Linux Distros Unpatched Vulnerability : CVE-2016-6611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export...

CVE-2025-9311

A vulnerability was identified in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fair/addfair.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly...

CVE-2025-9254

WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality...

CVE-2025-49406

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1...

PT-2025-34341 · Uniong · Webitr

Name of the Vulnerable Software and Affected Versions: WebITR versions affected versions not specified Description: WebITR developed by Uniong suffers from a missing authentication issue. This allows unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specif...

May 13, 2025—Hotpatch KB5058500 (OS Build 20348.3630)

May 13, 2025—Hotpatch KB5058500 OS Build 20348.3630 Improvements and fixes This security update includes quality improvements. The following summary outlines key issues addressed by the KB update after you install it. The bold text within the brackets indicates the item or area of the change. Thi...

Hidden Functionality

Overview Affected versions of this package are vulnerable to Hidden Functionality via a hidden FTP command trigger in the process. An attacker can execute arbitrary shell commands with root privileges by sending a specially crafted FTP command. Remediation Upgrade proftpd/proftpd to version 1.3.3...

CVE-2025-8612 AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability

AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2025-32010

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability...

WordPress plugin Houzez 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

CVE-2025-9025

A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /portal.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the...

CVE-2025-8992

A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-8936

A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2017-20199

A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity...

PT-2025-33608 · Tenda · Tenda Ac20

Name of the Vulnerable Software and Affected Versions: Tenda AC20 version 16.03.08.12 Description: A security flaw has been discovered in Tenda AC20. The vulnerability affects an unknown functionality of the file /etc ro/shadow. Manipulation of this file leads to the disclosure of hard-coded...

CVE-2025-8992

Summary: CVE-2025-8992 affects mtons mblog up to version 3.5.0, with a cross-site request forgery (CSRF) flaw arising in an unknown functionality. The vulnerability can be exploited remotely and exploit details have been publicly disclosed. Multiple connected sources corroborate this issue (Red H...

CVE-2025-8960

A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/saveairlines.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-8926

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-8907

A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather hig...