EUVD-2025-26606

Malicious code in bioql PyPI...

EUVD-2025-30841

Malicious code in bioql PyPI...

EUVD-2025-28737

Malicious code in bioql PyPI...

CVE-2025-10707 JeecgBoot sendMsg improper authorization

A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be...

CVE-2025-5005

A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/indexevent.php. The manipulation of the argument corpurl results in server-side request forgery. The attack can be launched...

PT-2025-35472

Name of the Vulnerable Software and Affected Versions: RemoteClinic versions prior to 2.1 Description: A vulnerability allows for unrestricted file upload via manipulation of the image argument in the /staff/edit.php file. The attack can be initiated remotely. The exploit is publicly available...

CVE-2025-9750 Campcodes Online Learning Management System login.php sql injection

A security flaw has been discovered in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit has been...

GE Vernova CIMPLICITY

RISK EVALUATION Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...

CVE-2025-8997

OpenText Enterprise Security Manager has an Information Exposure vulnerability (CVE-2025-8997). The issue is described as remotely exploitable with network access, enabling disclosure of information and affecting confidentiality (high impact per CVSS: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/SC:N/V...

PT-2025-34596 · Opentext · Opentext Enterprise Security Manager

Name of the Vulnerable Software and Affected Versions: OpenText Enterprise Security Manager affected versions not specified Description: An information exposure issue exists in OpenText Enterprise Security Manager. The issue is remotely exploitable. Recommendations: At the moment, there is no...

PT-2025-34670 · Opentext · Opentext Enterprise Security Manager

Name of the Vulnerable Software and Affected Versions: OpenText Enterprise Security Manager affected versions not specified Description: A Stored Cross-Site Scripting XSS vulnerability exists in OpenText Enterprise Security Manager. The vulnerability is remotely exploitable. Recommendations: At t...

Rockwell Automation 1756-EN4TR, 1756-EN4TRXT (Update B)

RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker causing a denial of service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...

Rockwell Automation FactoryTalk Viewpoint

RISK EVALUATION Successful exploitation of this vulnerability could result in full privilege escalation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...

CVE-2025-8926

The CVE-2025-8926 vulnerability affects SourceCodester COVID 19 Testing Management System 1.0, specifically the /login.php endpoint where the Username parameter is susceptible to SQL injection. Publicly disclosed exploits enable remote exploitation, potentially compromising confidentiality, integ...

CVE-2025-8335

A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-8227

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The...

PT-2025-30094 · Tenda · Tenda Fh451

Name of the Vulnerable Software and Affected Versions: Tenda FH451 version 1.0.0.9 Description: A critical vulnerability exists due to a stack-based buffer overflow in the fromPptpUserSetting function within the /goform/PPTPUserSetting file. The vulnerability is triggered by manipulating the deln...

CVE-2025-7607

A vulnerability, which was classified as critical, has been found in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Customers/saveorder.php. The manipulation of the argument orderprice leads to sql injection. The attack may be initiated remotely. T...

PT-2025-29093 · NetGear · Netgear R6400

Name of the Vulnerable Software and Affected Versions: Netgear D6400 version 1.0.0.114 Description: A critical vulnerability exists in the diag.cgi file of the Netgear D6400. Manipulation of the host name argument can lead to os command injection. This issue is remotely exploitable. The exploit h...

CVE-2025-6355

A vulnerability has been found in SourceCodester Online Hotel Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/execeditroom.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The...