CVE-2025-55075

Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker...

CVE-2025-55075

Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker...

PT-2025-38106

Name of the Vulnerable Software and Affected Versions: WN-7D36QR WN-7D36QR/UE Description: A hidden functionality issue exists that may allow a remote authenticated attacker to enable SSH access. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

Use of Low-Level Functionality

Overview Affected versions of this package are vulnerable to Use of Low-Level Functionality through improper validation of user-supplied input. An attacker can execute arbitrary code or compromise user data by enticing a victim to visit a malicious website. Remediation Upgrade Firefox to version...

Use of Low-Level Functionality

Overview Affected versions of this package are vulnerable to Use of Low-Level Functionality through improper validation of user-supplied input. An attacker can execute arbitrary code or compromise user data by enticing a victim to visit a malicious website. Remediation Upgrade thunderbird to...

Microsoft MapUrlToZone 安全漏洞

Microsoft MapUrlToZone is a lightweight console application written in C++ by Microsoft Corporation USA. A security vulnerability exists in Microsoft MapUrlToZone. An attacker exploiting this vulnerability could bypass certain functionality. The following products and versions are affected:Window...

CVE-2025-9515

The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1.7.25. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...

CVE-2025-9515

The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1.7.25. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...

CVE-2025-9515

The CVE-2025-9515 entry concerns the WordPress plugin Multi Step Form . Affected versions are all prior to and including 1.7.25 . The root cause is missing file-type validation in the import functionality, allowing authenticated users with Administrator-level access to upload arbitrary files on t...

CVE-2025-9788

A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/adminclass.php. Executing manipulation of the argument idno can lead to sql injection. The attack can be launched remotely. Th...

CVE-2025-9922

A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Such manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has bee...

CVE-2025-9833

A vulnerability was detected in SourceCodester Online Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/login.php. Performing manipulation of the argument uname results in sql injection. It is possible to initiate the attack remotely. The...

CVE-2025-9726

A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /review.php. The manipulation of the argument pid results in sql injection. The attack may be launched remotely. The exploit has been released to the...

CVE-2025-9717

A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xorganizationassemblecontrol/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelNa...

CVE-2025-55580

SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting XSS issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed in version 2.3.8...

CVE-2025-9425

A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /enquiry.php. Performing manipulation of the argument pid results in sql injection. The attack is possible to be carried out remotely...

CVE-2025-53511

A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-54942

A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication...

CVE-2025-54942

A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication...

CVE-2025-54942

CVE-2025-54942 describes a missing authentication for a critical function in the SUNNET Corporate Training Management System prior to version 10.11, allowing remote attackers to access deployment functionality without credentials. The vulnerability is corroborated by multiple connected records (N...