585 matches found
CVE-2025-4764
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection. This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...
PT-2026-3922
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...
CVE-2026-1196
A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. Such manipulation of the argument ID leads to information disclosure. It is possible to launch the attack remotely. The attack requires a high level of complexity...
MineAdmin has Incorrect Privilege Assignment
A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available a...
CVE-2026-1108 cijliu librtsp rtsp_rely_dumps buffer overflow
A security vulnerability has been detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The affected element is the function rtsprelydumps. The manipulation leads to buffer overflow. An attack has to be approached locally. This product is using a rolling release to provide...
CVE-2025-15500
A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...
CVE-2025-15493
Summary: RainyGao DocSys
CVE-2025-15456
A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authentication. The attack may be performed from remote. The exploit has been...
CVE-2025-15439 Daptin Aggregate API resource_aggregate.go goqu.L sql injection
A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resourceaggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be initiated remotely...
CVE-2025-15424
CVE-2025-15424 affects Yonyou KSOA 9.0, specifically an SQL injection in the HTTP GET parameter handler for the file /worksheet/agent_worksdel.jsp via manipulation of the ID argument. The vulnerability enables remote exploitation and has publicly available exploits/PoC. Multiple sources confirm t...
CVE-2025-15169
The CVE-2025-15169 entry concerns BiggiDroid Simple PHP CMS 1.0. Affected functionality is in /admin/editsite.php; manipulating the ID parameter can cause SQL injection. The issue is exploitable remotely and an exploit has been publicly released. Red Hat and other connected records corroborate th...
CVE-2025-15138
A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and...
CVE-2025-15137 TRENDnet TEW-800MB NTPSyncWithHost.cgi sub_F934 command injection
A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function subF934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was...
CVE-2025-15131 ZSPACE Z4Pro+ HTTP POST Request status zfilev2_api_SafeStatus command injection
A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2apiSafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made publ...
CVE-2025-15126 JeecgBoot getPositionUserList improper authorization
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The attack may be initiated remotely. The complexi...
EUVD-2025-205494
A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this...
PT-2025-53636
Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0 Description A flaw exists in JeecgBoot that allows information disclosure. The issue is related to the getDeptRoleByUserId function located in the /sys/sysDepartRole/getDeptRoleByUserId file. Manipulation of the...
EUVD-2025-205391
A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated...
CVE-2025-15083
A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks o...
CVE-2025-14702
A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit has been published and may be used. The...