EUVD-2025-201546

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function APgetwirelessclientlistsetClientsName of the file modform.so. Performing manipulation of the argument...

PT-2025-49329

Name of the Vulnerable Software and Affected Versions fit2cloud Halo version 2.21.10 Description A cross-site request forgery issue exists in fit2cloud Halo version 2.21.10. The issue is related to an unknown function. The attack can be initiated remotely and the exploit has been publicly...

EUVD-2025-201426

A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function updateaccount of the file /api/admin/updateaccount/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is public...

CVE-2025-13877 nocobase JWT Service jwt-service.ts hard-coded key

A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument APIKEY results in use of hard-coded cryptographic key . T...

CVE-2025-13797

A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdelswifimac of the file /sendorder.cgi. Performing manipulation of the argument delswifimac results in command injection. The attack is possible to be carried out remotely. The exploit is...

PT-2025-48710

Name of the Vulnerable Software and Affected Versions nocobase versions 1.9.4 and 2.0.0-alpha.37 Description A security issue exists in nocobase that allows for remote attacks with high complexity and difficult exploitability. The issue involves the manipulation of the API KEY argument within an...

CVE-2025-13786

A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...

CVE-2025-13782

A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the function delete of the file application/Admin/Controller/SlideController.class.php of the component SlideController. The manipulation of the argument ids leads to sql...

JLSEC-2025-320 A vulnerability classified as problematic was found in libtiff 4.6.0

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PSLvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity ...

CVE-2025-13555

A vulnerability was detected in Campcodes School File Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument studno results in sql injection. The attack can be initiated remotely. The exploit is now public an...

CVE-2025-13579 code-projects Library System return.php sql injection

A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

PT-2025-47874

A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2025-13560

A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

PT-2025-47843

Name of the Vulnerable Software and Affected Versions D-Link DIR-822K versions 1.00 20250513164613 and 1.1.50 D-Link DWR-M920 versions 1.00 20250513164613 and 1.1.50 Description A buffer overflow issue exists in D-Link DIR-822K and DWR-M920 routers. The issue is located in an unknown function...

PT-2025-47837

Name of the Vulnerable Software and Affected Versions ashraf-kabir travel-agency versions prior to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 Description A security issue exists in ashraf-kabir travel-agency. The manipulation of the edit pack argument in the /admin area/index.php file leads to SQL...

PT-2025-47841

Name of the Vulnerable Software and Affected Versions D-Link DIR-822K version 1.00 Description A buffer overflow issue exists in the function sub 455524 of the file /boafrm/formNtp. Manipulation of the submit-url argument can trigger this issue, potentially allowing for remote exploitation. The...

EUVD-2025-198254

A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results in improper access controls. Remote exploitation of the attack is possible. The exploit is now...

CVE-2025-13287

A weakness has been identified in itsourcecode Online Voting System 1.0. This affects an unknown function of the file /index.php?page=categories. Executing manipulation of the argument id/category can lead to sql injection. The attack can be executed remotely. The exploit has been made available ...

EUVD-2025-197792

A vulnerability was found in code-projects Nero Social Networking Site 1.0. The affected element is an unknown function of the file /profilefriends.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and...

EUVD-2025-197753

A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapskcrypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used...