CVE-2025-54942 SUNNET Corporate Training Management System - Missing Authentication for Critical Function

A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication...

SUNNET Corporate Training Management System 安全漏洞

SUNNET Corporate Training Management System is a corporate training management system from SUNNET. A security vulnerability exists in SUNNET Corporate Training Management System versions prior to 10.11, which stems from a lack of authentication for critical functionality, which could allow a remo...

Linux Distros Unpatched Vulnerability : CVE-2020-25595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified tha...

Linux Distros Unpatched Vulnerability : CVE-2023-37417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple out-of-bounds write vulnerabilities exist in the VCD parsevaluechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead...

Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign

An abandoned update server associated with input method editor IME software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to deliver several malware families, including C6DOOR and GTELAM, in attacks primarily targeting users across Eastern Asia. "Attackers employed...

CVE-2025-9599

A weakness has been identified in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/monthsetup.php. Executing manipulation of the argument txtMonthName can lead to sql injection. The attack can be launched remotely. The...

CVE-2025-55580

SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting XSS issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed in version 2.3.8...

CVE-2025-55580

SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting XSS issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed in version 2.3.8...

PT-2025-35249

Name of the Vulnerable Software and Affected Versions: SolidInvoice versions 2.3.7 through 2.3.8 Description: SolidInvoice is susceptible to a Cross-Site Scripting XSS issue within its client-side functionality. Recommendations: SolidInvoice version 2.3.7 should be updated. SolidInvoice version...

CVE-2025-9505 Campcodes Online Loan Management System ajax.php sql injection

A flaw has been found in Campcodes Online Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=saveloantype. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

PT-2025-34827

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A vulnerability exists in Campcodes Online Loan Management System that allows for SQL injection. The issue is located in an unknown functionality within the /ajax.php?action=sav...

PT-2025-34727

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.18 GitHub Enterprise Server versions 3.14.17 GitHub Enterprise Server versions 3.15.12 GitHub Enterprise Server versions 3.16.8 GitHub Enterprise Server versions 3.17.5 Description: An improper...

CVE-2025-9425

A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /enquiry.php. Performing manipulation of the argument pid results in sql injection. The attack is possible to be carried out remotely...

CVE-2025-54485

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This...

CVE-2025-54488

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This...

CVE-2025-9407 mtons mblog profile cross site scripting

A flaw has been found in mtons mblog up to 3.5.0. Affected by this vulnerability is an unknown functionality of the file /settings/profile. Executing manipulation of the argument signature can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and ma...

CVE-2025-9399 YiFang CMS L_tool.php sql injection

A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/Ltool.php. The manipulation of the argument newurl results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. The vendo...

Linux Distros Unpatched Vulnerability : CVE-2018-1000557

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting XSS vulnerability in login form and search functionality that can result i...

Linux Distros Unpatched Vulnerability : CVE-2018-1000205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack...

CVE-2025-9379

A vulnerability was determined in Belkin AX1800 1.1.00.016. Affected by this vulnerability is an unknown functionality of the component Firmware Update Handler. This manipulation causes insufficient verification of data authenticity. The attack can be initiated remotely. The vendor was contacted...