310 matches found
CVE-2025-14204
A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...
CVE-2025-14012 JIZHICMS Batch Delete Comments deleteAll.html delete sql injection
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
CVE-2025-13580
A vulnerability was determined in code-projects Library System 1.0. Affected is an unknown function of the file /mail.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...
CVE-2025-13550
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has bee...
CVE-2025-13275
A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of the file /admin/about.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has be...
CVE-2025-13179
A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. This issue affects some unknown processing. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclose...
CVE-2025-13275
A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of the file /admin/about.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has be...
CVE-2025-13257
CVE-2025-13257 affects itsourcecode Inventory Management System 1.0, with the vulnerable element in /admin/user/index.php?view=edit. The issue is an SQL injection caused by manipulation of the ID parameter, exploitable remotely. Public exploits have been disclosed. Documented impact indicates hig...
EUVD-2025-197726
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
CVE-2025-13235
A vulnerability was determined in itsourcecode Inventory Management System 1.0. This affects an unknown function of the file /admin/login.php. Executing manipulation of the argument useremail can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly...
CVE-2025-12596
A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-12281
A vulnerability was determined in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/clientview.php. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be...
CVE-2025-12236
A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and ma...
PT-2025-44022
Name of the Vulnerable Software and Affected Versions VirtFusion versions through 6.0.2 Description A security issue exists in VirtFusion that relates to improper restriction of excessive authentication attempts. The issue is located within the Email Change Handler component, specifically affecti...
CVE-2025-11604
A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2025-11440
A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called...
CVE-2025-11385
A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fastsettingwifiset. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the publi...
PT-2025-40873
Name of the Vulnerable Software and Affected Versions Tenda AC18 version 15.03.05.196318 Description A stack-based buffer overflow exists in the Tenda AC18 device. The issue is located in the /goform/SetUpnpCfg file and involves the manipulation of the upnpEn argument. This allows for remote...
EUVD-2025-24007
Malicious code in bioql PyPI...
EUVD-2025-28384
Malicious code in bioql PyPI...