CVE-2025-13322

The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the wpaguploadaudiocallback AJAX handler not properly validating user-supplied file paths in the audioupload...

CVE-2025-13446

A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclos...

WordPress Code Snippets plugin code injection vulnerability

WordPress Code Snippets plugin is a plugin designed for WordPress to conveniently add and manage custom code snippets without having to directly modify the theme files. The WordPress Code Snippets plugin suffers from a code injection vulnerability that stems from the evaluateshortcodefromflatfile...

CVE-2025-10703

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

Web-Based Internet Laboratory Management System /subject/controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally-entered SQL statements in the file /subject/controller.php. An attacker c...

Web-Based Internet Laboratory Management System /user/controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /user/controller.php. An attacker can...

CVE-2025-63888

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability...

CVE-2025-60737

CVE-2025-60737 concerns a Cross Site Scripting vulnerability in the Ilevia EVE X1 Server Firmware (versions <= 4.7.18.0.eden:Logic

CVE-2025-63889

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value...

CVE-2025-63889

Summary: CVE-2025-63889 affects ThinkPHP 5.0.24, where the fetch function in thinkphp/library/think/Template.php can read arbitrary files via a crafted file path supplied in a template value. Affected component: ThinkPHP 5.0.24, Template.php fetch logic. Impact (as stated): Local/file-read capabi...

CVE-2025-63212

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...

PT-2025-47524

Name of the Vulnerable Software and Affected Versions GatesAir Flexiva-LX versions 1.0.13 and 2.0 GatesAir Flexiva-LX models LX100, LX300, LX600, and LX1000 Description The GatesAir Flexiva-LX devices are affected by an issue where sensitive session identifiers sid are exposed in a publicly...

PT-2025-47538

Name of the Vulnerable Software and Affected Versions itsourcecode Human Resource Management System version 1.0 Description A flaw exists in itsourcecode Human Resource Management System 1.0 that allows for SQL injection. The issue stems from improper handling of the eventSubject argument during...

PT-2025-47467

Name of the Vulnerable Software and Affected Versions DataDirect Connect for JDBC for Amazon Redshift versions through 6.0.0.001392 DataDirect Connect for JDBC for Apache Cassandra versions through 6.0.0.000805 DataDirect Connect for JDBC for Hive versions through 6.0.1.001499 DataDirect Connect...

CVE-2025-13301

A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /subject/controller.php. The manipulation results in sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-63892

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function createclassroom of the file /classroom.php of the component My Classrooms Management Page. This manipulation of the argument name/description causes stored cross site scripting...

SourceCodester Train Station Ticketing System SQL注入漏洞

SourceCodester Train Station Ticketing System is SourceCodester open source a train station ticketing system. A SQL injection vulnerability exists in SourceCodester Train Station Ticketing System version 1.0, which stems from an incorrect operation of the function saveticket in the file /ajax.php...

PT-2025-47303

Name of the Vulnerable Software and Affected Versions SourceCodester Train Station Ticketing System version 1.0 Description A security issue exists in SourceCodester Train Station Ticketing System 1.0. The issue involves a SQL injection point within the application, specifically through...

CVE-2025-13257

A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has be...

CVE-2025-63916

Summary : CVE-2025-63916 affects MyScreenTools v2.2.1.0. The issue is a critical OS command injection in the GIF compression tool, where the CMD() function in GIFSicleTool/Form_gif_sicle_tool.cs concatenates unsanitized user input (file paths) and executes them via cmd.exe. This allows arbitrary ...