CVE-2025-5365

A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely...

PT-2025-23369 · Sourcecodester · Sourcecodester Php Display Username After Login

Name of the Vulnerable Software and Affected Versions: SourceCodester PHP Display Username After Login version 1.0 Description: A critical vulnerability has been found in the software. The issue affects an unknown function of the file /login.php. Manipulation of the Username argument leads to SQL...

The vulnerability in the web interface of the software for automating application deployment by IBM UrbanCode Deploy (UCD) allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the software web interface for IBM UrbanCode Deploy UCD automation of application releases is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

PT-2025-23176 · Aimhubio · Aimhubio Aim

Name of the Vulnerable Software and Affected Versions: aimhubio versions up to 3.29.1 Description: A critical issue was found in the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run view Object Handler. The manipulation of the argument Query leads to a sandbox...

PT-2025-23188 · Fossasia · Open-Event-Server

Name of the Vulnerable Software and Affected Versions: fossasia open-event-server version 1.19.1 Description: A problematic issue has been found in the Mail Verification Handler component, specifically affecting the send email change user email function. This issue leads to reliance on obfuscatio...

PT-2025-23198 · Zhilink · Zhilink Adp Application Developer Platform

Name of the Vulnerable Software and Affected Versions: Zhilink ADP Application Developer Platform version 1.0.0 Description: A critical vulnerability has been found in the Zhilink ADP Application Developer Platform, affecting an unknown functionality of the file...

CVE-2025-5217

CVE-2025-5217 affects FreeFloat FTP Server 1.0.0. The vulnerability lies in the RMDIR Command Handler, where input length validation allows a buffer overflow. The issue is exploitable remotely, and public disclosure of the exploit is noted in the sources. Public details in connected documents con...

PT-2025-22982 · Weidmueller · Ie-Sw-Pl10M-3Gt-7Tx +12

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force...

PT-2025-22935 · Unknown · 1000 Projects Daily College Class Work Report Book

Name of the Vulnerable Software and Affected Versions: 1000 Projects Daily College Class Work Report Book version 1.0 Description: A critical vulnerability has been found in the software. The issue affects an unknown function of the file /dcwr entry.php. Manipulation of the Date argument leads to...

CVE-2025-5145

A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the file /www/cgi-bin/ of the component Query String Handler. The manipulation leads to command...

CVE-2025-5136

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

CVE-2025-5052

A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component LS Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the publi...

CVE-2025-5109

FreeFloat FTP Server 1.0 contains a buffer overflow in the STATUS Command Handler component. The vulnerability arises from incorrect boundary checking in that handler, enabling remote exploitation. Publicly disclosed exploit details exist, indicating potential remote abuse. No patch/version fix i...

CVE-2025-5107

CVE-2025-5107 affects Fujian Kelixun 1.0, with a SQL injection in /app/xml_cdr/xml_cdr_details.php triggered by the uuid parameter. The vulnerability can be exploited remotely (no user interaction, no privileges required) and can impact confidentiality, integrity, and availability. Multiple sourc...

CVE-2025-5105

A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component Service Port 7777. The manipulation leads to improper clearing of heap memory before release. The attack may be launched remotely. The exploit h...

CVE-2025-0945

A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file typedelete.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...

CVE-2025-0625

A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The...

CVE-2024-7105

A vulnerability classified as critical has been found in ForIP Tecnologia Administração PABX 1.x. Affected is an unknown function of the file /detalheIdUra of the component Lista Ura Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. Th...

CVE-2024-7197

A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/managecomplaint.php. The manipulation of the argument id leads to sql injection. The attack may be launched...

CVE-2024-5100

A vulnerability was found in SourceCodester Simple Inventory System 1.0. It has been classified as critical. This affects an unknown part of the file tableedit.php. The manipulation of the argument from/to leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...