Tp-Link Archer AX53 v1.0 Openvpn configuration restore client_disconnect OS command injection vulnerability

Talos Vulnerability Report TALOS-2025-2307 Tp-Link Archer AX53 v1.0 Openvpn configuration restore clientdisconnect OS command injection vulnerability May 7, 2026 CVE Number CVE-2026-30815 SUMMARY An os command injection vulnerability exists in the Openvpn configuration restore clientdisconnect...

PT-2025-43898

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A SQL injection issue exists in CodeAstro Gym Management System 1.0. The issue is located in an unknown functionality of the file /admin/actions/check-attendance.php. Manipulation of the ...

CVE-2025-9880

The Side Slide Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

PT-2025-33064 · Code Projects · Job Diary

Name of the Vulnerable Software and Affected Versions: code-projects Job Diary version 1.0 Description: A SQL injection issue exists in code-projects Job Diary 1.0. The vulnerability affects an unknown functionality within the /user-apply.php file. Manipulation of the job title argument can lead ...

CVE-2025-0200

A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /user/searchnum.php. The manipulation of the argument search leads to sql injection. The attack can...

PT-2024-17774 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A problem has been found in the file / email.php, affecting an unknown functionality. The manipulation of the email argument leads to cross-site scripting. The attack can be launched...

PT-2024-36449 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL Injection issue was found in the /admin/delete event.php endpoint, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized database access via the...

PT-2024-34515 · Kia · Kia Seltos

Name of the Vulnerable Software and Affected Versions: KIA Seltos vehicle instrument cluster version 1.0 Description: An issue in the KIA Seltos vehicle instrument cluster allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus. The findings are dispute...

PT-2024-33024 · Hanzhou Haobo · Hanzhou Haobo Network Management System

Name of the Vulnerable Software and Affected Versions: Hanzhou Haobo network management system version 1.0 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via a crafted script. Recommendations: For Hanzhou Haobo network management system version 1.0, at the...

WordPress R Animated Icon Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software R Animated Icon Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9272 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 86573cca9217 Credits Francesco Carlucci Required...

WordPress Simple Headline Rotator Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simple Headline Rotator Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7860 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 30c399c6a90f Credits Daniel Ruf...

Kashipara Music Management System 安全漏洞

Kashipara Music Management System is a music management system from Kashipara. Kashipara Music Management System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the search parameter of /music/ajax.php?action=findmusic against external SQL input,...

PT-2024-38560 · Sourcecodester · Sourcecodester Clinics Patient Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 1.0 Description: A vulnerability was found in the system, classified as problematic, affecting an unknown part of the file /update medicine.php. The manipulation of the medicine name...

PT-2024-37943 · Sourcecodester · Sourcecodester Record Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Record Management System version 1.0 Description: A critical issue was found in the file sort user.php, where the manipulation of the sort argument leads to SQL injection. The attack can be launched remotely. Recommendations: F...

Event Registration System SQL注入漏洞

Event Registration System is a QR code based event registration system by Carlo Montero Personal Developer. An SQL injection vulnerability exists in Event Registration System version 1.0, which originates from the presence of an unknown function in /registrar/ that causes SQL injection via the...

PT-2024-33051 · Unknown · School Erp Pro+Responsive

Name of the Vulnerable Software and Affected Versions: School ERP Pro+Responsive version 1.0 Description: The issue allows SQL injection through the "/SchoolERP/office admin/" index in parameters such as groups id, examname, classes id, es voucherid, es class, etc. This could enable a remote...

WordPress Search Keyword Redirect Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Search Keyword Redirect Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32080 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9a5522e4a000 Credits Sharanabasappa Required privilege...

WordPress idbbee Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software idbbee Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5114 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5bc71d675255 Credits István Márton Required privilege...

WordPress Zyrex Popup Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Zyrex Popup Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0924 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 902b3bcce78c Credits Yogesh Verma Required privilege Administrator...

PT-2023-17372 · Unknown · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical vulnerability has been found in the SourceCodester Online Computer and Laptop Store, affecting the file /classes/Master.php?f=save category. The manipulation ...