EUVD-2025-198565

A flaw has been found in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used...

CVE-2025-13547

A flaw has been found in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used...

EUVD-2025-198253

A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used...

CVE-2025-13423

A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/adminproduct.php. Executing a manipulation of the argument productimage can lead to unrestricted upload. The attack may be launched remotely. The exploit has...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the CSS-to-JavaScript module conversion feature. An attacker can execute arbitrary JavaScript code by injecting $... expressions into CSS files, which are then evaluated when the resulting JavaScript module i...

CVE-2025-13299

A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing a manipulation can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2025-13259

A flaw has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /manufacturer/editunit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the CLI, via the -c/--cmd option. The processing of commandline options in src/bin.mts calls the foregroundChild on them, which defaults to setting shell: true. An attacker who can control the filenames being matche...

CVE-2025-13178

A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /editprofile of the component User Profile Handler. This manipulation of the argument firstname/lastname causes basic cross site scripting. The attack is possible to be carried...

EUVD-2025-197787

A flaw has been found in code-projects Nero Social Networking Site 1.0. This issue affects some unknown processing of the file /friendsphoto.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2025-13268

A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can b...

CVE-2025-13268

A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can b...

CVE-2025-13241

A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

EUVD-2025-197752

A flaw has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /manufacturer/editunit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

PT-2025-47203

Name of the Vulnerable Software and Affected Versions itsourcecode Web-Based Internet Laboratory Management System version 1.0 Description A flaw exists in itsourcecode Web-Based Internet Laboratory Management System 1.0. The issue impacts an unknown function within the /user/controller.php file...

PT-2025-47107

A flaw has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /manufacturer/edit unit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

CVE-2025-13251

A flaw has been found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknown function. Executing manipulation can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-13251 WeiYe-Jing datax-web sql injection

A flaw has been found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknown function. Executing manipulation can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-13241

A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

PT-2025-47065

Name of the Vulnerable Software and Affected Versions ProjectSend versions prior to r1945 Description A cross-site scripting issue exists in ProjectSend up to version r1720. The flaw is located within the File Editor/Custom Download Aliases component and involves an unknown function. This...