CVE-2025-9422

CVE-2025-9422 affects oitcode Samarium up to version 0.9.6, specifically the Team Image Handler component in the /dashboard/team path. The vulnerability enables cross-site scripting (XSS) and may be triggered remotely; exploitation is publicly known. Multiple sources corroborate the issue but do ...

CVE-2025-9416 oitcode samarium Pages Image webpage cross site scripting

A security flaw has been discovered in oitcode samarium up to 0.9.6. This vulnerability affects unknown code of the file /cms/webpage/ of the component Pages Image Handler. The manipulation results in cross site scripting. The attack may be performed from a remote location. The exploit has been...

CVE-2025-9402

A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carri...

CVE-2025-9399

A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/Ltool.php. The manipulation of the argument newurl results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. The vendo...

CVE-2025-9393

Affected devices: Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 (firmware variants 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, 1.2.07.001). The vulnerability is a stack-based overflow in addStaProfile (/goform/addStaProfile) triggered by manipulating arguments profile_name, Ssid...

CVE-2025-9391 Bjskzy Zhiyou ERP com.artery.workflow.ServiceImpl getFieldValue sql injection

A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made...

CVE-2025-9387

A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ipblock.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate...

CVE-2025-9387 DCN DCME-720 Web Management Backend ip_block.php os command injection

A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ipblock.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate...

PT-2025-34576

Name of the Vulnerable Software and Affected Versions: YiFang CMS versions up to 2.0.5 Description: A security issue has been identified in YiFang CMS. The exportInstallTable function within the app/utils/base/database/Migrate.php file is susceptible to information disclosure. This issue can be...

PT-2025-34556

Name of the Vulnerable Software and Affected Versions: FNKvision Y215 CCTV Camera version 10.194.120.40 Description: A security issue has been identified in FNKvision Y215 CCTV Camera. The crypt function within the /etc/passwd file utilizes a weak hash, potentially allowing for local privilege...

CVE-2025-9361

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function ipRangeBlockManageRule of the file /goform/ipRangeBlockManageRule. Performing manipulation of the argument...

CVE-2025-9361 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 ipRangeBlockManageRule stack-based overflow

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function ipRangeBlockManageRule of the file /goform/ipRangeBlockManageRule. Performing manipulation of the argument...

CVE-2025-9355 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 scheduleAdd stack-based overflow

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function scheduleAdd of the file /goform/scheduleAdd. Performing manipulation of the argument ruleName results in...

PT-2025-34238 · Sourcecodester · Itsourcecode Advanced School Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Advanced School Management System version 1.0 Description: A cross-site scripting issue exists in SourceCodester Advanced School Management System 1.0. The issue is located in an unknown function within the...

CVE-2025-9245

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the argument ssid results in stack-based...

CVE-2025-9245

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the argument ssid results in stack-based...

CVE-2025-9245 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 WPSSTAPINEnr stack-based overflow

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the argument ssid results in stack-based...

CVE-2025-9236 Portabilis i-Educar Tipos de usuàrio educar_tipo_usuario_lst.php sql injection

A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educartipousuariolst.php of the component Tipos de usuàrio Page. Such manipulation of the argument nmtipo/descrição leads to sql injection. The attack may be performed from a...

CVE-2025-9234

The CVE-2025-9234 issue affects Scada-LTS prior to 2.7.8.2. The vulnerability is a cross-site scripting (XSS) flaw arising from improper handling of the Alias parameter in maintenance_events.shtm, allowing remote attacker-controlled input to be executed in users’ browsers. Multiple sources confir...

CVE-2025-9176

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...