PT-2026-32192

Name of the Vulnerable Software and Affected Versions Tenda F451 version 1.0.0.7 cn svn7958 Description A security flaw exists in the fromqossetting function of the /goform/qossetting file in Tenda F451 version 1.0.0.7 cn svn7958. Manipulation of the qos argument can lead to a stack-based buffer...

EUVD-2025-26159

Malicious code in bioql PyPI...

EUVD-2025-26174

Malicious code in bioql PyPI...

CVE-2025-10428 SourceCodester Pet Grooming Management Software Setting seo_setting.php unrestricted upload

A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/seosetting.php of the component Setting Handler. The manipulation of the argument websiteimage leads to unrestricted upload. The attack can be...

Apartment Management System /admin.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in ddlBranch, a parameter of the Setting Handler component in file...

Apartment Management System member_type_setup.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter txtMemberType in the file /setting/membertypesetup.php. An attack...

CVE-2025-9644

A vulnerability was determined in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/billsetup.php. Executing manipulation of the argument txtBillType can lead to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-9601

A vulnerability was detected in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employeesalarysetup.php. The manipulation of the argument ddlEmpName results in sql injection. The attack may be launched remotely. The exploit is now public and may be...

CVE-2025-9600 itsourcecode Apartment Management System member_type_setup.php sql injection

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/membertypesetup.php. The manipulation of the argument txtMemberType leads to sql injection. The attack may be initiated remotely. T...

CVE-2025-9598

CVE-2025-9598 affects itsourcecode Apartment Management System 1.0. The vulnerability is a SQL injection in the file /setting/year_setup.php, triggered by manipulating the txtXYear parameter. This allows remote exploitation and may lead to sensitive data disclosure or database manipulation, as in...

itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter txtGasBill in the file /setting/utilitybillsetup.php. An attacker can...

itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ddlEmpName in file /setting/employeesalarysetup.php. An attacker...

CVE-2025-9008

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/smssetting.php. The manipulation of the argument uname leads to sql injection. The attack may be initiated remotely. The exploit has been...

PT-2025-33439 · Itsourcecode · Itsourcecode Online Tour/Travel Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A vulnerability was identified in the processing of the file /admin/sms setting.php. Manipulation of the uname argument leads to a SQL injection. The attack may be...

CVE-2024-6471

A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management 1.0. This affects an unknown part of the file smssetting.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

PT-2024-32987 · Sourcecodester · Sourcecodester Open Source Clinic Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Open Source Clinic Management System version 1.0 Description: A critical issue has been found in the SourceCodester Open Source Clinic Management System, affecting an unknown functionality of the file setting.php. The...

flusity CMS Security Vulnerability

flusity CMS is a user interactive interface solution where code can be easily changed or added. A security vulnerability exists in flusity CMS version 2.33, which stems from an unrestricted upload of dangerously typed files allowed in updatesetting.php...

PT-2024-18040 · NetGear · Netgear R7000

Name of the Vulnerable Software and Affected Versions: Netgear R7000 version 1.0.11.136 10.2.120 Description: A vulnerability has been found in the Web Management Interface of the Netgear R7000, affecting an unknown functionality of the file /currentsetting.htm. This vulnerability leads to...

PT-2024-16789 · Openbi · Openbi

Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A critical issue affects the dlfile function of the file /application/websocket/controller/Setting.php. The manipulation of the argument phpPath leads to os command injection. The attack may be initiat...

PT-2023-32334 · Unknown · Codeastro Pos System

Name of the Vulnerable Software and Affected Versions: CodeAstro POS System version 1.0 Description: A critical issue affects some unknown functionality of the file /setting of the component Logo Handler, leading to unrestricted upload. The attack can be launched remotely. Recommendations: For...