PT-2025-36419

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar versions up to 2.10 related to improper access controls resulting from manipulation of file processing. The affected file is /matricula/ID...

CVE-2025-10032

A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /index.php. The manipulation of the argument page results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be us...

PT-2025-36371

Name of the Vulnerable Software and Affected Versions: Campcodes Grocery Sales and Inventory System version 1.0 Description: A cross site scripting issue exists in Campcodes Grocery Sales and Inventory System version 1.0. The issue is located in an unknown function of the file /index.php...

CVE-2025-9931

A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. The attack can be launched remotely. The exploi...

CVE-2025-10026

A vulnerability was found in itsourcecode POS Point of Sale System 1.0. Affected by this vulnerability is an unknown functionality of the file /inventory/main/vendors/datatables/unittesting/templates/-complexheader.php. The manipulation of the argument scripts results in cross site scripting. It ...

PT-2025-36325

Name of the Vulnerable Software and Affected Versions: itsourcecode POS Point of Sale System version 1.0 Description: A cross site scripting issue exists in itsourcecode POS Point of Sale System version 1.0. The vulnerability is located in an unknown functionality of the file...

CVE-2025-9829

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /signup.php. The manipulation of the argument mobilenumber leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly...

CVE-2025-9925 projectworlds Travel Management System detail.php sql injection

A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown processing of the file /detail.php. The manipulation of the argument pid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2025-9737

A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /xqueryassembledesigner/jaxrs/importmodel of the component Personal Profile Page. Performing manipulation of the argument description/applicationName/queryName results in cross site scripting. Remote...

PT-2025-35488

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R version 4.0.0-B20211108.1423 Description: A buffer overflow issue exists in the sub 4466F8 function of the /boafrm/formOneKeyAccessButton file. The vulnerability is triggered by manipulating the submit-url argument, allowing fo...

CVE-2025-9737

A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /xqueryassembledesigner/jaxrs/importmodel of the component Personal Profile Page. Performing manipulation of the argument description/applicationName/queryName results in cross site scripting. Remote...

PT-2025-35402

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar that allows for cross site scripting. The issue is related to the manipulation of the nm tipo argument within the file /intranet/educar tipo...

CVE-2025-9689

A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/stock/itemselect. The manipulation of the argument q results in sql injection. It is possible to launch the attack remotely. The exploit is now...

CVE-2025-9601

A vulnerability was detected in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employeesalarysetup.php. The manipulation of the argument ddlEmpName results in sql injection. The attack may be launched remotely. The exploit is now public and may be...

CVE-2025-9589 Cudy WR1200EA shadow default password

A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. The attack needs to be launched locally. A high complexity level is associated with this attack. The...

CVE-2025-9523

A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public an...

CVE-2025-9510 itsourcecode Apartment Management System addbranch.php sql injection

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /branch/addbranch.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...

PT-2025-34822

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A weakness has been identified in Campcodes Online Loan Management System 1.0. This impacts an unknown function of the file /ajax.php?action=save payment. Manipulation of the lo...

CVE-2025-9474

A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach...

PT-2025-34725 · Unknown · Mtons Mblog

Name of the Vulnerable Software and Affected Versions: mtons mblog versions up to 3.5.0 Description: A vulnerability exists in mtons mblog up to version 3.5.0. The issue is located in an unknown function within the /admin/user/list file of the Admin Panel component. Manipulation of the Name...