PT-2025-39729

Name of the Vulnerable Software and Affected Versions code-projects Online Bidding System version 1.0 Description A flaw exists in code-projects Online Bidding System version 1.0 that allows for SQL injection. Manipulation of the ID argument in the file '/administrator/bidlist.php' can trigger th...

CVE-2025-10997 Open Babel chemkinformat.cpp CheckSpecies heap-based overflow

A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file /src/formats/chemkinformat.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used...

PT-2025-39246

Name of the Vulnerable Software and Affected Versions Magnetism Studios Endurance versions up to 3.3.0 Description A security issue exists in Magnetism Studios Endurance on macOS. The loadModuleNamed:WithReply function within the file...

CVE-2025-10794 PHPGurukul Car Rental Project search.php cross site scripting

A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected by this issue is some unknown functionality of the file /carrental/search.php. Executing manipulation of the argument autofocus can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

PT-2025-38529

Name of the Vulnerable Software and Affected Versions 07FLYCMS, 07FLY-CMS, and 07FlyCRM versions up to 20250831 Description A cross-site scripting XSS flaw exists due to the manipulation of the Name argument in an unknown part of the /index.php file. This allows for remote execution of scripts. T...

CVE-2025-5500 ZhenShi Mibro Fit App com.xiaoxun.xunoversea.mibrofit AndroidManifest.xml improper export of android application components

A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulation causes improper export of android application components. The attack requires local access. T...

CVE-2025-10105

A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

PT-2025-36451

Name of the Vulnerable Software and Affected Versions: Jinher OA versions prior to 1.3 Description: A flaw has been found in Jinher OA up to version 1.2. The issue involves SQL injection in an unknown function within the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Manipulation of the ID...

CVE-2025-9923

A flaw has been found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /index.php. Executing manipulation of the argument page can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-9431

A flaw has been found in mtons mblog up to 3.5.0. Impacted is an unknown function of the file /search. This manipulation of the argument kw causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2025-9420 itsourcecode Apartment Management System addfloor.php sql injection

A flaw has been found in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /floor/addfloor.php. Executing manipulation of the argument hdnid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may b...

CVE-2025-9235

A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compoundevents.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2025-9235 Scada-LTS compound_events.shtm cross site scripting

A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compoundevents.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2025-9165 LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak

A flaw has been found in LibTIFF 4.7.0. This affects the function TIFFmallocExt/TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is...

CVE-2025-52216

creationtimestamp| type| source ---|---|--- 2025-08-12 21:00:04+00:00| published-proof-of-concept| Telegram/lGYbLck6G7m7DaRiRxfjxEzwq5qsYzU-Axb6YLGnEcc6ewQ...

CVE-2025-7793

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary. The manipulation of the argument webSiteId leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...

CVE-2025-47930

creationtimestamp| type| source ---|---|--- 2025-05-15 23:36:28+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16585...

CVE-2022-46536

creationtimestamp| type| source ---|---|--- 2025-04-16 19:56:38+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12150...

CVE-2023-24057

creationtimestamp| type| source ---|---|--- 2025-04-01 19:32:26+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9990...

GHSA-32GR-4CQ6-5W5Q

creationtimestamp| type| source ---|---|--- 2025-02-25 15:23:28+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5306...