CVE-2025-9176 neurobin shc Environment Variable shc.c make os command injection

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...

CVE-2025-9167

CVE-2025-9167 concerns SolidInvoice versions up to 2.4.0, affecting the Recurring Invoice Module’s /invoice/recurring code. The vulnerability is a stored/reflected-like cross-site scripting issue caused by manipulation of the client name argument, leading to script injection with potential remote...

CVE-2025-9156

The CVE-2025-9156 entry concerns itsourcecode Sports Management System 1.0. The issue is a SQL injection in /Admin/sports.php, triggered by manipulating the code parameter in an unknown function. Reports across multiple sources indicate remote exploitation is possible and that the exploit has bee...

CVE-2025-9134 AfterShip Package Tracker App com.aftership.AfterShip AndroidManifest.xml improper export of android application components

A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. T...

PT-2025-33886 · Unknown · Neurobin Shc

Name of the Vulnerable Software and Affected Versions: neurobin shc versions through 4.0.3 Description: A security flaw has been discovered in the Environment Variable Handler component of neurobin shc. The make function within the src/shc.c file is affected, resulting in operating system command...

PT-2025-33742 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A weakness exists in Scada-LTS 2.7.8.1 related to the manipulation of the Name argument in the publisher edit.shtm file, leading to cross-site scripting. The attack can be initiated remotely, and the...

PT-2025-33638 · Portabilis · Portabilis I-Diario

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions prior to 1.5.1 Description: A security flaw has been discovered in Portabilis i-Diario. The vulnerability affects an unknown functionality of the file /password/email within the Password Recovery Endpoint componen...

CVE-2025-8925

A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

CVE-2025-8923

A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-9052

Summary: CVE-2025-9052 affects projectworlds Travel Management System 1.0. A vulnerability exists in the /updatepackage.php file where manipulating the s1 parameter enables SQL injection. The issue is exploitable remotely, and public exploitation information is available. Multiple connected sourc...

CVE-2025-9046 Tenda AC20 setMacFilterCfg sub_46A2AC stack-based overflow

A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the...

PT-2025-33474 · Unknown · Online Medicine Guide

Name of the Vulnerable Software and Affected Versions: code-projects Online Medicine Guide version 1.0 Description: A vulnerability exists due to SQL injection. The issue is related to unknown processing of the file /adphar.php. Manipulation of the phuname argument leads to SQL injection and may ...

Linux Distros Unpatched Vulnerability : CVE-2025-2925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MMrealloc of the file src/H5MM.c. T...

CVE-2025-8978

A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

CVE-2025-8972 itsourcecode Online Tour and Travel Management System page-login.php sql injection

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-8966

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The attack may be initiated remotely. The exploit has been...

ALPINE-CVE-2025-8961

A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited...

CVE-2025-8957

CVE-2025-8957 affects Campcodes Online Flight Booking Management System 1.0. The vulnerability is an SQL injection in the file /flights.php via the departure_airport_id parameter. It can be exploited remotely, and public disclosures exist. Connected documents consistently describe the issue and i...

CVE-2025-8927

A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/sendcode of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The...

CVE-2025-8924

A vulnerability was identified in Campcodes Online Water Billing System 1.0. This issue affects some unknown processing of the file /viewbill.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may...