CVE-2025-9001

A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be...

WordPress WooCommerce Purchase Orders plugin Arbitrary File Deletion Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress WooCommerce Purchase Orders plugin suffers from an arbitrary file deletion vulnerability that stems from the program failing to properly filter for special element...

PT-2025-33477 · Projectworlds · Travel Management System

Name of the Vulnerable Software and Affected Versions: projectworlds Travel Management System version 1.0 Description: A vulnerability exists in projectworlds Travel Management System 1.0, affecting an unknown functionality within the /addcategory.php file. Manipulation of the t1 argument results...

CVE-2025-8982

The CVE affects itsourcecode Online Tour and Travel Management System 1.0, specifically the /admin/operations/currency.php file. The vulnerability arises from unsafely handling the curr_code parameter, enabling SQL injection. It is exploitable remotely, and public exploit disclosure exists. Multi...

CVE-2025-8981

The CVE-2025-8981 entry concerns itsourcecode Online Tour and Travel Management System 1.0. A SQL injection flaw exists in the /admin/operations/payment.php file, caused by unsafely handling the payment_type parameter. The vulnerability is remotely exploitable and has publicly disclosed exploits....

CVE-2025-8970

CVE-2025-8970 affects itsourcecode Online Tour and Travel Management System 1.0. The vulnerability is in the file /admin/operations/booking.php, where manipulation of the ID parameter enables an SQL injection. The issue is exploitable remotely, with public disclosure of the exploit noted in multi...

CVE-2025-8966 itsourcecode Online Tour and Travel Management System tax.php sql injection

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-7971

CVE-2025-7971 affects Rockwell Automation’s Studio 5000 Logix Designer. The issue arises from unsafe handling of environment variables, where a path without a valid file can cause the application to crash and, in some cases, may allow arbitrary code execution locally. The available connected sour...

CVE-2025-8948

The projectworlds Visitor Management System 1.0 is affected by a SQL injection in the front.php file via the rid parameter. Multiple connected sources confirm remote exploitation and publicly disclosed exploit details. No official patch/version removal details are provided in the documents; at le...

CVE-2025-8937

CVE-2025-8937 affects TOTOLINK N350R, specifically the component/file at /boafrm/formSysCmd. The documented issue is a command injection vulnerability in unknown code, exploitable remotely, with exploit publicly disclosed. The primary affected device is TOTOLINK N350R version 1.2.3-B20130826. Sev...

CVE-2025-8935

A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-8934

A vulnerability has been found in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

CVE-2025-8932

A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

CVE-2025-8932 1000 Projects Sales Management System sales.php sql injection

A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

CVE-2025-50515

An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded...

CVE-2025-50515

An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded...

CVE-2025-50515

CVE-2025-50515 affects phome Empirebak 2010, specifically the config.php in ebak2008/upload/class/. The vulnerability arises when loading the config.php file, allowing arbitrary code execution. Affected component/file: ebak2008/upload/class/config.php; underlying issue not elaborated beyond code ...

CVE-2025-8924

The CVE-2025-8924 issue affects Campcodes Online Water Billing System 1.0, specifically the /viewbill.php file where manipulating the ID parameter enables SQL injection. Affected component is the viewbill.php processing logic; root cause is improper handling of the ID argument, allowing remote ex...

CVE-2025-8918

A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educarinstituicaocad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site scripting. The attack may be initiated...

CVE-2025-8908

A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched...