88859 matches found
PT-2025-54275
A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. The...
PHPGurukul Small CRM 安全漏洞
PHPGurukul Small CRM is a customer relationship management system from PHPGurukul. A security vulnerability exists in PHPGurukul Small CRM version 4.0, which stems from a missing authorization in the file /admin/edit-user.php, which could lead to a remote attack...
PT-2025-54269
Name of the Vulnerable Software and Affected Versions Philipinho Simple-PHP-Blog versions prior to 94b5d3e57308bce5dfbc44c3edafa9811893d958 Description A cross site scripting issue exists in Philipinho Simple-PHP-Blog. The issue is located in the /login.php file, specifically involving manipulati...
Badaso 安全漏洞
Badaso is an open source Laravel Vue headless CMS from Uasoft Open Source. A security vulnerability exists in Badaso 2.9.7 and earlier versions, which stems from a weak password recovery mechanism in the getPassword function in the Token Handler component file...
CVE-2025-15356
A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit...
CVE-2025-15354
The CVE-2025-15354 vulnerability affects itsourcecode Society Management System 1.0. The flaw exists in the /admin/add_admin.php file, where manipulation of the Username parameter can lead to SQL injection. Attacks can be launched remotely over the network, and exploits have been published and ma...
EUVD-2025-205819
A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has bee...
EUVD-2025-205773
A weakness has been identified in zhujunliang3 workplatform up to 6bc5a50bb527ce27f7906d11ea6ec139beb79c31. This vulnerability affects unknown code of the component Content Handler. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. This product...
CVE-2025-15251
A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entit...
CVE-2025-15249
A weakness has been identified in zhujunliang3 workplatform up to 6bc5a50bb527ce27f7906d11ea6ec139beb79c31. This vulnerability affects unknown code of the component Content Handler. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. This product...
CVE-2025-15249 zhujunliang3 work_platform Content cross site scripting
A weakness has been identified in zhujunliang3 workplatform up to 6bc5a50bb527ce27f7906d11ea6ec139beb79c31. This vulnerability affects unknown code of the component Content Handler. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. This product...
CVE-2025-15244 PHPEMS Purchase Request race condition
A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be...
CVE-2025-15182
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to th...
CVE-2025-15234
A weakness has been identified in Tenda M3 1.0.0.134903. Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the...
CVE-2025-15233 Tenda M3 setAdInfoDetail formSetAdInfoDetails heap-based overflow
A security flaw has been discovered in Tenda M3 1.0.0.134903. This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemU...
CVE-2025-15233
A security flaw has been discovered in Tenda M3 1.0.0.134903. This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemU...
CVE-2025-15229 Tenda CH22 DhcpListClient fromDhcpListClient denial of service
A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclos...
CVE-2025-15222 Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization
A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...
CVE-2025-15218
A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing a manipulation of the argument lanMask can lead to buffer overflow. The...
CVE-2025-15215
The CVE-2025-15215 affects Tenda AC10U 15.03.06.48–15.03.06.49. The vulnerability lies in the formSetPPTPUserList function in /goform/setPptpUserList (HTTP POST Request Handler). Manipulating the argument list leads to a buffer overflow, enabling remote code execution. The attack is remotely init...