CVE-2025-12616 PHPGurukul News Portal settings.py insertion of sensitive information into debugging code

A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexi...

CVE-2025-12611

A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly...

CVE-2025-12288

A vulnerability was detected in Bdtask Pharmacy Management System up to 9.4. Affected is an unknown function of the file /user/edituser/ of the component User Profile Handler. Performing manipulation results in authorization bypass. Remote exploitation of the attack is possible. The exploit is no...

CVE-2025-12232

A vulnerability was detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public...

CVE-2025-12235

A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The exploit has been made public and could be...

CVE-2025-12212

A weakness has been identified in Tenda O3 1.0.0.102478. This affects the function SetValue/GetValue of the file /goform/setNetworkService. This manipulation of the argument upnpEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the...

EUVD-2025-36425

A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/autopost/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpDi...

CVE-2025-12334 code-projects E-Commerce Website product_add.php cross site scripting

A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/productadd.php. The manipulation of the argument prodname/proddesc/prodcost results in cross site scripting. It is possible to launch the attack remotely. The exploit has been mad...

CVE-2025-12297 atjiu pybbs UserApiController.java information disclosure

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-12283 code-projects Client Details System authorization

A security flaw has been discovered in code-projects Client Details System 1.0. The impacted element is an unknown function. The manipulation results in authorization bypass. The attack can be launched remotely. The exploit has been released to the public and may be exploited...

CVE-2025-12241

A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the atta...

CVE-2025-12241

TOTOLINK A3300R (firmware 17.0.0cu.557_B20221024) contains a stack-based buffer overflow in the POST Parameter Handler’s setLanguageCfg (parameter lang) in /cgi-bin/cstecgi.cgi. The issue allows remote code execution and remote impact with high severity (per CVE-2025-12241 descriptions across NVD...

CVE-2025-12235 Tenda CH22 SetIpBind fromSetIpBind buffer overflow

A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The exploit has been made public and could be...

CVE-2025-12235

CVE-2025-12235 affects Tenda CH22 v1.0.0.1. The fromSetIpBind function in /goform/SetIpBind is vulnerable to a buffer overflow when the page argument is manipulated, requiring local-network access to exploit. Public exploits exist. Impact cited includes arbitrary code execution and DoS. Remediati...

CVE-2025-12226 SourceCodester Best House Rental Management System admin_class.php save_house sql injection

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function savehouse of the file /adminclass.php. Performing manipulation of the argument houseno results in sql injection. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2025-12208

SourceCodester Best House Rental Management System 1.0 is affected by a SQL injection in the login2 function of /admin_class.php, caused by improper handling of the Username argument. The vulnerability allows remote exploitation, and public proof-of-concept exploits exist. Red Hat/EUVD/NVD refere...

CVE-2025-12199

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent...

EUVD-2025-36060

A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this vulnerability is the function checkservers of the file src/network.c of the component Config File Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been mad...

CVE-2025-12199

DNSmasq vulnerability CVE-2025-12199 (connected sources: SUSE/Red Hat/OSV/Ubuntu etc.) indicates a null pointer dereference in the Config File Handler, specifically in the check_servers function within src/network.c. Affected versions are reported as up to 2.73rc6. The issue is described as local...

PT-2025-43909

Name of the Vulnerable Software and Affected Versions OpenWGA version 7.11.12 Build 737 Description A security issue exists in OpenWGA that allows for cross site scripting. The issue impacts an unknown function within the Admin UI component and can be initiated remotely. The exploit for this issu...