262 matches found
CVE-2025-11327
The CVE-2025-11327 entry concerns Tenda AC18 (version 15.03.05.19(6318)). A stack-based buffer overflow is triggered via /goform/SetUpnpCfg by manipulating the upnpEn argument. Public exploit information exists and suggests remote exploitation is possible. Connected sources corroborate a vulnerab...
CVE-2025-11289
A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cro...
CVE-2025-11286 samanhappy MCPHub MCPRouter Service serverController.ts server-side request forgery
A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of the argument baseUrl causes server-side request forgery. The attack may be initiated remotely. Th...
EUVD-2024-34246
Malicious code in bioql PyPI...
EUVD-2025-24986
Malicious code in bioql PyPI...
EUVD-2025-29834
Malicious code in bioql PyPI...
EUVD-2025-28727
Malicious code in bioql PyPI...
EUVD-2025-28837
Malicious code in bioql PyPI...
EUVD-2025-29123
Malicious code in bioql PyPI...
EUVD-2025-30794
Malicious code in bioql PyPI...
EUVD-2025-28240
Malicious code in bioql PyPI...
CVE-2025-11139
A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUpdater. This manipulation of the argument filepath causes path traversal. Remote exploitation of the attack is possible. The exploit has...
PT-2025-39806
Name of the Vulnerable Software and Affected Versions mirweiye wenkucms versions up to 3.4 Description A flaw exists that allows for remote operating system command injection. This occurs due to manipulation of the createPathOne function within the app/common/common.php file. The exploit has been...
CVE-2025-11075 Campcodes Online Learning Management System de_activate.php sql injection
A vulnerability has been found in Campcodes Online Learning Management System 1.0. This affects an unknown function of the file /admin/deactivate.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and...
CVE-2025-11048
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly...
CVE-2025-11041
A vulnerability has been found in itsourcecode Open Source Job Portal 1.0. Affected by this issue is some unknown functionality of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit h...
CVE-2025-10812
A vulnerability has been found in code-projects Hostel Management System 1.0. This impacts an unknown function of the file /justines/admin/modamenities/index.php?view=view. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2025-10828
A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/edit.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly an...
CVE-2025-10814
A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated remotely. The exploit has been publicly...
CVE-2025-10814 D-Link DIR-823X goahead command injection
A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated remotely. The exploit has been publicly...