CVE-2025-55075

Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker...

CVE-2025-10618 itsourcecode Online Clinic Management System transact.php sql injection

A security vulnerability has been detected in itsourcecode Online Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file transact.php. Such manipulation of the argument firstname leads to sql injection. The attack may be launched remotely. The exploit has...

CVE-2025-55075

Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker...

CVE-2025-55075

Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker...

CVE-2025-55075

Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker...

CVE-2025-55075

CVE-2025-55075 affects I-O DATA WN-7D36QR and WN-7D36QR/UE. A hidden functionality issue may allow a remote authenticated attacker to enable SSH. Impact is that SSH could be enabled remotely (no user interaction required). The issue is exploitable over the network with privileges required as High...

PT-2025-38106

Name of the Vulnerable Software and Affected Versions: WN-7D36QR WN-7D36QR/UE Description: A hidden functionality issue exists that may allow a remote authenticated attacker to enable SSH access. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

Use of Low-Level Functionality

Overview Affected versions of this package are vulnerable to Use of Low-Level Functionality through improper validation of user-supplied input. An attacker can execute arbitrary code or compromise user data by enticing a victim to visit a malicious website. Remediation Upgrade thunderbird to...

Use of Low-Level Functionality

Overview Affected versions of this package are vulnerable to Use of Low-Level Functionality through improper validation of user-supplied input. An attacker can execute arbitrary code or compromise user data by enticing a victim to visit a malicious website. Remediation Upgrade Firefox to version...

Microsoft MapUrlToZone 安全漏洞

Microsoft MapUrlToZone is a lightweight console application written in C++ by Microsoft Corporation USA. A security vulnerability exists in Microsoft MapUrlToZone. An attacker exploiting this vulnerability could bypass certain functionality. The following products and versions are affected:Window...

CVE-2025-9515

The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1.7.25. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...

CVE-2025-9515

The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1.7.25. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...

CVE-2025-9515

The CVE-2025-9515 entry concerns the WordPress plugin Multi Step Form . Affected versions are all prior to and including 1.7.25 . The root cause is missing file-type validation in the import functionality, allowing authenticated users with Administrator-level access to upload arbitrary files on t...

CVE-2025-9788

A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/adminclass.php. Executing manipulation of the argument idno can lead to sql injection. The attack can be launched remotely. Th...

CVE-2025-9922

A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Such manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has bee...

CVE-2025-9833

A vulnerability was detected in SourceCodester Online Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/login.php. Performing manipulation of the argument uname results in sql injection. It is possible to initiate the attack remotely. The...

CVE-2025-9726

A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /review.php. The manipulation of the argument pid results in sql injection. The attack may be launched remotely. The exploit has been released to the...

CVE-2025-9717

A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xorganizationassemblecontrol/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelNa...

CVE-2025-55580

SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting XSS issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed in version 2.3.8...

CVE-2025-9425

A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /enquiry.php. Performing manipulation of the argument pid results in sql injection. The attack is possible to be carried out remotely...