CVE-2025-9425

A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /enquiry.php. Performing manipulation of the argument pid results in sql injection. The attack is possible to be carried out remotely...

CVE-2025-9426

A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. The attack may be performed from a remote location. The exploit has been...

CVE-2025-9423

CVE-2025-9423 affects Campcodes Online Water Billing System 1.0. Affected is the file /editecex.php where manipulating the ID argument triggers an SQL injection. This enables remote exploitation and the exploit has been publicly disclosed. Reports from Red Hat and PT-Security corroborate the SQLi...

Exploit for OS Command Injection in Php

CVE-2024-4577 CTF Challenge Overview This CTF challenge de...

PT-2025-34717 · Ruijie · Ruijie Ws7204-A

Name of the Vulnerable Software and Affected Versions: Ruijie WS7204-A version 2017.06.15 Description: A vulnerability exists in Ruijie WS7204-A 2017.06.15 related to os command injection. The issue is located in the file /itbox pi/branch import.php?a=branch list, where manipulation of the provin...

PT-2025-34583 · Unknown · Huangdou Utcms Version 9

Name of the Vulnerable Software and Affected Versions: HuangDou UTCMS version 9 Description: A server-side request forgery issue exists due to manipulation of the UPDATEURL argument within the app/modules/ut-frame/admin/update.php file of the Config Handler component. This allows for remote...

PT-2025-34701 · Oitcode · Oitcode Samarium

Name of the Vulnerable Software and Affected Versions: oitcode samarium versions through 0.9.6 Description: A security flaw exists in oitcode samarium up to version 0.9.6. The issue affects unknown code within the /cms/webpage/ file of the Pages Image Handler component and allows for cross-site...

PT-2025-34713 · Itsourcecode · Apartment Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A flaw exists in itsourcecode Apartment Management System 1.0 that allows for SQL injection. The issue is located in the /floor/addfloor.php file, where manipulation of the hdn...

CVE-2025-9383

A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an attack is rather high...

Linux Distros Unpatched Vulnerability : CVE-2018-19789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1...

CVE-2025-9048

The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delimgajaxcall function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2025-9238

A vulnerability was determined in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student Login. Executing manipulation of the argument email can lead to sql injection. It is possible to...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the /api/app/compose/get-from-uri endpoint, which uses the GetFromUri function. A user can access arbitrary files on the server by passing arbitrary paths as the uri parameter. This is only...

Western Digital Kitfox for Windows 代码问题漏洞

Western Digital Kitfox for Windows is a hard disk management program from Western Digital. A code issue vulnerability exists in Western Digital Kitfox for Windows that originates from an unquoted file path and could lead to the execution of arbitrary code...

CVE-2025-9309

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...

CVE-2025-9309 Tenda AC10 MD5 Hash shadow hard-coded credentials

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...

CVE-2025-9305 SourceCodester Online Bank Management System mnotice.php sql injection

A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. The affected element is an unknown function of the file /bank/mnotice.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

CVE-2025-9302

PHPGurukul User Management System 1.0 is affected by a SQL injection in signup.php via the emailid parameter. The vulnerability allows remote exploitation with a publicly available exploit, as confirmed by multiple connected sources (CNVD/PT-2025-34224/CNNVD-like reports). Root cause: lack of val...

CVE-2024-44373

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...

CVE-2012-10061 Sockso Music Host Server <= 1.5 Path Traversal

Sockso Music Host Server versions = 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize...