Western Digital Kitfox for Windows 代码问题漏洞

Western Digital Kitfox for Windows is a hard disk management program from Western Digital. A code issue vulnerability exists in Western Digital Kitfox for Windows that originates from an unquoted file path and could lead to the execution of arbitrary code...

CVE-2025-9309

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...

CVE-2025-9309 Tenda AC10 MD5 Hash shadow hard-coded credentials

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...

CVE-2025-9305 SourceCodester Online Bank Management System mnotice.php sql injection

A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. The affected element is an unknown function of the file /bank/mnotice.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

CVE-2025-9302

PHPGurukul User Management System 1.0 is affected by a SQL injection in signup.php via the emailid parameter. The vulnerability allows remote exploitation with a publicly available exploit, as confirmed by multiple connected sources (CNVD/PT-2025-34224/CNNVD-like reports). Root cause: lack of val...

CVE-2024-44373

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...

CVE-2012-10061 Sockso Music Host Server <= 1.5 Path Traversal

Sockso Music Host Server versions = 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize...

CVE-2025-9176

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...

Sports Management System match.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/match.php. An attacker can exploit this vulnerabilit...

Zoo Management System admin/add-foreigner-ticket.php File Cross-Site Scripting Vulnerability

Zoo Management System is a zoo management system. Zoo Management System has a cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameter visitorname in the file /admin/add-foreigner-ticket.php, which can be...

CVE-2025-9176 neurobin shc Environment Variable shc.c make os command injection

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...

CVE-2024-44373

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...

CVE-2024-44373

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...

PT-2025-33859 · Itsourcecode · Sports Club Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Sports Management System version 1.0 Description: A SQL injection issue exists in itsourcecode Sports Management System version 1.0. The issue is located in an unknown function within the /Admin/sports.php file. Manipulation of t...

CVE-2025-9047

A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitorout.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

CVE-2025-9011

A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-9091 Tenda AC20 shadow hard-coded credentials

A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etcro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high...

Tenda AC20 安全漏洞

Tenda AC20 is a home router from Tenda. The Tenda AC20 suffers from a hard-coded credentials vulnerability that originates from the presence of hard-coded credentials in the file /etcro/shadow. An attacker can exploit the vulnerability to cause confidentiality to be compromised...

CVE-2025-8983

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php. The manipulation of the argument expensefor leads to sql injection. The attack may be initiated remotely. The exploit...

CVE-2025-8967

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...