PT-2025-29974 · Phpgurukul · Phpgurukul Land Record System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Land Record System version 1.0 Description: A critical vulnerability exists in PHPGurukul Land Record System 1.0 due to a SQL injection issue within an unknown functionality of the file /edit-property.php. The editid argument can b...

PT-2025-29967 · Unknown · Online Appointment Booking System

Name of the Vulnerable Software and Affected Versions: Online Appointment Booking System version 1.0 Description: A critical issue exists in the Online Appointment Booking System that allows for SQL injection. The vulnerability is located in the /admin/deletedoctor.php file, specifically through...

PT-2025-29971 · Unknown · Patient Record Management System

Name of the Vulnerable Software and Affected Versions: Patient Record Management System version 1.0 Description: A critical issue exists in the Patient Record Management System. The vulnerability is due to SQL injection within the /xray form.php file. Manipulation of the itr no argument can lead ...

PT-2025-30146 · D Link · D-Link Dir-816L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816L versions up to 2.06B01 Description: A critical vulnerability has been identified in D-Link DIR-816L. The issue involves command injection through the lxmldbc system function located in the /htdocs/cgibin file within the...

PT-2025-30098 · Tenda · Tenda Fh451

Name of the Vulnerable Software and Affected Versions: Tenda FH451 version 1.0.0.9 Description: A critical vulnerability exists in the fromSafeClientFilter function of the /goform/SafeClientFilter file. Manipulation of the Go/page argument leads to a stack-based buffer overflow, allowing for remo...

CVE-2025-7611

CVE-2025-7611 affects code-projects Wedding Reservation 1.0. The vulnerability is a SQL injection in an unknown part of /global.php caused by manipulating the parameter lu, allowing remote attack. The exploit has been publicly disclosed. Sources describe the issue as critical with high impact, an...

⚡ Weekly Recap: Scattered Spider Arrests, Car Exploits, macOS Malware, Fortinet RCE and More

In cybersecurity, precision matters—and there's little room for error. A small mistake, missed setting, or quiet misconfiguration can quickly lead to much bigger problems. The signs we're seeing this week highlight deeper issues behind what might look like routine incidents: outdated tools, slow...

PT-2025-29471 · Code Projects · Wedding Reservation

Name of the Vulnerable Software and Affected Versions: code-projects Wedding Reservation version 1.0 Description: A critical issue exists in code-projects Wedding Reservation 1.0, affecting an unknown part of the file /global.php. The manipulation of the argument lu leads to SQL injection, allowi...

PT-2025-29502 · Yijiusmile · Kkfileviewofficeedit

Name of the Vulnerable Software and Affected Versions: YiJiuSmile kkFileViewOfficeEdit affected versions not specified Description: A critical issue exists in the onlinePreview function of the /onlinePreview file. Manipulation of the url argument can lead to path traversal, allowing for remote...

PT-2025-29470 · Code Projects · Electricity Billing System

Name of the Vulnerable Software and Affected Versions: code-projects Electricity Billing System version 1.0 Description: A critical issue exists in code-projects Electricity Billing System version 1.0. The vulnerability is due to a SQL injection flaw within the /user/change password.php file...

PT-2025-29455 · Phpgurukul · Phpgurukul Dairy Farm Shop Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Dairy Farm Shop Management System version 1.3 Description: A critical vulnerability exists in PHPGurukul Dairy Farm Shop Management System version 1.3 due to a SQL injection issue in the /invoice.php file. The del argument can be...

CVE-2025-7453

A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipulation with the input 123 leads to use of hard-coded...

PT-2025-29386 · Code Projects · Online Appointment Booking System

Name of the Vulnerable Software and Affected Versions: code-projects Online Appointment Booking System version 1.0 Description: A critical issue exists in code-projects Online Appointment Booking System. The vulnerability is located in the /get town.php file and involves SQL injection through...

PT-2025-29383 · Campcodes · Campcodes Sales/Inventory System

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0 Description: A critical vulnerability exists in Campcodes Sales and Inventory System that allows for unrestricted file upload. The vulnerability affects unknown code within the /pages/product...

PT-2025-29364 · Jinher Oa · Jinher Oa

Name of the Vulnerable Software and Affected Versions: Jinher OA version 1.0 Description: A problematic issue exists in Jinher OA version 1.0 related to an unknown functionality within the file /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx. This issue allows for XML External Entity XXE reference...

PT-2025-29439 · Tenda · Tenda Ac500

Name of the Vulnerable Software and Affected Versions: Tenda AC500 version 2.0.1.91307 Description: A critical vulnerability exists in the Tenda AC500. The vulnerability is located in the formSetAPCfg function of the /goform/setWtpData file. Manipulation of the radio 2g 1 argument leads to a...

CVE-2025-7483 PHPGurukul Vehicle Parking Management System forgot-password.php sql injection

A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been rated as critical. This issue affects some unknown processing of the file /users/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. Th...

CVE-2025-7474 code-projects Job Diary search.php sql injection

A vulnerability was found in code-projects Job Diary 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search.php. The manipulation of the argument Search leads to sql injection. The attack may be launched remotely. The exploit has been disclose...

PT-2025-29329 · Unknown · Modern Bag

Name of the Vulnerable Software and Affected Versions: Modern Bag version 1.0 Description: A critical issue exists in Modern Bag 1.0, specifically within the /admin/category-list.php file. Manipulation of the idCate argument can lead to a SQL injection. This allows for remote attacks. The exploit...

PT-2025-29398 · D Link · Dir-818Lw

Name of the Vulnerable Software and Affected Versions: D-Link DIR-818LW versions up to 20191215 Description: A critical issue exists in D-Link DIR-818LW. The vulnerability is located within the System Time Page component. Manipulation of the NTP Server argument can lead to os command injection,...