2025-2623

A vulnerability was found in westboy CicadasCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/cms/content/save. The manipulation of the argument title/content/laiyuan leads to cross site scripting. The attack can be launch...

CVE-2025-2682

CVE-2025-2682 pertains to PHPGurukul Bank Locker Management System 1.0. The vulnerability is a SQL injection triggered by manipulating the mobilenumber parameter in /edit-subadmin.php?said=3, with remote exploitation possible. Multiple connected sources confirm the issue and public disclosure, in...

CVE-2025-2640 PHPGurukul Doctor Appointment Management System appointment-bwdates-reports-details.php sql injection

A vulnerability was found in PHPGurukul Doctor Appointment Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /doctor/appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack...