EUVD-2025-203118

A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This affects an unknown part of the file /goform/formWebAuthGlobalConfig. Performing manipulation of the argument hidcontact results in memory corruption. Remote exploitation of the attack is possible. The exploit has been made public a...

PT-2025-50961

A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read audio data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project...

PT-2025-50570

A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function show debug screen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...

CVE-2025-14230

A vulnerability was detected in code-projects Daily Time Recording System 4.5.0. The impacted element is an unknown function of the file /admin/addpayroll.php. Performing manipulation of the argument detailId results in sql injection. The attack can be initiated remotely. The exploit is now publi...

CVE-2025-14211

A vulnerability was detected in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /deletebook.php. Performing a manipulation of the argument bookid results in sql injection. The attack may be initiated remotely. The exploi...

CVE-2025-14256

A vulnerability was detected in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /newcurriculm.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used...

CVE-2025-14133

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function APgetwirelessclientlistsetClientsName of the file modform.so. Performing manipulation of the argument...

CVE-2025-14224

A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public an...

CVE-2025-14221 SourceCodester Online Banking System page cross site scripting

A vulnerability was detected in SourceCodester Online Banking System 1.0. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used...

EUVD-2025-201664

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

EUVD-2025-201658

A vulnerability was detected in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /deletebook.php. Performing manipulation of the argument bookid results in sql injection. The attack may be initiated remotely. The exploit ...

PT-2025-49553

Name of the Vulnerable Software and Affected Versions Simple Shopping Cart version 1.0 Description A flaw exists in Simple Shopping Cart 1.0 that allows for SQL injection. The issue is located in the /Customers/settings.php file, specifically when manipulating the user id argument. Remote...

EUVD-2025-201607

A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub44de0 of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public...

EUVD-2025-201600

A vulnerability was detected in Chanjet CRM up to 20251121. Affected is an unknown function of the file /tools/jxfdumptabledemo.php. The manipulation of the argument gblOrgID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. The vendor w...

EUVD-2025-201592

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...

CVE-2025-14093

A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulation of the argument host results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. Th...

EUVD-2025-201546

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function APgetwirelessclientlistsetClientsName of the file modform.so. Performing manipulation of the argument...

PT-2025-49329

Name of the Vulnerable Software and Affected Versions fit2cloud Halo version 2.21.10 Description A cross-site request forgery issue exists in fit2cloud Halo version 2.21.10. The issue is related to an unknown function. The attack can be initiated remotely and the exploit has been publicly...

EUVD-2025-201426

A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function updateaccount of the file /api/admin/updateaccount/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is public...

CVE-2025-13877 nocobase JWT Service jwt-service.ts hard-coded key

A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument APIKEY results in use of hard-coded cryptographic key . T...