5655 matches found
CVE-2025-4159
CVE-2025-4159 affects PCMan FTP Server up to 2.0.7. The GLOB Command Handler allows a remote buffer overflow leading to arbitrary code execution or DoS. Exploitation information is publicly disclosed. Some sources (PT-2025-18377) recommend disabling the GLOB Command Handler until a fix is availab...
CVE-2025-4157
A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/booking-details.php. The manipulation of the argument Status leads to sql injection. The attack may be initiated remotely. The exploit has been...
PT-2025-18366 · Unknown · Phpgurukul Online Birth Certificate System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Birth Certificate System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Online Birth Certificate System. The issue is related to an unknown function of the file...
CVE-2025-4142
A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub3C8EC. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but di...
CVE-2025-2170
A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location...
PT-2025-18169 · Unknown · Scriptandtools Online-Travling-System
Name of the Vulnerable Software and Affected Versions: ScriptAndTools Online-Travling-System version 1.0 Description: A critical vulnerability has been found in the software, affecting an unknown function of the file /admin/viewpackage.php. This leads to improper access controls, allowing for...
CVE-2025-4020
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely. The exploit has...
CVE-2025-4019
A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Affected is the function genCode of the file novel-admin/src/main/java/com/java2nb/common/controller/GeneratorController.java. The manipulation leads to missing...
CVE-2025-4019
The CVE-2025-4019 entry concerns Novel-Plus (versions from 20120630 up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160). The flaw is in the GeneratorController.java, specifically the genCode function, where manipulation leads to missing authentication. This enables a remote attacker to exploit the vu...
CVE-2025-3960 withstars Books-Management-System Background Interface allreaders.html authorization
A vulnerability was found in withstars Books-Management-System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /allreaders.html of the component Background Interface. The manipulation leads to missing authorization. The attack may be launched...
PT-2025-17982 · Withstars · Books-Management-System
Name of the Vulnerable Software and Affected Versions: withstars Books-Management-System version 1.0 Description: A vulnerability was found in the withstars Books-Management-System. It has been classified as problematic and affects an unknown function of the file /book edit do.html of the compone...
PT-2025-17989 · Unknown · Withstars Books-Management-System
Name of the Vulnerable Software and Affected Versions: withstars Books-Management-System version 1.0 Description: A critical issue has been found in the Background Interface of the withstars Books-Management-System, affecting the file /admin/article/list. This issue leads to missing authorization...
CVE-2025-3726
A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component CD Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the publi...
CVE-2025-3850
A vulnerability, which was classified as problematic, has been found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This issue affects some unknown processing of the component API. The manipulation leads to improper authentication. The attack may be initiated remotely. The complexity of an attack is...
CVE-2025-3799 WCMS AnonymousController.php sql injection
A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-3569
A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ShiroConfig.java. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been...
CVE-2025-3567
A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper...
CVE-2025-3692
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=saveproduct. The manipulation leads to cross site scripting. The attack can be launched...
CVE-2025-3682 PCMan FTP Server PASV Command buffer overflow
A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. This affects an unknown part of the component PASV Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...
CVE-2025-3675
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513. It has been rated as critical. Affected by this issue is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been...