CVE-2025-10321 Wavlink WL-WN578W2 live_online.shtml information disclosure

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /liveonline.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about...

PT-2025-37287

Name of the Vulnerable Software and Affected Versions: roncoo-pay affected versions not specified Description: A vulnerability exists in roncoo-pay that allows for improper authentication. The issue is related to manipulation of an unknown function within the /user/info/list file. This allows for...

PT-2025-37280

Name of the Vulnerable Software and Affected Versions: YunaiV ruoyi-vue-pro versions prior to 2025.09 Description: A flaw exists in YunaiV ruoyi-vue-pro that allows for improper authorization. The issue is related to the manipulation of the ids/newOwnerUserId argument within an unknown function o...

PT-2025-37339

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A flaw has been found in Wavlink WL-WN578W2 221110. Exploitation of a manipulation vulnerability in the /live online.shtml file’s unknown function can lead to information disclosure. The attack c...

CVE-2025-10172

A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affects some unknown processing of the file /goform/formPictureUrl. Executing manipulation of the argument importpictureurl can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be...

CVE-2025-5500

A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulation causes improper export of android application components. The attack requires local access. T...

PT-2025-37107

Name of the Vulnerable Software and Affected Versions: Scada-LTS versions prior to 2.7.8.2 Description: A flaw exists in Scada-LTS’s Reports Module due to cross-site scripting. The issue stems from unknown processing of the file /reports.shtm and manipulation of the Colour argument. This...

CVE-2025-10105

A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

PT-2025-37101

Name of the Vulnerable Software and Affected Versions: ruoyi-go version 2.1 Description: A flaw exists in the SelectListPage function within the SysRoleDao.go file of the Background Management Page component. Manipulation of the sortName argument can lead to SQL injection. Remote exploitation is...

CVE-2025-10172

A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affects some unknown processing of the file /goform/formPictureUrl. Executing manipulation of the argument importpictureurl can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be...

CVE-2025-10172

CVE-2025-10172 affects UTT 750W firmware up to 3.2.2-191225. The vulnerability is a buffer overflow in the handling of the importpictureurl argument within the /goform/formPictureUrl endpoint. Exploitation can be performed remotely, with publicized exploits and a POI (proof-of-concept) status in ...

CVE-2025-5500

A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulation causes improper export of android application components. The attack requires local access. T...

PT-2025-37000

Name of the Vulnerable Software and Affected Versions: UTT 750W versions through 3.2.2-191225 Description: A buffer overflow issue exists due to the manipulation of the importpictureurl argument when processing the file /goform/formPictureUrl. This can be exploited remotely. Recommendations:...

CVE-2025-10090

A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be us...

CVE-2025-10090 Jinher OA GetTreeDate.aspx sql injection

A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be us...

CVE-2025-10081 SourceCodester Pet Management System profile.php unrestricted upload

A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument websiteimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be...

PT-2025-36429

Name of the Vulnerable Software and Affected Versions: SourceCodester Pet Management System version 1.0 Description: A flaw has been found that allows for unrestricted file upload. This occurs through manipulation of the website image argument in an unknown function of the /admin/profile.php file...

PT-2025-36505

Name of the Vulnerable Software and Affected Versions: yanyutao0402 ChanCMS versions through 3.3.1 Description: A SQL injection flaw exists in yanyutao0402 ChanCMS due to manipulation of the keyword argument in the /cms/article/search file. This issue can be exploited remotely. Recommendations: A...

CVE-2025-10070 Portabilis i-Educar enturmacao-em-lote access control

A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used...

PT-2025-36408

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Discussion Forum version 1.0 Description: A SQL injection issue exists in itsourcecode Online Discussion Forum version 1.0. The flaw is located in the file /admin/admin forum/add views.php and affects an unknown function...