CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2025-9659 O2OA Personal Profile widget cross site scripting

A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /xportalassembledesigner/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been...

CVE-2025-9659

The CVE-2025-9659 entry relates to O2OA (versions up to 10.0-410) where the Personal Profile Page widget contains an unknown-function issue in the file /x_portal_assemble_designer/jaxrs/widget that leads to cross-site scripting. The vulnerability can be exploited remotely and an public exploit ha...

CVE-2025-9657 O2OA Personal Profile script cross site scripting

A vulnerability was detected in O2OA up to 10.0-410. This issue affects some unknown processing of the file /xprogramcenter/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack may be launched...

CVE-2025-9655

CVE-2025-9655 affects O2OA up to version 10.0-410, specifically the Personal Profile Page component. The issue arises from manipulating the Description argument in the /x_organization_assemble_control/jaxrs/person/ file, enabling cross-site scripting. Exploitation can be performed remotely. Vendo...

CVE-2025-9645

A vulnerability was identified in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /tdashboard/rallinfo.php. The manipulation of the argument mid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-9601

A vulnerability was detected in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employeesalarysetup.php. The manipulation of the argument ddlEmpName results in sql injection. The attack may be launched remotely. The exploit is now public and may be...

CVE-2025-9600 itsourcecode Apartment Management System member_type_setup.php sql injection

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/membertypesetup.php. The manipulation of the argument txtMemberType leads to sql injection. The attack may be initiated remotely. T...

PT-2025-35231

Name of the Vulnerable Software and Affected Versions: O2OA versions up to 10.0-410 Description: A cross site scripting issue exists due to the manipulation of the name, alias, or description argument in the processing of the /x program center/jaxrs/script file within the Personal Profile Page...

itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ddlEmpName in file /setting/employeesalarysetup.php. An attacker...

PT-2025-35221

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A cross site scripting issue exists in Portabilis i-Educar up to version 2.10. The issue is located in an unknown function within the /intranet/educar transferencia tipo cad.php file of the...

PT-2025-35218

Name of the Vulnerable Software and Affected Versions: yeqifu carRental versions prior to 3fabb7eae93d209426638863980301d6f99866b3 Description: A path traversal issue exists in the removeFileByPath function within the src/main/java/com/yeqifu/sys/utils/AppFileUtils.java file. The manipulation of...

CVE-2025-9593

Affected software: itsourcecode Apartment Management System 1.0. The vulnerability is an SQL injection in the /report/unit_status_info.php file caused by unsafely handling the usid parameter. This allows remote exploitation and an exploit has been published. Connected advisories confirm the issue...

CVE-2025-9585

A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilithdeletepicfile of the file /usr/bin/webmgnt. This manipulation of the argument portaldeletepicname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...

CVE-2025-9582

The CVE-2025-9582 entry concerns Comfast CF-N1 firmware version 2.6.0. The flaw lies in the ntp_timezone function in the /usr/bin/webmgnt binary where manipulating the timestr argument can cause a command injection. The attack is described as remote capable and an exploit has been published. Cons...

Apartment Management System addowner.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /owner/addowner.php. An attacker can exploit this...

CVE-2025-34163

Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST reques...

CVE-2025-9511

A vulnerability was identified in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /visitor/addvisitor.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available...

CVE-2025-9504

CVE-2025-9504 affects Campcodes Online Loan Management System 1.0. The vulnerability is an SQL injection in an unknown functionality of the file /ajax.php?action=save_plan, caused by manipulation of the ID argument. Exploitation can be performed remotely, and public exploits are available. Techni...

CVE-2025-9503 Campcodes Online Loan Management System ajax.php sql injection

A security vulnerability has been detected in Campcodes Online Loan Management System 1.0. Affected is an unknown function of the file /ajax.php?action=saveborrower. The manipulation of the argument lastname leads to sql injection. Remote exploitation of the attack is possible. The exploit has be...