CVE-2025-48047

An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint...

CVE-2025-5370

A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has...

CVE-2025-5370 PHPGurukul News Portal forgot-password.php sql injection

A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has...

📄 Unifiedtransform 2.x Course Editor Missing Authorization

Unifiedtransform version 2.x allows any user to access and modify course records via the /course/edit/id endpoints. Description Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Any user students and teachers can access and modify course details via the /course/edit/id endpoints...

CVE-2025-48047

An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint...

CVE-2025-48047

CVE-2025-48047: AFFECTED product is NetFax Server. An authenticated user can trigger a command injection through unsanitized input to the ping functionality exposed at /test.php. Root cause: improper sanitization of input in the ping endpoint allows execution of arbitrary commands on the server. ...

CVE-2025-48047 MICI Network Co. Ltd. NetFax Server Command Injection

An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint...

MINI-MWVG-5FX6-7FR9

Bulletin has no description...

MINI-6MWF-FJ63-VM4Q

Bulletin has no description...

PT-2025-23147 · Teltonika Networks · Teltonika Networks Rms

Name of the Vulnerable Software and Affected Versions: Teltonika Networks Remote Management System RMS versions prior to 5.7 Description: The issue allows for account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they...

PT-2025-27982

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A vulnerability in the Linux kernel has been resolved, related to the mm module, specifically with the uprobe functionality. The issue occurs when expanding a vma virtual memory...

Mautic allows user name enumeration due to response time difference on password reset form

Summary This advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...

GHSA-CQX4-9VQF-Q3M8 Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure

Summary This advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information. Unauthorized Access to...

PT-2025-23091 · Tenda · Tenda W18E

Name of the Vulnerable Software and Affected Versions: Tenda W18E version 2.0 v.16.01.0.11 Description: An issue in Tenda W18E allows an attacker to execute arbitrary code via the editing functionality of the account module in the "goform/setmodules" route. Recommendations: For Tenda W18E version...

CVE-2025-5214 Kashipara Responsive Online Learing Platform course_detail_user_new.php sql injection

A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /courses/coursedetailusernew.php. The manipulation of the argument ID leads to sql injection. The attack may be launched...

PT-2025-22874 · H3C · H3C Seccenter Smp-E1114P02

Name of the Vulnerable Software and Affected Versions: H3C SecCenter SMP-E1114P02 up to 20250513 Description: A critical vulnerability has been found in H3C SecCenter SMP-E1114P02, affecting some unknown functionality of the file /safeEvent/importFile/. The manipulation of the argument...

CVE-2025-5135 Tmall Demo Product Details Page admin cross site scripting

A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Affected by this issue is some unknown functionality of the file /tmall/admin/ of the component Product Details Page. The manipulation of the argument Product Name/Product Title leads to cross site...

PT-2025-22828 · Unknown · Process Lock

Name of the Vulnerable Software and Affected Versions: process lock crate version 0.1.0 Description: The issue allows data races in unlock, which can lead to unpredictable behavior. Recommendations: For process lock crate version 0.1.0, consider avoiding the use of the unlock functionality until ...

CVE-2025-47558

Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through 8.6.13...

CVE-2025-0700

A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/sys/log/list. The manipulation of the argument logId leads to sql injection. The attack may be...