i-Educar 安全漏洞

i-Educar is a free educational software from Portábilis Open Source. A security vulnerability exists in i-Educar version 2.10 and earlier, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter nmtipo in the file /intranet/educartipoensinocad.php...

Grocery List Management Web App 安全漏洞

Grocery List Management Web App is a grocery list management system by the individual developer Ritesh Dhurve. A security vulnerability exists in Grocery List Management Web App that stems from a SQL injection attack due to incorrect manipulation of the parameter ID in the file /src/update.php...

Cudy LT500E 安全漏洞

The Cudy LT500E is a wireless router from the Chinese company Cudy. A security vulnerability exists in the Cudy LT500E version 2.3.12 and earlier, which stems from the firmware's use of hard-coded passwords in the /squashfs-root/etc/shadow file...

CVE-2025-9418

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...

CVE-2025-9492

A vulnerability was determined in Campcodes Online Water Billing System 1.0. This affects an unknown function of the file /addclient1.php. Executing manipulation of the argument lname can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may b...

CVE-2025-9419

A vulnerability was detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /unit/addunit.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit is now public and may be...

CVE-2025-9681

A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /xprogramcenter/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be use...

CVE-2025-54945

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...

CVE-2025-54945

CVE-2025-54945 affects SUNNET Corporate Training Management System prior to 10.11. The vulnerability is an external control of file name or path that enables remote attackers to execute arbitrary system commands by steering the destination file path. No explicit exploitation details are provided ...

CVE-2025-54945 SUNNET Corporate Training Management System - External Control of File Name or Path

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...

CVE-2025-54945 SUNNET Corporate Training Management System - External Control of File Name or Path

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...

SUNNET Corporate Training Management System 安全漏洞

SUNNET Corporate Training Management System is a corporate training management system from SUNNET. A security vulnerability exists in SUNNET Corporate Training Management System versions prior to 10.11, which originates from an external control over file names or paths and could lead to the...

PT-2025-35339

Name of the Vulnerable Software and Affected Versions SUNNET Corporate Training Management System versions prior to 10.11 Description A file name or path vulnerability exists in SUNNET Corporate Training Management System that allows remote attackers to execute arbitrary system commands via a...

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2025-9659 O2OA Personal Profile widget cross site scripting

A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /xportalassembledesigner/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been...

CVE-2025-9659

The CVE-2025-9659 entry relates to O2OA (versions up to 10.0-410) where the Personal Profile Page widget contains an unknown-function issue in the file /x_portal_assemble_designer/jaxrs/widget that leads to cross-site scripting. The vulnerability can be exploited remotely and an public exploit ha...

CVE-2025-9657 O2OA Personal Profile script cross site scripting

A vulnerability was detected in O2OA up to 10.0-410. This issue affects some unknown processing of the file /xprogramcenter/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack may be launched...

CVE-2025-9655

CVE-2025-9655 affects O2OA up to version 10.0-410, specifically the Personal Profile Page component. The issue arises from manipulating the Description argument in the /x_organization_assemble_control/jaxrs/person/ file, enabling cross-site scripting. Exploitation can be performed remotely. Vendo...

CVE-2025-9645

A vulnerability was identified in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /tdashboard/rallinfo.php. The manipulation of the argument mid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-9601

A vulnerability was detected in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employeesalarysetup.php. The manipulation of the argument ddlEmpName results in sql injection. The attack may be launched remotely. The exploit is now public and may be...