956 matches found
CVE-2025-11018
A flaw has been found in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown function of the file /sysRole/index.do/../../generalReport/download.do;usrlogout.do.do. Executing manipulation of the argument fileName can lead to path traversal. It is possible to launch...
CVE-2025-11050
Portabilis i-Educar (up to version 2.10) contains an improper authorization flaw that can be triggered by manipulating the /periodo-lancamento file. The issue allows remote exploitation and affects authentication/authorization checks, with exploit activity described in multiple sources. Remediati...
PT-2025-39723
Name of the Vulnerable Software and Affected Versions ProjectsAndPrograms School Management System version 1.0 Description A SQL injection issue exists in ProjectsAndPrograms School Management System version 1.0. The issue is located in the owner panel/fetch-data/select-students.php file,...
PT-2025-39708
Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.10 Description A flaw exists in Portabilis i-Educar up to version 2.10, related to improper authorization. The issue affects an unknown part of the file /periodo-lancamento. Manipulation of this file can le...
CVE-2025-10958
A flaw has been found in Wavlink NU516U1 M16U1V240425. Impacted is the function sub403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been publish...
CVE-2025-11031
A flaw has been found in DataTables up to 1.10.13. The affected element is an unknown function of the file /examples/resources/examples.php. This manipulation of the argument src causes path traversal. It is possible to initiate the attack remotely. The exploit has been published and may be used...
PT-2025-39482
Name of the Vulnerable Software and Affected Versions Open Babel versions through 3.1.1 Description A flaw exists in Open Babel, specifically within the ChemKinFormat::CheckSpecies function located in the /src/formats/chemkinformat.cpp file. This can lead to a heap-based buffer overflow when...
CVE-2025-10958
A flaw has been found in Wavlink NU516U1 M16U1V240425. Impacted is the function sub403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been publish...
CVE-2025-10958
A flaw has been found in Wavlink NU516U1 M16U1V240425. Impacted is the function sub403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been publish...
CVE-2025-10843
A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploi...
CVE-2025-10802
A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...
CVE-2025-10786
A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=deleteuser. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be us...
CVE-2025-10768
A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connectionurl causes deserialization. The attack may be initiated remotely. The exploit has been...
CVE-2025-10843
A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploi...
CVE-2025-10760
A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookuprepo.go. Executing manipulation of the argument url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been published and may be...
CVE-2025-10811
A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/modcomments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...
CVE-2025-10802
A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...
PT-2025-39064
Name of the Vulnerable Software and Affected Versions code-projects Hostel Management System version 1.0 Description A flaw exists in code-projects Hostel Management System 1.0 that allows for SQL injection. Manipulation of the ID argument in the file '/justines/admin/mod...
PT-2025-39088
Name of the Vulnerable Software and Affected Versions fuyang lipengjun platform version 1.0 Description An improper authorization issue exists in the TopicCategoryController function within the /topiccategory/queryAll file of the fuyang lipengjun platform. This allows for remote attacks. The...
CVE-2025-10768
A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connectionurl causes deserialization. The attack may be initiated remotely. The exploit has been...