CVE-2025-10401

A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diagping. Performing manipulation of the argument targetaddr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may...

CVE-2025-10396

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/editrole.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The explo...

PT-2025-37354

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A weakness exists in MiczFlor RPi-Jukebox-RFID up to version 2.8.0. This issue affects an unknown functionality within the /htdocs/api/playlist/shuffle.php file. Manipulation of the...

CVE-2025-10218

A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation of the argument sortName causes sql injection. Remote exploitation of the attack is possible. The...

CVE-2025-43783

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML vi...

Linux Distros Unpatched Vulnerability : CVE-2015-5651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Linux Distros Unpatched Vulnerability : CVE-2017-17534

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...

CVE-2025-43781

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary web script or HTML via the URL in search bar portl...

CVE-2025-10121

CVE-2025-10121 affects uverif up to 3.2, with the vulnerability in the addbatch function of /admin/kami_list. Manipulating the note argument enables SQL injection, and remote exploitation is possible. The exploit has been published and may be used. Public sources (Red Hat, CISA ecosystem referenc...

PT-2025-36564

Name of the Vulnerable Software and Affected Versions: Maccms10 version 2025.1000.4050 Description: A SQL injection issue exists in the rep function of the application/admin/controller/Database.php file. Manipulation of the where argument can lead to SQL injection. The attack can be initiated...

CVE-2025-10106

CVE-2025-10106 affects yanyutao0402 ChanCMS up to version 3.3.1. The vulnerability resides in an unknown part of the file /cms/collect/search, where manipulating the keyword parameter enables SQL injection. The issue is exploitable remotely and the exploit has been publicly disclosed. Multiple co...

CVE-2025-10090

Jinher OA contains a SQL injection vulnerability in the GetTreeDate.aspx file (parameter ID). Impact: remote attacker could execute arbitrary SQL; exploit publicly published. Affected versions: up to 1.2 per CVE context; remediation: upgrade to 1.3 or later. Temporary mitigations include restrict...

CVE-2025-10087 SourceCodester Pet Grooming Management Software profit_report.php sql injection

A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profitreport.php. Such manipulation of the argument productid leads to sql injection. The attack can be launched remotely. The exploit has been...

PT-2025-36505

Name of the Vulnerable Software and Affected Versions: yanyutao0402 ChanCMS versions through 3.3.1 Description: A SQL injection flaw exists in yanyutao0402 ChanCMS due to manipulation of the keyword argument in the /cms/article/search file. This issue can be exploited remotely. Recommendations: A...

CVE-2025-10030

A weakness has been identified in Campcodes Grocery Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=savereceiving. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been...

PT-2025-36401

Name of the Vulnerable Software and Affected Versions: itsourcecode Student Information Management System version 1.0 Description: A vulnerability exists in itsourcecode Student Information Management System that allows for SQL injection. The issue affects an unknown part of the /admin/login.php...

CVE-2025-9933 PHPGurukul Beauty Parlour Management System view-appointment.php sql injection

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. Such manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has be...

CVE-2025-9797

A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. The attack can be initiated remotely. The exploit has be...

CVE-2025-9927

A vulnerability was identified in projectworlds Travel Management System 1.0. The affected element is an unknown function of the file /viewpackage.php. Such manipulation of the argument t1 leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might...

CVE-2025-9925

A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown processing of the file /detail.php. The manipulation of the argument pid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...