CVE-2025-11050

A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /periodo-lancamento. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been published and may be used...

CVE-2025-11136

A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit h...

CVE-2025-11123 Tenda AC18 saveAutoQos stack-based overflow

A flaw has been found in Tenda AC18 15.03.05.19. This impacts an unknown function of the file /goform/saveAutoQos. This manipulation of the argument enable causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used...

CVE-2025-11105

A flaw has been found in code-projects Simple Scheduling System 1.0. This affects an unknown part of the file /schedulingsystem/addsubject.php. This manipulation of the argument subcode causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be...

CVE-2025-11105 code-projects Simple Scheduling System addsubject.php sql injection

A flaw has been found in code-projects Simple Scheduling System 1.0. This affects an unknown part of the file /schedulingsystem/addsubject.php. This manipulation of the argument subcode causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be...

PT-2025-39758

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the processing of the /goform/diag traceroute file within D-Link DIR-823X version 250416. Manipulation of the target addr argument can lead to command injection, allowing for remote...

PT-2025-39785

Name of the Vulnerable Software and Affected Versions CodeAstro Online Leave Application version 1.0 Description A flaw exists in CodeAstro Online Leave Application 1.0 related to an unknown functionality within the /leaveAplicationForm.php file. Manipulation of the absence argument can lead to S...

UBUNTU-CVE-2025-11082

A flaw has been found in GNU Binutils 2.45. Impacted is the function bfdelfparseehframe of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be use...

CVE-2025-11074

A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

CVE-2025-11074

Affected software: code-projects Project Monitoring System 1.0. Vulnerability: SQL injection in the login.php file caused by unsafe handling of username/password inputs, enabling remote exploitation. Root cause/condition: Manipulation of the parameters in /login.php leads to SQL injection; exploi...

CVE-2025-11018

A flaw has been found in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown function of the file /sysRole/index.do/../../generalReport/download.do;usrlogout.do.do. Executing manipulation of the argument fileName can lead to path traversal. It is possible to launch...

CVE-2025-11050

Portabilis i-Educar (up to version 2.10) contains an improper authorization flaw that can be triggered by manipulating the /periodo-lancamento file. The issue allows remote exploitation and affects authentication/authorization checks, with exploit activity described in multiple sources. Remediati...

PT-2025-39708

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.10 Description A flaw exists in Portabilis i-Educar up to version 2.10, related to improper authorization. The issue affects an unknown part of the file /periodo-lancamento. Manipulation of this file can le...

PT-2025-39723

Name of the Vulnerable Software and Affected Versions ProjectsAndPrograms School Management System version 1.0 Description A SQL injection issue exists in ProjectsAndPrograms School Management System version 1.0. The issue is located in the owner panel/fetch-data/select-students.php file,...

CVE-2025-10958

A flaw has been found in Wavlink NU516U1 M16U1V240425. Impacted is the function sub403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been publish...

CVE-2025-11031

A flaw has been found in DataTables up to 1.10.13. The affected element is an unknown function of the file /examples/resources/examples.php. This manipulation of the argument src causes path traversal. It is possible to initiate the attack remotely. The exploit has been published and may be used...

PT-2025-39482

Name of the Vulnerable Software and Affected Versions Open Babel versions through 3.1.1 Description A flaw exists in Open Babel, specifically within the ChemKinFormat::CheckSpecies function located in the /src/formats/chemkinformat.cpp file. This can lead to a heap-based buffer overflow when...

CVE-2025-10958

A flaw has been found in Wavlink NU516U1 M16U1V240425. Impacted is the function sub403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been publish...

CVE-2025-10958

A flaw has been found in Wavlink NU516U1 M16U1V240425. Impacted is the function sub403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been publish...

CVE-2025-10843

A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploi...