PT-2025-38346

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-stb-cbq 19 Description A flaw exists in the DRM framework where a double disable condition can occur if user space issues an extra screen update immediately after closing the DRM device while the downstrea...

CVE-2025-57452

The CVE-2025-57452 entry affects the realme BackupRestore app, version 15.1.12_2810c08_250314, due to improper URI scheme handling in the component com.coloros.pc.PcToolMainActivity. This vulnerability could allow local attackers to trigger a crash and potential cross-site scripting (XSS) via cra...

Arbitrary Command Injection

Overview mcp-kubernetes-server is a The mcp-kubernetes-server is a Model Context Protocol MCP server that enables AI assistants to interact with Kubernetes clusters. It serves as a bridge between AI tools like Claude, Cursor, and GitHub Copilot and Kubernetes, translating natural language request...

CVE-2025-10103

A weakness has been identified in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /home.php. Executing manipulation of the argument mainevent can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the...

CVE-2025-10103

CVE-2025-10103 affects code-projects Online Event Judging System 1.0. The vulnerability is a SQL injection in the /home.php file caused by manipulation of the main_event argument, potentially exploitable remotely. Multiple connected sources confirm this issue and note that the exploit has been pu...

CVE-2025-10093

A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgimain of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The explo...

PT-2025-36463

Name of the Vulnerable Software and Affected Versions: D-Link DIR-852 versions up to 1.00CN B09 Description: A vulnerability exists in D-Link DIR-852 that allows for information disclosure. The vulnerability is located in the phpcgi main function of the /getcfg.php file within the Device...

PT-2025-36499

Name of the Vulnerable Software and Affected Versions: code-projects Online Event Judging System version 1.0 Description: A weakness exists in code-projects Online Event Judging System 1.0. The issue impacts an unknown function of the file /home.php. Manipulation of the main event argument can le...

CVE-2025-36893

In ReadTachyonCommands of gxpmainactor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-9921

A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown function of the file /main/products.php. This manipulation of the argument productcode/genname/productname/supplier causes cross site scripting. The attack can be initiated remotely. The exploit has be...

CVE-2025-36893

In ReadTachyonCommands of gxpmainactor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

vim xxd xxd.c main buffer overflow

...

CVE-2025-36893

CVE-2025-36893 describes a local information-disclosure vulnerability due to uninitialized data in ReadTachyonCommands within gxp_main_actor.cc. The issue can leak information with no additional execution privileges and no user interaction required. Affected component: the gxp main actor’s ReadTa...

PT-2025-35876

Name of the Vulnerable Software and Affected Versions: gxp versions affected versions not specified Description: An information leak may occur due to uninitialized data in the ReadTachyonCommands function within gxp main actor.cc. This could lead to local information disclosure without requiring...

CVE-2025-9921

A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown function of the file /main/products.php. This manipulation of the argument productcode/genname/productname/supplier causes cross site scripting. The attack can be initiated remotely. The exploit has be...

CVE-2025-9752

A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgimain of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been...

PT-2025-35803

Name of the Vulnerable Software and Affected Versions: code-projects POS Pharmacy System version 1.0 Description: A weakness exists in code-projects POS Pharmacy System 1.0, potentially leading to cross-site scripting. The issue is related to the manipulation of the product code, gen name, produc...

CVE-2025-9752

A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgimain of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been...

CVE-2025-9752 D-Link DIR-852 SOAP Service soap.cgi soapcgi_main os command injection

A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgimain of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been...

CVE-2025-9752 D-Link DIR-852 SOAP Service soap.cgi soapcgi_main os command injection

A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgimain of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been...