CVE-2025-5876

A vulnerability classified as problematic was found in Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed t...

CVE-2025-5696

A vulnerability classified as critical was found in Brilliance Golden Link Secondary System up to 20250424. This vulnerability affects unknown code of the file /storagework/rentChangeCheckInfoPage.htm. The manipulation of the argument clientname leads to sql injection. The attack can be initiated...

CVE-2025-48782 Soar Cloud HRD Human Resource Management System - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file...

CVE-2025-5711 code-projects Real Estate Property Management System InsertCity.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/InsertCity.php. The manipulation of the argument cmbState leads to sql injection. It is possible to launch the attack...

PT-2025-24603 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T versions 4.1.2cu.5232 B20210713 and earlier Description: A critical issue was found in the HTTP POST Request Handler component, affecting an unknown function of the file /boafrm/formReflashClientTbl. The manipulation leads to...

PT-2025-24012 · Unknown · Sourcecodester Student Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Result Management System version 1.0 Description: A vulnerability was found in the SourceCodester Student Result Management System, classified as problematic. This issue affects some unknown processing of the file...

PT-2025-24063

Name of the Vulnerable Software and Affected Versions Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408 Description The issue allows remote attackers to obtain partial files by specifying arbitrary file paths due to an external control of file name or path...

PT-2025-23993 · Code Projects · Code-Projects Real Estate Property Management System

Name of the Vulnerable Software and Affected Versions: code-projects Real Estate Property Management System version 1.0 Description: A critical issue has been discovered, affecting the /Admin/NewsReport.php file. The txtFrom argument is vulnerable to sql injection, allowing for remote attacks. Th...

CVE-2025-5649

A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/newuser of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack...

PT-2025-23973

Name of the Vulnerable Software and Affected Versions AgileBPM versions up to 2.5.0 Description A critical vulnerability was found in AgileBPM, affecting the executeScript function of the Groovy Script Handler component. The manipulation of the script argument leads to deserialization, allowing f...

CVE-2025-5502 TOTOLINK X15 formMapReboot command injection

A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched...

CVE-2025-5400

A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been classified as critical. Affected is an unknown function of the file /user.php of the component GET Parameter Handler. The manipulation of the argument uid leads to sql injection. It is...

PT-2025-23455 · Unknown · Juzawebcms

Name of the Vulnerable Software and Affected Versions: juzaweb CMS versions up to 3.4.2 Description: A critical issue was found in the Theme Editor Page component of juzaweb CMS, specifically in the file /admin-cp/theme/editor/default, affecting an unknown function. This issue leads to improper...

PT-2025-23481 · Multilaser · Multilaser Sirius Re016 Mlt1.0

Name of the Vulnerable Software and Affected Versions: Multilaser Sirius RE016 MLT1.0 Description: A critical issue has been found in the Password Change Handler component, specifically in the /cgi-bin/cstecgi.cgi file. The manipulation of an unknown function leads to improper authentication,...

PT-2025-23463 · Unknown · Juzawebcms

Name of the Vulnerable Software and Affected Versions: juzaweb CMS versions up to 3.4.2 Description: A critical issue was found in the Plugins Page component, specifically affecting the /admin-cp/plugin/install file. This leads to improper access controls, allowing for remote attacks. The issue h...

PT-2025-23461 · Unknown · Juzawebcms

Name of the Vulnerable Software and Affected Versions: juzaweb CMS versions up to 3.4.2 Description: A critical issue has been discovered, affecting an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. This leads to improper access controls, allowing for remote...

PT-2025-23441 · Unknown · Juzawebcms

Name of the Vulnerable Software and Affected Versions: juzaweb CMS versions up to 3.4.2 Description: A critical issue has been found in the Plugin Editor Page component, specifically affecting some unknown functionality of the file /admin-cp/plugin/editor. This issue leads to improper access...

PT-2025-23456 · Unknown · Juzawebcms

Name of the Vulnerable Software and Affected Versions: juzaweb CMS versions up to 3.4.2 Description: A critical issue was found in the juzaweb CMS, affecting an unknown functionality of the file /admin-cp/menus of the component Menu Page. This leads to improper access controls, allowing remote...

CVE-2025-5359

A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /appointment-history.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-5384

A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation leads to sql injection. It is possible to initiate the attack remotely. This product takes the...