The vulnerability in the adicionar_raca.php script of the WeGIA web manager allows a hacker to perform cross-site scripting attacks.

The vulnerability of the adicionarraca.php script of the WeGIA web manager is related to the failure to protect the website structure when processing the raca parameter. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

CVE-2025-54381

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP...

CVE-2025-8409

CVE-2025-8409 affects code-projects Vehicle Management 1.0. The vulnerability is in the file /filter.php, where the input parameter (notably the "from" parameter) is not validated, allowing an SQL injection. Attack can be launched remotely and exploitation has been publicly disclosed. Affected im...

CVE-2025-8329 code-projects Vehicle Management filter3.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-54381 BentoML is Vulnerable to an SSRF Attack Through File Upload Processing

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP...

PT-2025-31037 · Unknown · Exam Form Submission

Name of the Vulnerable Software and Affected Versions: code-projects Exam Form Submission version 1.0 Description: A vulnerability exists in an unknown functionality of the file /admin/delete s4.php. Manipulation of the ID argument leads to SQL injection, allowing for remote attacks. The exploit...

CVE-2025-8237 code-projects Exam Form Submission update_s1.php sql injection

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/updates1.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has be...

PT-2025-31006 · Code Projects · Code-Projects Online Ordering System

Name of the Vulnerable Software and Affected Versions: code-projects Online Ordering System version 1.0 Description: A critical vulnerability exists in code-projects Online Ordering System 1.0. The vulnerability is due to a SQL injection flaw within an unknown function of the /admin/delete user.p...

PT-2025-31015 · Code Projects · Exam Form Submission

Name of the Vulnerable Software and Affected Versions: code-projects Exam Form Submission version 1.0 Description: A critical issue exists in code-projects Exam Form Submission 1.0. The vulnerability is due to SQL injection, which can be triggered by manipulating the email argument in the /admin/...

PT-2025-30996 · Unknown · Jpacookieshop

Name of the Vulnerable Software and Affected Versions: jerryshensjf JPACookieShop 蛋糕商城JPA版 affected versions not specified Description: A cross-site request forgery issue exists in the AdminTypeCustController.java file. The vulnerability allows for remote attacks. The exploit has been publicly...

PT-2025-30993 · Unknown · Jpacookieshop

Name of the Vulnerable Software and Affected Versions: jerryshensjf JPACookieShop 蛋糕商城JPA版 versions up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999 Description: A cross-site scripting issue exists due to the manipulation of the keyword argument within the goodsSearch function of the...

PT-2025-30979 · Unknown · Jingmen Zeyou Large File Upload Control

Name of the Vulnerable Software and Affected Versions: Jingmen Zeyou Large File Upload Control versions up to 6.3 Description: A critical issue exists in Jingmen Zeyou Large File Upload Control. The manipulation of the ID parameter in the /index.jsp file leads to SQL injection. This allows for...

PT-2025-30966 · Totolink · Totolink N600R +1

Name of the Vulnerable Software and Affected Versions: TOTOLINK N600R version 1.0.0.1 TOTOLINK X2000R version 1.0.0.1 Description: A critical vulnerability exists in the FTP Service component of the affected products. The issue is related to the manipulation of the vsftpd.conf file, leading to a...

CVE-2025-8164

CVE-2025-8164 affects code-projects Public Chat Room 1.0. The vulnerability is in the file send_message.php, where manipulation of the ID argument enables SQL injection. Exploitation is possible remotely and has been disclosed publicly. Multiple connected sources (NVD, Red Hat, CVE lists, and vul...

CVE-2025-34136 Commvault CommServe Web Server Unauthenticated SQL Injection

An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed...

PT-2025-30732 · Phpgurukul · Phpgurukul Bp Monitoring Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul BP Monitoring Management System version 1.0 Description: A critical issue exists in PHPGurukul BP Monitoring Management System 1.0. The vulnerability is due to a SQL injection flaw within the /bwdates-report-result.php file...

CVE-2025-7950

A vulnerability was found in code-projects Public Chat Room 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been...

PT-2025-30958 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 16.03.10.13 Description: A critical vulnerability exists in Tenda AC10 version 16.03.10.13. The issue is a heap-based buffer overflow triggered by manipulating the device1D argument in the /goform/RequestsProcessLaid file...

CVE-2025-7920

WinMatrix3 Web package developed by Simopro Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

PT-2025-30509 · Tenda · Tenda Ac23

Name of the Vulnerable Software and Affected Versions: Tenda AC23 version 16.03.07.52 Description: A critical vulnerability exists in the Tenda AC23. The vulnerability is located in the httpd component, specifically within the sub 46C940 function of the /goform/setMacFilterCfg file. Manipulation ...