PT-2025-30739 · Totolink · Totolink A702R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R version 4.0.0-B20230721.1521 Description: A critical vulnerability exists in TOTOLINK A702R. The issue is related to a buffer overflow within the HTTP POST Request Handler component, specifically in the file...

CVE-2025-7920

CVE-2025-7920 describes a reflected Cross-site Scripting vulnerability in the WinMatrix3 Web package from Simopro Technology. The issue arises from lack of proper filtering/escaping of user-supplied data, enabling unauthenticated attackers to induce a user to execute arbitrary JavaScript in the b...

PT-2025-30350 · Unknown · Phpgurukul Time Table Generator System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Time Table Generator System version 1.0 PHPGurukul Taxi Stand Management System version 1.0 Description: A problematic vulnerability exists due to cross site scripting. Manipulation of the adminname argument in the /admin/profile.p...

PT-2025-30227

Name of the Vulnerable Software and Affected Versions Chanjet CRM version 1.0 Description A critical vulnerability exists in Chanjet CRM 1.0. The issue is related to SQL injection within an unknown functionality of the file /mail/mailinactive.php of the Login Page component. This allows for remot...

PT-2025-30727 · Tenda · Tenda Ac20

Name of the Vulnerable Software and Affected Versions: Tenda AC20 version 16.03.08.05 Description: A stack-based buffer overflow vulnerability exists in the processing of the list parameter within the /goform/SetStaticRouteCfg file. Remote attackers can exploit this issue to execute arbitrary cod...

ROS-20250721-02

A vulnerability in the assert function of the GNU C Library system library is related to incorrect calculations of the the size of the allocated buffer. Exploitation of the vulnerability could allow an attacker acting remotely, affect the availability of protected information...

PT-2025-30317 · D Link · Dir-817

Name of the Vulnerable Software and Affected Versions: D-Link DIR‑817L versions up to 1.04B01 Description: A critical issue exists in D-Link DIR‑817L. The lxmldbc system function within the ssdpcgi file is susceptible to command injection, allowing for remote attacks. The exploit for this issue h...

PT-2025-30274 · Unknown · Phpgurukul Online Banquet Booking System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Banquet Booking System version 1.0 Description: A cross-site scripting issue exists due to the manipulation of the searchdata argument in the /admin/booking-search.php file. This allows for remote attacks. The exploit has be...

CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

CVE-2025-7862

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnetenabled with the input 1 leads to...

PT-2025-30178 · Metacrm · Metacrm

Name of the Vulnerable Software and Affected Versions: Metasoft MetaCRM versions through 6.4.2 Description: A critical vulnerability exists in Metasoft MetaCRM. The vulnerability affects the AnalyzeParam function within the download.jsp file. Manipulation of the p argument leads to deserializatio...

PT-2025-30207 · Yangzongzhuan · Ruoyi

Name of the Vulnerable Software and Affected Versions: yangzongzhuan RuoYi versions up to 4.8.1 Description: A cross-site scripting issue exists due to the addSave function within the com/ruoyi/web/controller/system/SysNoticeController.java file. This allows for remote attacks. The exploit detail...

PT-2025-30171 · Portabilis · I-Educar

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar version 2.9.0 Description: A cross-site scripting issue exists due to the manipulation of the nm tipo argument in the file intranet/educar turma tipo det.php?cod turma tipo=ID of the Turma Module. The attack can be launche...

PT-2025-30144 · Phpgurukul · Phpgurukul Complaint Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Complaint Management System version 2.0 Description: A problematic issue exists in PHPGurukul Complaint Management System 2.0. The issue involves cross-site request forgery due to manipulation of an unknown function. This allows fo...

CVE-2025-7801 BossSoft CRM HNDCBas_customPrmSearchDtl.jsp sql injection

A vulnerability has been found in BossSoft CRM 6.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /crm/module/HNDCBascustomPrmSearchDtl.jsp. The manipulation of the argument cstid leads to sql injection. The attack can be launched remotely. The...

CVE-2025-7789

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with...

CVE-2025-50058

A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component...

PT-2025-30220 · Unknown +1 · Boa Web Server +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-513 version 1.0 Description: A critical vulnerability exists in the Boa Webserver component of the affected product. The sprintf function within the /goform/formLanSetupRouterSettings file is susceptible to a stack-based buffer...

CVE-2025-7752

A vulnerability was found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/deletedoctor.php. The manipulation of the argument did leads to sql injection. The attack may be launched remotely...

PT-2025-29973 · Unknown · Code-Projects E-Commerce Website

Name of the Vulnerable Software and Affected Versions: code-projects E-Commerce Site version 1.0 Description: A problematic issue exists in code-projects E-Commerce Site. The issue involves cross-site request forgery, potentially allowing remote attacks. The exploit for this issue has been public...