CVE-2025-2040

CVE-2025-2040 affects zhijiantianya ruoyi-vue-pro 2.4.1. The vulnerability involves an unknown functionality at the file path /admin-api/bpm/model/deploy where improper neutralization of special elements in a template engine can be exploited. It is exploitable remotely and, per sources, the explo...

CVE-2025-1964

CVE-2025-1964 affects projectworlds Online Hotel Booking 1.0. An SQL injection in the checkin argument of /booknow.php?roomname=Duplex is described as exploitable remotely with high impact (confidentiality, integrity, availability). Exploit exposure is noted as public in the sources. The connecte...

Linux Distros Unpatched Vulnerability : CVE-2024-21633

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource...

CVE-2025-1857

A vulnerability classified as critical has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file /checkavailability.php. The manipulation of the argument employeeid leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2025-1834 zj1983 zz resolve unrestricted upload

A vulnerability, which was classified as critical, was found in zj1983 zz up to 2024-8. This affects an unknown part of the file /resolve. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the publ...

CVE-2025-24843 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Storage of Sensitive Data in a Mechanism without Access Control

Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data...

CVE-2025-24843

CVE-2025-24843 affects the Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application. The issue is an insecure file retrieval process that could enable file manipulation, impacting the confidentiality, integrity, authenticity and attestation of stored data and potentially...

Dario Health 安全漏洞

Dario Health is a software from Dario Health that provides digital health solutions for people with chronic conditions. Dario Health has a security vulnerability that stems from an insecure file retrieval process that could lead to file manipulation, impacting product stability and data...

CVE-2025-1599

A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/app/profilecrud.php. The manipulation of the argument oldcatimg leads to path traversal: '../filedir'. The...

PT-2025-7673 · Sourcecodester · Sourcecodester Best Employee Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Employee Management System version 1.0 Description: A vulnerability has been found in the processing of the file /admin/salary slip.php. The manipulation of the id argument leads to authorization bypass. The attack may be...

CVE-2024-12276

The CVE-2024-12276 entry concerns the WordPress plugin “Ultimate Member” (versions up to and including 2.9.2). The vulnerability is a second‑order SQL Injection via filenames caused by insufficient escaping of user‑supplied parameters and inadequate preparation of the existing SQL query. Exploita...

CVE-2025-1379

A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument city leads to sql injection. The attack can be...

CVE-2025-1355 needyamin Library Card System Add Picture signup.php unrestricted upload

A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to unrestricted upload. The attack can be launched remotely. Th...

CVE-2025-1229 olajowon Loggrove page os command injection

A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected by this vulnerability is an unknown functionality of the file /read/?page=1&logfile=eee&match=. The manipulation of the argument path leads to os command injection. The...

CVE-2025-1195

CVE-2025-1195 concerns the Code-Projects Real Estate Property Management System 1.0. According to the sources, the vulnerability is triggered by manipulation of the CategoryId parameter in the /Admin/EditCategory endpoint, resulting in cross-site scripting (XSS). The issue is described as exploit...

CVE-2025-1171

A vulnerability classified as problematic was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument Address leads to cross site scripting. The attack can...

CVE-2022-41211

Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritte...

CVE-2022-45794

An attacker with network access to the affected PLC CJ-series and CS-series PLCs, all versions may use a network protocol to read and write files on the PLC internal memory and memory card...

CVE-2022-2486

A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used...

CVE-2024-43248

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4...