PT-2025-34605 · Mtons · Mtons Mblog

Name of the Vulnerable Software and Affected Versions: mtons mblog versions through 3.5.0 Description: A flaw has been found in mtons mblog. The vulnerability affects an unknown functionality of the file /settings/profile. Manipulation of the argument signature can lead to cross-site scripting. T...

CVE-2025-9394 PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

CVE-2025-9394

PoDoFo 1.1.0-dev is affected by CVE-2025-9394 in the PdfTokenizer::DetermineDataType function within PdfTokenizer.cpp (PDF Dictionary Parser). The issue enables a use-after-free condition that can be triggered by manipulating the file locally, with the exploit already published. A patch/commit to...

CVE-2025-9298

A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2025-9246

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function checkportconflict of the file /goform/checkportconflict. Executing manipulation of the argument singleportrule/portrangerule can lea...

CVE-2025-9235

A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compoundevents.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2025-9193

A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open redirect. The attack may be performed from a remote location. The exploit has been published and...

CVE-2025-9307

A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument sesssion causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2025-9307

The CVE refers to PHPGurukul Online Course Registration 3.1 with a SQL injection in the /admin/session.php file, through manipulation of the sesssion argument. This vulnerability is exploitable remotely, and published exploits exist. Multiple sources (NVD, Red Hat, CNVD, CNNVD, CVE List) confirm ...

CVE-2025-9262 wong2 mcp-cli oAuth provider.js redirectToAuthorization os command injection

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...

CVE-2025-9262

The CVE-2025-9262 case concerns wong2 mcp-cli v1.13.0, where the redirectToAuthorization function in /src/oauth/provider.js within the oAuth Handler enables OS command injection. The vulnerability allows remote initiation, with high attack complexity and an exploit published and potentially usabl...

CVE-2025-9262 wong2 mcp-cli oAuth provider.js redirectToAuthorization os command injection

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...

CVE-2025-9246

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function checkportconflict of the file /goform/checkportconflict. Executing manipulation of the argument singleportrule/portrangerule can lea...

CVE-2025-9246

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function checkportconflict of the file /goform/checkportconflict. Executing manipulation of the argument singleportrule/portrangerule can lea...

CVE-2025-9246 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 check_port_conflict stack-based overflow

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function checkportconflict of the file /goform/checkportconflict. Executing manipulation of the argument singleportrule/portrangerule can lea...

CVE-2025-9246 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 check_port_conflict stack-based overflow

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function checkportconflict of the file /goform/checkportconflict. Executing manipulation of the argument singleportrule/portrangerule can lea...

CVE-2025-9235

CVE-2025-9235 affects Scada-LTS up to 2.7.8.1, where manipulation of the Name parameter in the file compound_events.shtm causes cross-site scripting. The vulnerability can be exploited remotely, and an exploit/public PoC has been published. Root cause: improper handling of the Name argument in th...

CVE-2025-9235 Scada-LTS compound_events.shtm cross site scripting

A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compoundevents.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2025-9104

A flaw has been found in Portabilis i-Diario up to 1.5.0. The affected element is an unknown function of the file /planos-de-aulas-por-disciplina/ of the component Informações Adicionais Page. This manipulation of the argument Parecer/Objeto de Conhecimento/Habilidades causes cross site scripting...

PT-2025-34137 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS versions prior to 2.7.8.2 Description: A flaw has been found in Scada-LTS. The impacted element is an unknown function of the file compound events.shtm. Manipulation of the argument Name causes cross site scripting. The attack is...