PT-2025-27075 · Kingdee +1 · Kingdee Cloud-Starry-Sky Enterprise Edition +1

Name of the Vulnerable Software and Affected Versions: Kingdee Cloud-Starry-Sky Enterprise Edition versions 6.x through 9.0 Description: A critical issue has been found, affecting the function plugin.buildMobilePopHtml of the file k3o2oboswebappactionDynamicForm 4 Action.class of the component...

CVE-2025-6534

A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation leads to improper...

PT-2025-27001 · Unknown · Linlinjava Litemall

Name of the Vulnerable Software and Affected Versions: linlinjava litemall version 1.8.0 Description: A problematic issue was found in the software, affecting an unknown function of the file /wx/comment/post. The manipulation of the adminComment argument leads to improper authorization, allowing...

CVE-2025-6660 PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target...

CVE-2025-5822

Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation is confirmed for CVE-2025-5822. The flaw exists in the Autel Technician API implementation and results from incorrect authorization, allowing an attacker who has obtained a low-privilege authorizat...

CVE-2025-6611 code-projects Inventory Management System createBrand.php sql injection

A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /phpaction/createBrand.php. The manipulation of the argument brandStatus leads to sql injection. The attack can be initiated remotely...

CVE-2025-6609 SourceCodester Best Salon Management System bwdates-reports-details.php sql injection

A vulnerability was found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /panel/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be...

CVE-2025-6570 PHPGurukul Hospital Management System search.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched...

CVE-2025-6456

A vulnerability, which was classified as critical, has been found in code-projects Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /reservation/order.php. The manipulation of the argument Start leads to sql injection. The attack may be launche...

novel-plus 安全漏洞

novel-plus is a novel reading software by xxy individual developer. A security vulnerability exists in novel-plus version 5.1.3 and earlier, which stems from improper control of resource identifiers in the file handling component and could lead to remote attacks...

ROS-20250624-05

A vulnerability in the Consul and Consul Enterprise service configuration tool is related to errors in the processing of CSR requests at the RPC endpoint. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the implemented security restrictions. remotely to bypass...

PT-2025-26656 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: xxyopen/201206030 novel-plus versions up to 5.1.3 Description: A critical issue has been found in the ajaxLogin function of the LoginController.java file, part of the CATCHA Handler component. This issue leads to authentication bypass through...

The vulnerability of the software for configuring and setting up devices of the Universal Relay (UR) series, GE Vernova Enervista UR Setup, stems from the lack of authenticity verification for a critical function. This allows attackers to carry out “man-in-the-middle” type attacks.

The vulnerability of the software for configuring and setting up Universal Relay UR devices from GE Vernova Enervista UR Setup is related to the lack of authenticity verification for a critical function. Exploiting this vulnerability allows an attacker who operates remotely to carry out...

CVE-2025-6484

A vulnerability was found in code-projects Online Shopping Store 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. The manipulation of the argument catid/brandid/keyword/proId/pid leads to sql injection. The attack may be launched...

CVE-2025-6484 code-projects Online Shopping Store action.php sql injection

A vulnerability was found in code-projects Online Shopping Store 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. The manipulation of the argument catid/brandid/keyword/proId/pid leads to sql injection. The attack may be launched...

CVE-2025-6481 code-projects Simple Pizza Ordering System update.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Simple Pizza Ordering System 1.0. This issue affects some unknown processing of the file /update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit ha...

CVE-2025-6476

A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may b...

CVE-2025-6472

CVE-2025-6472 affects code-projects Online Bidding System 1.0, specifically the file /showprod.php where the ID parameter is unsafely handled. The root cause is a SQL injection vulnerability that can be triggered by manipulating the ID argument, with remote attack potential. Multiple connected so...

PT-2025-26569 · Marktext · Marktext

Name of the Vulnerable Software and Affected Versions: MarkText versions up to 0.17.1 Description: A vulnerability has been found in MarkText, affecting the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular...

CVE-2025-6363

A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /adding-exec.php. The manipulation of the argument ingname leads to sql injection. It is possible to launch the attack remotely...