Linux Distros Unpatched Vulnerability : CVE-2025-27552

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program...

PT-2025-34861

Name of the Vulnerable Software and Affected Versions: Linksys E1700 version 1.0.0.4.003 Description: A stack-based buffer overflow exists in the setSysAdm function of the /goform/setSysAdm file. Manipulation of the rm port argument can trigger this issue, allowing for remote code execution. The...

Linux Distros Unpatched Vulnerability : CVE-2024-40767

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing...

CVE-2025-9475

A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /AdminDashboard/process/editemployeeprocess.php. This manipulation of the argument employeefile201 causes unrestricted upload. The attack may be...

CVE-2025-9471

A vulnerability has been found in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /maintenance/addmaintenancecost.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2025-9434

A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edittitle.php?id=1. Executing manipulation of the argument desc can lead to cross site scripting. The attack may be launched remotely. The...

CVE-2025-9425

A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /enquiry.php. Performing manipulation of the argument pid results in sql injection. The attack is possible to be carried out remotely...

CVE-2025-9426

A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. The attack may be performed from a remote location. The exploit has been...

CVE-2025-9425

A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /enquiry.php. Performing manipulation of the argument pid results in sql injection. The attack is possible to be carried out remotely...

CVE-2025-9423

CVE-2025-9423 affects Campcodes Online Water Billing System 1.0. Affected is the file /editecex.php where manipulating the ID argument triggers an SQL injection. This enables remote exploitation and the exploit has been publicly disclosed. Reports from Red Hat and PT-Security corroborate the SQLi...

Exploit for OS Command Injection in Php

CVE-2024-4577 CTF Challenge Overview This CTF challenge de...

PT-2025-34713 · Itsourcecode · Apartment Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A flaw exists in itsourcecode Apartment Management System 1.0 that allows for SQL injection. The issue is located in the /floor/addfloor.php file, where manipulation of the hdn...

PT-2025-34701 · Oitcode · Oitcode Samarium

Name of the Vulnerable Software and Affected Versions: oitcode samarium versions through 0.9.6 Description: A security flaw exists in oitcode samarium up to version 0.9.6. The issue affects unknown code within the /cms/webpage/ file of the Pages Image Handler component and allows for cross-site...

PT-2025-34583 · Unknown · Huangdou Utcms Version 9

Name of the Vulnerable Software and Affected Versions: HuangDou UTCMS version 9 Description: A server-side request forgery issue exists due to manipulation of the UPDATEURL argument within the app/modules/ut-frame/admin/update.php file of the Config Handler component. This allows for remote...

PT-2025-34717 · Ruijie · Ruijie Ws7204-A

Name of the Vulnerable Software and Affected Versions: Ruijie WS7204-A version 2017.06.15 Description: A vulnerability exists in Ruijie WS7204-A 2017.06.15 related to os command injection. The issue is located in the file /itbox pi/branch import.php?a=branch list, where manipulation of the provin...

CVE-2025-9383

A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an attack is rather high...

Linux Distros Unpatched Vulnerability : CVE-2018-19789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1...

CVE-2025-9048

The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delimgajaxcall function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2025-9238

A vulnerability was determined in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student Login. Executing manipulation of the argument email can lead to sql injection. It is possible to...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the /api/app/compose/get-from-uri endpoint, which uses the GetFromUri function. A user can access arbitrary files on the server by passing arbitrary paths as the uri parameter. This is only...