EUVD-2025-34879

A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The...

CVE-2025-11647

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...

EUVD-2025-33955

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File causes unrestricted upload. Remote...

CVE-2025-11659

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File causes unrestricted upload. Remote...

PT-2025-41748

Name of the Vulnerable Software and Affected Versions ProjectsAndPrograms School Management System versions prior to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 Description A security issue exists in ProjectsAndPrograms School Management System related to unrestricted file upload. This is due to...

CVE-2025-11647

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...

CVE-2025-11647 Tomofun Furbo 360/Furbo Mini GATT Service information disclosure

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...

CVE-2025-11609

A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...

EUVD-2025-33883

A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inventory Handler. This manipulation of the argument productcode causes sql injection. It is possible...

PT-2025-41706

Name of the Vulnerable Software and Affected Versions jimit105 Project-Online-Shopping-Website versions up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64 Description A flaw exists in the Product Inventory Handler component of jimit105 Project-Online-Shopping-Website. The issue involves a SQL injecti...

PT-2025-41735

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A flaw exists in Tomofun Furbo 360 and Furbo Mini related to the processing of the GATT Service component. Manipulation of the...

CVE-2025-11609

A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...

CVE-2025-11609 code-projects Hospital Management System express-session hard-coded key

A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...

CVE-2025-11603

A vulnerability was found in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /editproduct.php. The manipulation of the argument Category results in sql injection. The attack may be launched remotely. The exploit has been made public and could be...

CVE-2025-11593

A flaw has been found in CodeAstro Gym Management System 1.0. This vulnerability affects unknown code of the file /admin/actions/delete-equipment.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

PT-2025-41640

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A flaw exists in CodeAstro Gym Management System 1.0. The issue is related to SQL injection within the file /admin/actions/delete-equipment.php. Manipulation of the ID argument can trigge...

PT-2025-41695

Name of the Vulnerable Software and Affected Versions code-projects Hospital Management System version 1.0 Description A flaw exists in the session function of the express-session component in code-projects Hospital Management System version 1.0. This issue involves manipulation of the secret...

EUVD-2025-33774

A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-11583

A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

PT-2025-41593

Name of the Vulnerable Software and Affected Versions code-projects Online Job Search Engine version 1.0 Description A flaw exists in code-projects Online Job Search Engine version 1.0, specifically within the /postjob.php file. Manipulation of the txtjobID parameter can lead to SQL injection. Th...