PT-2025-38662

Name of the Vulnerable Software and Affected Versions h2oai h2o-3 versions through 3.46.08 Description A flaw exists in h2oai h2o-3, specifically in an unknown function within the /99/ImportSQLTable file of the IBMDB2 JDBC Driver component. Manipulation of the connection url argument can lead to...

PT-2025-38655

Name of the Vulnerable Software and Affected Versions Harness version 3.3.0 Description A flaw exists in Harness that impacts the LookupRepo function within the app/api/controller/gitspace/lookup repo.go file. Manipulation of the url argument can lead to server-side request forgery, potentially...

CVE-2025-10716 Creality Cloud App com.cxsw.sdprinter AndroidManifest.xml improper export of android application components

A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cxsw.sdprinter. Executing manipulation can lead to improper export of android application components. It is possible ...

PT-2025-38539

Name of the Vulnerable Software and Affected Versions Creality Cloud App versions up to 6.1.0 Description A flaw has been found in Creality Cloud App for Android. The vulnerability is due to improper export of android application components within the AndroidManifest.xml file of the...

CVE-2025-10626

A flaw has been found in SourceCodester Online Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /admin/updates3.php. This manipulation of the argument credits causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2025-10626

A flaw has been found in SourceCodester Online Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /admin/updates3.php. This manipulation of the argument credits causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2025-10600

A flaw has been found in SourceCodester Online Exam Form Submission 1.0. This impacts an unknown function of the file /register.php. This manipulation of the argument img causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2025-10448

A flaw has been found in Campcodes Online Job Finder System 1.0. This affects an unknown function of the file /index.php?q=result=bycompany. This manipulation of the argument Search causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

PT-2025-38154

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Student File Management System version 1.0 Description: A SQL injection flaw exists in the /admin/delete student.php file due to manipulation of the stud id argument. This issue is remotely exploitable. The exploit has...

CVE-2025-10483

A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/saveuser.php. This manipulation of the argument firstname causes sql injection. The attack is possible to be carried out remotely. The...

CVE-2025-10366

A flaw has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/inc.setWlanIpMail.php. This manipulation of the argument Email address causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be...

PT-2025-37442

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Grading System version 1.0 Description: A flaw exists in the SourceCodester Student Grading System that may allow for SQL injection. The issue affects unknown code within the /update account.php file. Manipulation of th...

CVE-2025-10330

A flaw has been found in cdevroe unmark up to 1.9.3. This vulnerability affects unknown code of the file application/views/layouts/topbar/searchform.php. This manipulation of the argument q causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published...

CVE-2025-10321

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /liveonline.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about...

PT-2025-37404

Name of the Vulnerable Software and Affected Versions: miurla morphic versions prior to 0.4.5 Description: A flaw has been found in miurla morphic. This impacts the fetchHtml function of the file /api/advanced-search of the component HTTP Status Code 3xx Handler, causing server-side request...

PT-2025-37419

Name of the Vulnerable Software and Affected Versions: PHPGurukul Beauty Parlour Management System version 1.1 Description: A SQL injection issue exists in PHPGurukul Beauty Parlour Management System version 1.1. The issue is located in the /admin/readenq.php file, within an unknown function...

CVE-2025-10330 cdevroe unmark searchform.php cross site scripting

A flaw has been found in cdevroe unmark up to 1.9.3. This vulnerability affects unknown code of the file application/views/layouts/topbar/searchform.php. This manipulation of the argument q causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published...

CVE-2025-10330

CVE-2025-10330 targets the Unmark (cdevroe) open-source to-do app. A cross-site scripting vulnerability arises from lack of input filtering/escaping in the parameter q of the file application/views/layouts/topbar/searchform.php, affecting Unmark versions up to 1.9.3. Remote exploitation is possib...

CVE-2025-10321

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /liveonline.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about...

CVE-2025-10321 Wavlink WL-WN578W2 live_online.shtml information disclosure

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /liveonline.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about...