CVE-2025-7039

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to...

Jenkins Plugin Git client 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

CVE-2025-7975

Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit...

Apartment Management System member_type_setup.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter txtMemberType in the file /setting/membertypesetup.php. An attack...

itsourcecode Student Information Management System 安全漏洞

itsourcecode Student Information Management System is an open source student information management system from itsourcecode. A security vulnerability exists in itsourcecode Student Information Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the...

Tenda AC9 Hardcoding Vulnerability

Tenda AC9 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in 2016. The Tenda AC9 suffers from a hard-coded vulnerability that originates from an unknown function in the file /etcro/shadow of the component management interface, which can be exploited by an attacker...

PT-2025-35614

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Farm Management System version 1.0 Description: A SQL injection issue exists in the /Login/login.php file due to manipulation of the uname argument. This allows for remote exploitation. The exploit is publicly available...

CVE-2025-9801

A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and...

CVE-2025-9801 SimStudioAI sim path traversal

A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and...

UBUNTU-CVE-2025-9809

Out-of-bounds write in cdfsopencuetrack in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATHMAXLENGTH that is copied using memcpy into a fixed-size buffer...

CVE-2025-54945

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...

CampCodes Courier Management System 安全漏洞

CampCodes Courier Management System is a courier management system from CampCodes Philippines. A security vulnerability exists in CampCodes Courier Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter email in file/ajax.php...

Sim Studio 路径遍历漏洞

Sim Studio is an AI agent workflow builder from the Sim Studio open source. A path traversal vulnerability exists in Sim Studio that stems from an incorrect manipulation of the parameter filePath leading to a path traversal attack...

PT-2025-35441

Name of the Vulnerable Software and Affected Versions: Campcodes/SourceCodester Courier Management System version 1.0 Description: A SQL injection issue exists in the Login function of the /ajax.php file. Manipulation of the email argument can lead to SQL injection. The issue is remotely...

PT-2025-35516

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af Description: A security vulnerability has been detected that allows for path traversal through manipulation of the filePath argument. Remote exploitation is possible, and the...

Tenda W12 安全漏洞

Tenda W12 is a dual-band Gigabit wireless panelized access point AP from Tenda Technology, designed for hotels, villas, large homes and other scenarios, supporting the IEEE802.11ac protocol and the Wave2 standard with 1167Mbps dual-band concurrent rate. The Tenda W12 suffers from a hard-coded...

CVE-2025-9749

CVE-2025-9749 affects HKritesh009 Grocery List Management Web App (up to f491b681eb70d465f445c9a721415c965190f83b). The vulnerability is an SQL injection in an unknown portion of /src/update.php triggered by manipulating the ID parameter, with remote exploitation possible. Public exploit exists. ...

CVE-2025-9746

A vulnerability was detected in Campcodes Hospital Management System 1.0. This affects an unknown function of the file /admin/edit-doctor-specialization.php of the component Edit Doctor Specialization Page. The manipulation results in cross site scripting. The attack may be launched remotely. The...

CVE-2025-9722

A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educartipoocorrenciadisciplinarcad.php. Such manipulation of the argument nmtipo/descricao leads to cross site scripting. It is possible to launch the attack remotel...

CVE-2025-9716

A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /xprocessplatformassembledesigner/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting...