CVE-2025-34021

A server-side request forgery SSRF vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON...

CVE-2025-6330

A vulnerability classified as critical has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /searchdata.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-6317 code-projects Online Shoe Store confirm.php sql injection

A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/confirm.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2025-6315

CVE-2025-6315 impacts code-projects Online Shoe Store 1.0. The vulnerability is in the /cart2.php file where the ID parameter is unsafely used, allowing SQL injection that can be triggered remotely. Multiple connected sources corroborate a SQL-injection issue originating from the ID argument, wit...

CVE-2025-6305 code-projects Online Shoe Store admin_feature.php sql injection

A vulnerability was found in code-projects Online Shoe Store 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adminfeature.php. The manipulation of the argument productcode leads to sql injection. It is possible to initiate the attack remotely. The exploit...

CampCodes Sales and Inventory System 注入漏洞

CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. An injection vulnerability exists in CampCodes Sales and Inventory System version 1.0, which stems from an improper handling of the parameter cid in the file /pages/cashtransaction.php resulting in an SQL...

PT-2025-26291 · Unknown · Phpgurukul Pre-School Enrollment System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Pre-School Enrollment System version 1.0 Description: A critical vulnerability was found in the PHPGurukul Pre-School Enrollment System. The issue is related to an unknown function of the file /admin/add-class.php, where the...

PT-2025-26299 · Unknown · Phpgurukul Directory Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Directory Management System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Directory Management System. The issue affects an unknown function of the file /searchdata.php, where the manipulation o...

CVE-2025-6142 Intera InHire server-side request forgery

A vulnerability was found in Intera InHire up to 20250530. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument 29chcotoo9 leads to server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-3526

SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to...

CVE-2025-3602

CVE-2025-3602 affects Liferay Portal and Liferay DXP (7.4.0–7.4.3.97; 7.3/7.2 lines) where an unrestricted GraphQL query depth allows remote attackers to cause DoS by executing deeply nested queries. The root cause is failure to cap GraphQL query depth, per multiple vendors/advisories in the conn...

CVE-2025-6113 Tenda FH1203 AdvSetLanip fromadvsetlanip buffer overflow

A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. Affected is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-6098 UTT 进取 750W API setSysAdm strcpy buffer overflow

A vulnerability was found in UTT 进取 750W up to 5.0. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The explo...

PT-2025-25576 · Unknown · Codeastro Food Ordering System

Name of the Vulnerable Software and Affected Versions: CodeAstro Food Ordering System version 1.0 Description: A cross-site scripting XSS vulnerability exists due to the manipulation of the Restaurant Name/Address argument within a POST request parameter handler. This affects an unknown function ...

TencentOS Server 3: python-gevent (TSSA-2024:0899)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0899 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2023-45256

Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php...

CVE-2025-5897

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

CVE-2025-5911 TOTOLINK EX1200T HTTP POST Request formDMZ buffer overflow

A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched...

PT-2025-24910 · Unknown · Phpgurukul Restaurant Table Booking System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Restaurant Table Booking System version 1.0 Description: A problematic issue has been found in the PHPGurukul Restaurant Table Booking System. It affects an unknown function of the file /admin/manage-subadmins.php. The manipulation...

CVE-2025-46178

Cross-Site Scripting XSS vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement...