PT-2025-34724 · Mtons · Mtons Mblog

Name of the Vulnerable Software and Affected Versions: mtons mblog versions up to 3.5.0 Description: A vulnerability exists in mtons mblog up to version 3.5.0 within the Admin Panel component. Manipulation of the Title argument in the /admin/post/list file can lead to cross-site scripting. The...

PT-2025-34726 · Unknown · 1000Projects Online Project Report Submission/Evaluation System

Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A cross site scripting issue exists in 1000projects Online Project Report Submission and Evaluation System version 1.0. Manipulation of the desc...

PT-2025-34745

Name of the Vulnerable Software and Affected Versions: SourceCodester Human Resource Information System version 1.0 Description: A vulnerability exists in SourceCodester Human Resource Information System 1.0, specifically within an unknown functionality of the /Superadmin...

PT-2025-34717 · Ruijie · Ruijie Ws7204-A

Name of the Vulnerable Software and Affected Versions: Ruijie WS7204-A version 2017.06.15 Description: A vulnerability exists in Ruijie WS7204-A 2017.06.15 related to os command injection. The issue is located in the file /itbox pi/branch import.php?a=branch list, where manipulation of the provin...

PT-2025-34716 · Campcodes · Campcodes Online Water Billing System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Water Billing System version 1.0 Description: A SQL injection issue exists in Campcodes Online Water Billing System 1.0 due to manipulation of the ID argument in the /editecex.php file. This allows for remote exploitation. Th...

PT-2025-34710 · Itsourcecode · Apartment Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection issue exists in itsourcecode Apartment Management System 1.0. The vulnerability is located in an unknown function within the /unit/addunit.php file. Manipulatio...

PT-2025-34713 · Itsourcecode · Apartment Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A flaw exists in itsourcecode Apartment Management System 1.0 that allows for SQL injection. The issue is located in the /floor/addfloor.php file, where manipulation of the hdn...

PT-2025-34576

Name of the Vulnerable Software and Affected Versions: YiFang CMS versions up to 2.0.5 Description: A security issue has been identified in YiFang CMS. The exportInstallTable function within the app/utils/base/database/Migrate.php file is susceptible to information disclosure. This issue can be...

PT-2025-34567 · Unknown · Bjskzy Zhiyou Erp

Name of the Vulnerable Software and Affected Versions: Bjskzy Zhiyou ERP versions prior to 11.1 Description: A weakness has been identified in Bjskzy Zhiyou ERP that allows for remote SQL injection. The issue is related to the manipulation of the sql argument within the getFieldValue function of...

PT-2025-34459 · Reolink · Reolink Smart 2K+ Plug-In Wi-Fi Video Doorbell

Name of the Vulnerable Software and Affected Versions: Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.4662 2503122283 Description: The device suffers from insecure permissions that allow attackers to arbitrarily change other users' passwords. This is achieved through...

PT-2025-34442 · D Link · Dir-619L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-619L version 2.06B01 Description: The D-Link DIR-619L device is susceptible to a buffer overflow issue in the formLanguageChange function through the nextPage parameter. Recommendations: Update to a newer, non-vulnerable version of...

PT-2025-34367 · Unknown · Mcsmanager

Name of the Vulnerable Software and Affected Versions: MCSManager version 10.5.3 Description: The MCSManager daemon process runs with root privileges by default. Sensitive data, including tokens and terminal content, is stored in a data directory accessible to all users. This allows unauthorized...

PT-2025-34223 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.5 Description: An incorrect access control issue exists in the /controller/PersonController.java component of jshERP version 3.5. This allows unauthorized attackers to obtain all information of the handler by executing the...

PT-2025-34222 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.5 Description: An incorrect access control issue exists in the controllerResourceController.java component of jshERP version 3.5. This allows unauthorized attackers to obtain all corresponding ID data by modifying the ID valu...

PT-2025-34212 · Tenda · Tenda M3

Name of the Vulnerable Software and Affected Versions: Tenda M3 version 1.0.0.12 Description: A vulnerability has been identified in the Tenda M3 device. The formGetMasterPassengerAnalyseData function within the /goform/getMasterPassengerAnalyseData file is susceptible to a stack-based buffer...

PT-2025-34232 · Sourcecodester · Online Bank Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Bank Management System version 1.0 Description: A weakness has been identified that allows for SQL injection. The issue impacts an unknown function within the /bank/show.php file. Manipulation of the ID argument can lead...

PT-2025-34214 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.19 multi TD01 Description: The Tenda AC15 router firmware contains a stack overflow issue. This occurs through the list parameter within the fromSetIpMacBind function. Recommendations: Update to a newer version of...

SUSE CVE-2025-9039

We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is...

GHSA-PR72-8FXW-XX22 Default Credentials in nginx-defender Configuration Files

Impact This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml, docker-compose.yml contain default credentials defaultpassword: "changemeplease", GFSECURITYADMINPASSWORD=admin123. If users deploy nginx-defender without changing these...

PT-2025-33841

Name of the Vulnerable Software and Affected Versions: AllSky version 2023.05.01 04 Description: A path traversal flaw exists in AllSky version 2023.05.01 04 that allows an unauthenticated attacker to create a webshell and achieve remote code execution. The issue is located in the /includes/save...