CVE-2025-10420

CVE-2025-10420 affects SourceCodester Student Grading System 1.0; the vulnerability stems from manipulation of the ID parameter in /form137.php, enabling SQL injection. The issue is remote and publicly exploit, as reported across multiple sources. Root cause: unsafely constructed SQL queries usin...

CVE-2025-10392

The CVE-2025-10392 entry concerns Mercury KM08-708H GiGA WiFi Wave2 1.1.14. Affects the HTTP Header Handler component, where manipulating the Host argument causes a stack-based buffer overflow. The vulnerability is exploitable remotely, with exploit code publicly available. Documents indicate a C...

PT-2025-37397

Name of the Vulnerable Software and Affected Versions: Yida ECMS Consulting Enterprise Management System version 1.0 Description: A cross-site scripting issue exists in Yida ECMS Consulting Enterprise Management System 1.0. The vulnerability is located in the POST Request Handler component,...

CVE-2025-10368

A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/manageFilesFolders.php. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2025-10359

A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor wa...

PT-2025-37390

Name of the Vulnerable Software and Affected Versions: eCharge Hardy Barth Salia PLCC version 2.2.0 Description: A security flaw exists in eCharge Hardy Barth Salia PLCC 2.2.0 related to unrestricted upload. The issue affects processing of the file /api.php. Manipulation of the setrfidlist argume...

CVE-2025-10329

A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The...

CVE-2025-10320

A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some unknown processing of the file /admin/user/updatePwd. Performing manipulation results in weak password requirements. Remote exploitation of the attack is possible. A high degree of complexity is needed fo...

CVE-2025-10273

CVE-2025-10273 affects erjinzhi 10OA 1.0. A path traversal vulnerability exists in the /view/file.aspx handler caused by manipulation of the File argument. The exploit is publicly available; the vendor has not responded to disclosure. Several sources note no information about a fixed version or p...

CVE-2025-10271

A vulnerability was found in erjinzhi 10OA 1.0. This impacts an unknown function of the file /trial/mvc/finder. The manipulation of the argument Name results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was...

CVE-2025-10120

A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used...

CVE-2025-10171

A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the function sub453DC of the file /goform/formConfigApConfTemp. Performing manipulation results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. T...

CVE-2025-10122 Maccms10 Database.php rep sql injection

A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...

CVE-2025-10114

A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

PT-2025-36564

Name of the Vulnerable Software and Affected Versions: Maccms10 version 2025.1000.4050 Description: A SQL injection issue exists in the rep function of the application/admin/controller/Database.php file. Manipulation of the where argument can lead to SQL injection. The attack can be initiated...

CVE-2025-10108

A vulnerability was found in Campcodes Online Loan Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=deleteloan. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public an...

CVE-2025-10108 Campcodes Online Loan Management System ajax.php sql injection

A vulnerability was found in Campcodes Online Loan Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=deleteloan. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public an...

CVE-2025-10078

A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be use...

PT-2025-36446

Name of the Vulnerable Software and Affected Versions: SourceCodester Time Tracker version 1.0 Description: A cross-site scripting XSS vulnerability exists due to manipulation of the project-name argument. The vulnerability affects an unknown function within the /index.html file. The exploit is...

PT-2025-36426

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Polling System version 1.0 Description: A SQL injection issue exists in SourceCodester Online Polling System 1.0. Manipulation of the ID argument in the /admin/candidates.php file can lead to SQL injection. Remote...