CVE-2025-9801

A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and...

CVE-2025-9801 SimStudioAI sim path traversal

A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and...

UBUNTU-CVE-2025-9809

Out-of-bounds write in cdfsopencuetrack in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATHMAXLENGTH that is copied using memcpy into a fixed-size buffer...

CVE-2025-54945

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...

Sim Studio 路径遍历漏洞

Sim Studio is an AI agent workflow builder from the Sim Studio open source. A path traversal vulnerability exists in Sim Studio that stems from an incorrect manipulation of the parameter filePath leading to a path traversal attack...

PT-2025-35516

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af Description: A security vulnerability has been detected that allows for path traversal through manipulation of the filePath argument. Remote exploitation is possible, and the...

PT-2025-35441

Name of the Vulnerable Software and Affected Versions: Campcodes/SourceCodester Courier Management System version 1.0 Description: A SQL injection issue exists in the Login function of the /ajax.php file. Manipulation of the email argument can lead to SQL injection. The issue is remotely...

CampCodes Courier Management System 安全漏洞

CampCodes Courier Management System is a courier management system from CampCodes Philippines. A security vulnerability exists in CampCodes Courier Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter email in file/ajax.php...

Tenda W12 安全漏洞

Tenda W12 is a dual-band Gigabit wireless panelized access point AP from Tenda Technology, designed for hotels, villas, large homes and other scenarios, supporting the IEEE802.11ac protocol and the Wave2 standard with 1167Mbps dual-band concurrent rate. The Tenda W12 suffers from a hard-coded...

CVE-2025-9749

CVE-2025-9749 affects HKritesh009 Grocery List Management Web App (up to f491b681eb70d465f445c9a721415c965190f83b). The vulnerability is an SQL injection in an unknown portion of /src/update.php triggered by manipulating the ID parameter, with remote exploitation possible. Public exploit exists. ...

CVE-2025-9746

A vulnerability was detected in Campcodes Hospital Management System 1.0. This affects an unknown function of the file /admin/edit-doctor-specialization.php of the component Edit Doctor Specialization Page. The manipulation results in cross site scripting. The attack may be launched remotely. The...

CVE-2025-9722

A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educartipoocorrenciadisciplinarcad.php. Such manipulation of the argument nmtipo/descricao leads to cross site scripting. It is possible to launch the attack remotel...

CVE-2025-9716

A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /xprocessplatformassembledesigner/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting...

CVE-2025-9717

A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xorganizationassemblecontrol/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelNa...

CVE-2025-9608

A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The...

CVE-2025-9582

A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from cross-site scripting due to incorrect manipulation of the parameter name/alias in the file...

PT-2025-35405

Name of the Vulnerable Software and Affected Versions: Campcodes Farm Management System version 1.0 Description: A security flaw has been discovered in Campcodes Farm Management System 1.0. The vulnerability affects an unknown functionality within the /review.php file. Manipulation of the pid...

PT-2025-35403

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar up to version 2.10. The issue impacts an unknown function within the /intranet/educar nivel ensino cad.php file. Manipulation of the nm...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from cross-site scripting due to incorrect manipulation of the parameter name/alias/description/applicationName in the file...