PT-2025-43892

Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1 Description A flaw exists in the fromDhcpListClient function within the /goform/DhcpListClient file. Manipulation of the page argument can lead to a buffer overflow. Remote exploitation is possible, and the exploit h...

PT-2025-43945

Name of the Vulnerable Software and Affected Versions LearnHouse affected versions not specified Description A flaw exists in LearnHouse related to the Image Handler component, leading to information disclosure. This issue can be exploited remotely. The exploit is publicly available. The vendor w...

PT-2025-43952

Name of the Vulnerable Software and Affected Versions code-projects Client Details System version 1.0 Description A security issue exists in code-projects Client Details System 1.0 related to the processing of the /update-clients.php file. Manipulation of this file can lead to cross site scriptin...

PT-2025-43897

Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description A flaw exists in TOTOLINK A3300R that allows for remote attacks. The issue is a stack-based buffer overflow within the setLanguageCfg function located in the /cgi-bin/cstecgi.cgi file,...

PT-2025-43963

Name of the Vulnerable Software and Affected Versions Bdtask Pharmacy Management System versions prior to 9.4 Description A flaw exists in Bdtask Pharmacy Management System that allows for authorization bypass. This occurs through manipulation of an unknown function within the /user/edit user/ fi...

PT-2025-43937

Name of the Vulnerable Software and Affected Versions LearnHouse versions prior to 98dfad76aad70711a8113f6c1fdabfccf10509ca Description A cross site scripting issue exists in LearnHouse. The issue is located in the Account Setting Page component, specifically within the file...

PT-2025-43893

Name of the Vulnerable Software and Affected Versions projectworlds Advanced Library Management System version 1.0 Description A flaw exists in projectworlds Advanced Library Management System that allows for remote code execution through SQL injection. Manipulation of the keywords argument withi...

CVE-2025-11938

A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing a manipulation of the argument DBPASSWORD/ROOTPATH/URL results in deserialization. The attack may be initiated remotely. The attack's complexity is rated as...

CVE-2025-11946

A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile results in cross site...

EUVD-2025-34936

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.do?Action=Query. The manipulation of the argument sortField results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

EUVD-2025-33912

A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have hig...

CVE-2025-11645

A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical...

CVE-2025-11592

A vulnerability was detected in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/edit-equipmentform.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

PT-2025-41699

Name of the Vulnerable Software and Affected Versions Simple Food Ordering System version 1.0 Description A flaw exists in Simple Food Ordering System 1.0, specifically within the /addcategory.php file. Manipulation of the cname argument can lead to SQL injection. This issue is remotely...

CVE-2025-11480

A vulnerability was detected in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /register.php. Performing manipulation of the argument registerusername results in sql injection. The attack is possible to be carried out remotely. The exploit ...

PT-2025-41592

Name of the Vulnerable Software and Affected Versions code-projects Online Job Search Engine version 1.0 Description A SQL injection issue exists in code-projects Online Job Search Engine 1.0. The flaw is located in the handling of the txtusername parameter within the /registration.php script...

CVE-2025-11558 code-projects E-Commerce Website user_index_search.php sql injection

A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/userindexsearch.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public a...

CVE-2025-11557 projectworlds Gate Pass Management System add-pass.php sql injection

A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of the argument fullname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the publ...

CVE-2025-11443

A weakness has been identified in JhumanJ OpnForm up to 1.9.3. This affects an unknown function of the file /api/password/email of the component Forgotten Password Handler. This manipulation causes information exposure through discrepancy. It is possible to initiate the attack remotely. The attac...

CVE-2025-11423

A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing a manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and...